Splunk Search

Community Activity

Multi Field values into Single field value I need help in getting multiple field values into single field to compare it and get the match if any. For example, ... by kamaleshwar Explorer in Splunk Search 11-22-2019 0 5	0	5
SPLUNK BOOT The value of env var SPLUNK_OS_USER, "splunk", does not match any user on this system; Error: Success This command ... by dani9 Explorer in Splunk Search 11-21-2019 0 1	0	1
Bug? Custom drilldown cannot handle question mark Update: I found this question https://answers.splunk.com/answers/610037/my-search-string-is-truncated-after-a-questio... by yuanliu SplunkTrust in Splunk Search 11-21-2019 0 2	0	2
How to extract words and digits from a particular field Hello everyone, I am trying to extract strings containing SAMM #2222-A-1111 from other strings in a field named SA... by majek81 New Member in Splunk Search 11-21-2019 0 3	0	3
How to get a numeric field extracted I am trying to extract the "Time taken" from this field. 2019-11-20 09:38:22,157 INFO Time taken: 01:35:53.514 The... by Regleston New Member in Splunk Search 11-21-2019 0 3	0	3
Splunk querying nested log I have a log below and I want to get the value of Description under :- Calling Checklist1003 How do I do that ?? Me... by shwetamis Explorer in Splunk Search 11-21-2019 0 21	0	21
How to remove a duplicate from a lookup or only return one of the results? I am performing a lookup on a table that contains data that I don't manage and cannot change. The lookup is returning... by bmkaiser Explorer in Splunk Search 11-21-2019 2 5	2	5
Unable to extract value and receiving error message What am I doing wrong here?? index=du sourcetype="du:sbaservice-log" du_service="dugovt4.0" "ERROR=" \| rex field=_... by shwetamis Explorer in Splunk Search 11-21-2019 0 3	0	3
extract valued of a field Hi, we have client_id=tom. client_id=thomas, client_id=Jack, client_id=tom-new, client_id=tom_old.. so on like 100s ... by mmengu416 New Member in Splunk Search 11-21-2019 0 2	0	2
Dynamic multiple field and value extraction Hello together, i use splunk the version 7.2.4.2 and had the following issue by creating a dynamic field exctration.... by ronpestler1 Explorer in Splunk Search 11-21-2019 0 2	0	2
How to combine information to a list Hello, I have a query to get the following lines: element ID value temp (wanted) ABC 1 fal... by jenniferhao Explorer in Splunk Search 11-21-2019 0 1	0	1
Seeking help running excessive DNS queries report Hi Splunkers. I'm not very good with writing more complicated searches so I am seeking your help. I wrote a search to... by dharveynswccd Path Finder in Splunk Search 11-21-2019 0 6	0	6
How to join two events based on one common value? Hi, I have two different events of data : Event 1 = mail : id_mail : 1 title_mail : test mail_srv : host1 Event 2 ... by Naaba New Member in Splunk Search 11-21-2019 0 9	0	9
How do I get a unique count with my query? Below is a query that I am able to get a list of accounts, and the total times they each have been received. How can... by lyonsbm New Member in Splunk Search 11-21-2019 0 4	0	4
Table Different from Return Hello, I don't understand why the values in my \| table are different from the values in my \| return.... \| format comm... by genesiusj Builder in Splunk Search 11-21-2019 0 6	0	6
How do we clean our multi-site replication and search factor settings? On our cluster master I see the following - [clustering] .... mode = master multisite = true available_sites = site... by danielbb Motivator in Splunk Search 11-21-2019 0 1	0	1
Alert - Throttling is not working for search query Hi, I have a requirement. Please suggest how to proceed further. In the Alert need to run the search query for every ... by prsubramanian New Member in Splunk Search 11-21-2019 0 0	0	0
How to combine two fields with eval ? paymenttype RefunpaymentType DEBIT DEBIT GIFTCARD ... by monipinni Explorer in Splunk Search 11-21-2019 0 5	0	5
Restoring old data to Splunk Indexer Cluster Hi All, We have 7 indexers and they are in a cluster. Our hot and warm buckets are stored inside the local storage o... by shiv1593 Communicator in Splunk Search 11-21-2019 0 2	0	2
Convert epochtime to minutes Hi I need to Convert an #epoch time to #minutes any ideas please guys would be really grateful - Thanks by nwoolley Engager in Splunk Search 11-21-2019 0 2	0	2
Table keep last event by criteria Hi I've a question regarding stat or eventstat option last. I would like to keep the last "event" in a table with se... by erwanlebaron Engager in Splunk Search 11-21-2019 0 2	0	2
help on subsearch which works randomly Hi I use the search below what is strange is that sometimes it works fine and five minutes ago I can retrieve the fi... by jip31 Motivator in Splunk Search 11-21-2019 0 9	0	9
Splunk skips or delays indexing of the log file during the rotation occassionaly Hello Splunkers, I have an issue where Splunk some times skips to index the log file during the rotation or delays t... by ankithnageshshe Path Finder in Splunk Search 11-20-2019 1 15	1	15
lookup and index Hello, my research: index="dc_winaudit" host=IN1101D9 OR host=IN1101DA OR host=IN1101DB OR host="IN1101DC" OR host=... by numeroinconnu12 Path Finder in Splunk Search 11-20-2019 0 3	0	3
How to group and count similar field values Hi, Im looking for a way to group and count similar msg strings. I have the following set of data in an transaction ... by martineisenkoel New Member in Splunk Search 11-20-2019 0 3	0	3