Splunk Search

Community Activity

How to break a multi-line event with regex, provided that the date and time containing the milliseconds changes only at the beginning of the line. Hi, I have the following log format, How can I break this multiline event, with the condition if the date is changed ... by leandromatperei Path Finder in Splunk Search 11-19-2019 0 4	0	4
rename the search results for multiple conditions Hello, I'm trying to rename query output and those are string values. expecting output for field MANAGER_NAME would b... by nagarajsf Explorer in Splunk Search 11-19-2019 0 5	0	5
Lookups load 500 times in one search Hi, the environment uses 170 lookups and during one single search, they get loaded exactly 500 times each wich sums... by misteraufziehvo New Member in Splunk Search 11-19-2019 0 4	0	4
is there a way to search who has access to an index? is there a way to search who has access to an index without having to dig thru the access controls, roles and users? ... by packet_hunter Contributor in Splunk Search 11-19-2019 1 3	1	3
Why are we getting message "waiting for queued job to start..." and search job takes 5 minutes to run? Hi, One of my customers received a "waiting for queued job to start" message today, and it then took about 5 minutes... by a212830 Champion in Splunk Search 11-18-2019 10 10	10	10
merging 2 fields based on a common 3 field in the same index I have an index with multiple fields that I have created using "Extract new fields". The following is the what my cur... by reddevilz Engager in Splunk Search 11-18-2019 0 1	0	1
How to calculate the Average Weighted as definition? Hello All I have been looking on the forum for a solution on how to calculate the average weighted. I see several op... by adamaso New Member in Splunk Search 11-18-2019 0 2	0	2
How to change format and then insert+combine them Hello. Could anyone help me out? I have a DoB string with the following format dob='2002-01-03' I would like to fo... by prot3ctor New Member in Splunk Search 11-18-2019 0 7	0	7
How to get a direct count of results which are over a certain amount? I've set up the following search with a count of events based on specific time frames over a week span: index=epacka... by mcram52 New Member in Splunk Search 11-18-2019 0 1	0	1
Timetable/Schedule is been given in lookup table, how to use it in splunk query Hi Splunkers, I am stuck in a situation where I have been provided an input lookup file containing operational hours... by hanikawadhwa Explorer in Splunk Search 11-18-2019 0 5	0	5
How to read different time slots from lookup table Hi splunkers, I have a situation to read different operational hours of same bin size for the last 3 days Scenario:... by hanikawadhwa Explorer in Splunk Search 11-18-2019 0 1	0	1
chart only display when event exist at day / day hour Hi how to display in chart only the days (or day & hour) when a „event“ (in my case speedtest results) is/are avail... by buzek Explorer in Splunk Search 11-18-2019 0 4	0	4
Why doesn't a > WHERE clause work when an = does? I cannot seem to get my search to return results when comparing a property with a greater than comparison even though... by 47024 New Member in Splunk Search 11-18-2019 0 6	0	6
Why does appendcols only show a fraction of overall search? index=* App=appA OR appB OR appC \| stats sum(Rate) as appSumRate by _time, App \| appendcols [ search index=* App=a... by sbentley_ea Explorer in Splunk Search 11-18-2019 1 2	1	2
How to customize the time range picker to only show "Date Range" as an option using XML? How do I customize the time range picker to only show "Date Range" as an option? using XML..... Ive read all the an... by onegame999 Explorer in Splunk Search 11-18-2019 0 1	0	1
finding root cause of exception from stack trace Hi, How can we show the root cause of any exception from the stack trace(if stack trace is available)? Currently wh... by prad18 Path Finder in Splunk Search 11-18-2019 0 6	0	6
Overwrite _time with field only shows all entries in timechart ignoring the timeframe selected Hi, I need to perform a timechart count for a particular field. The dates in the field aren't related to the timestam... by andimnf Explorer in Splunk Search 11-18-2019 0 10	0	10
Querying auth failures using ldapsearch and inputlookup Hello there, There are a couple of queries that I use to search for authentication failures on members of high-privi... by lbnsam New Member in Splunk Search 11-18-2019 0 3	0	3
merge search between 2 index We need to merge results from two indexes, I mean, I need any successfully login for users at the same time from two... by aalhabbash1 Path Finder in Splunk Search 11-18-2019 0 1	0	1
Get current user from Custom Search Command Hello Splunkers, I am developing an app containing a Custom Generating Search Command. (I think the Generating part ... by maxdouglas Engager in Splunk Search 11-18-2019 0 1	0	1
index growth in last 7 days Hi, Using below query now i am showing the trend of growth of one particular index for last 7 days. index=_intr... by surekhasplunk Communicator in Splunk Search 11-18-2019 0 2	0	2
UTF-8 searching not working in Splunk 8.0 Hi after upgrading to Splunk 8.0 our searches with UTF-8 characters failed to work. Why can't we search on data with... by MCG_RasmusToelh Engager in Splunk Search 11-18-2019 1 0	1	0
charting the percentage from more files based on value field Hello, I'm facing with a chart representation monthly based. Every month I receive 3 files like the follow: 01/10/2... by gballanti Explorer in Splunk Search 11-17-2019 0 2	0	2
Using the transforms.conf file to only forward events that match a regex. I've got a log file that get's 2 different event formats depending on if debugging is turned on. When debugging is tu... by JordanPeterson Path Finder in Splunk Search 11-17-2019 0 3	0	3
Contingency table using dictated column fields I am currently looking to make a table that shows how variables from 5 fields (the first five rows that splunk says h... by totho New Member in Splunk Search 11-17-2019 0 2	0	2