Splunk Search

Community Activity

URLDecode and escaping unconvertable characters I've just run across an interesting issue with the use of urldecode: if the attempt to decode fails, the function ret... by aaalexander Engager in Splunk Search 11-14-2019 2 4	2	4
Compare the login IP of the last time or previous 7 days to find the abnormal login hello everyone. I have an alert requirement . an administort has login the device. I want to compare his current IP a... by bestSplunker Contributor in Splunk Search 11-14-2019 0 4	0	4
Rest command for Index Size Hi , I am using the below REST command to create 30+ indexes. But they are getting created with default size as 500 G... by rashi83 Path Finder in Splunk Search 11-14-2019 0 2	0	2
How to find spike in total count of a field? I'd like to be able to search for the following: 1) timechart over X days for the sum of the count of a field 2) spi... by jwalzerpitt Influencer in Splunk Search 11-14-2019 0 1	0	1
How many inputlookup files can be read in a splunk query Hi Splunkers, I have been given a requirement where I need to read more than 10k input lookup files to get some resu... by hanikawadhwa Explorer in Splunk Search 11-14-2019 0 2	0	2
How to match a lookup and a search over an index? I have a lookup table with all active server names and I want to validate which servers on this lists are running a s... by pstamati Path Finder in Splunk Search 11-14-2019 0 5	0	5
Please use Time Variables and derive strptime time variables for me. Some events have time as string as "Tue Jun 12 00:00:00 CDT 2018" and some have "Fri Nov 16 00:00:00 CST 2018" in END... by rajagurup New Member in Splunk Search 11-14-2019 0 3	0	3
How to assign subsearches to multiple fields and evaluate their additions/subtractions I have a base search and there are multiple events that I can find depending on some set of the subtstring. Let's say... by tunchi New Member in Splunk Search 11-14-2019 0 1	0	1
How to match index search results to CSV lookup I have a search that returns information about usernames and their IP, machine name, etc. I want to cross-reference a... by fdw New Member in Splunk Search 11-14-2019 0 2	0	2
Datamodels and Pivots VS. Lookups and Stats output I'm having trouble conceptually understanding what Datamodels and Pivots provide over just simple lookup tables and w... by thisissplunk Builder in Splunk Search 11-14-2019 1 1	1	1
How to create a search where a field value can equal any value from a specific column of a lookup table I am trying to create a search that returns events where a field's value equals any value from a specific column of a... by ccschulstad New Member in Splunk Search 11-14-2019 0 1	0	1
Data retention Where must the data retention be settled in indexer or in my case distributed environment in search head? Then seen t... by dani9 Explorer in Splunk Search 11-14-2019 0 6	0	6
Comment utilisez inputlookup et un index Bonjour à tous, Ci dessous ma recherche (pas très propre, je suis novice  ) Par contre j'ai une idée, j'ai regro... by numeroinconnu12 Path Finder in Splunk Search 11-14-2019 0 4	0	4
How to create an alert for multiple alerts (fires when too many of specific alerts are activated) Newbie here. I'm trying to set an alert that runs every 5 minutes and looks back over the past hour. It would trigger... by spluzer Communicator in Splunk Search 11-14-2019 0 4	0	4
How to verify if ignoreOlderThan is working or not ? Hi I have implemented ignoreOlderThan for 7 days , I want to verify it if its working or not ? Is their any query or ... by ram254481493 Explorer in Splunk Search 11-14-2019 0 10	0	10
XML validations Option "fields" is deprecated in my dashboard I am upgrading my Splunk version from 6.3 to the latest and seeing the XML validation issue in one of my dashboards. ... by nagendra008 Explorer in Splunk Search 11-14-2019 0 1	0	1
How to calculate time between these values? I have an event that has two fields. PROGRESS_START and PROGRESS_END. Both of these fields contain multiple values.... by kamryn Explorer in Splunk Search 11-14-2019 0 2	0	2
Can Splunk share memory data to different queries? Hello, Splunk experts, I have a very big raw data, and need to pass the different rules. For example: query1: index=... by jenniferhao Explorer in Splunk Search 11-14-2019 0 3	0	3
How to end a Rex search with mutiple characters or a string sub as } }? Sample data: { "active" : "Y“, “locationID" : 75942068, "existsFlag" : true, "manuallyUnarchived" : false, "pendingR... by ryanksplunkster Explorer in Splunk Search 11-14-2019 0 6	0	6
How can I extract a multi value field? We have a field called IP-Group. It can be empty or it would have this format - IP-Group={xxxx} {yyyy} {zzz}. Can I ... by danielbb Motivator in Splunk Search 11-14-2019 0 11	0	11
Query Help Hi, I am trying to search logs from specific source and with specific name and to search IP found in previous search... by gozdeyildiz New Member in Splunk Search 11-14-2019 0 1	0	1
Alternative to subsearch to search more than million entries Hi I have a sub search command which gives me the required results but is dead slow in doing so. I am having more tha... by gvreddy7 New Member in Splunk Search 11-14-2019 0 1	0	1
Ho to differentiate fields with same name but different values I have log messages that have same field names and i am trying to create a table for the dashboard My messages are: ... by gravi Explorer in Splunk Search 11-14-2019 0 1	0	1
Sub Searching multiple indexes and sourcetypes Hi team, I would like a little help with a query I am having difficulty with. The objective to leverage sub searchin... by jj39501 New Member in Splunk Search 11-14-2019 0 9	0	9
splunk result has fields unwanted Dear All, we have encountered one problem we designed a script to find out where the result is. 20110112_182817 re... by Anthony_Hou Path Finder in Splunk Search 11-14-2019 2 7	2	7