Splunk Search

Community Activity

Extract fields from multiple events based off of min( id ) and max(id) by a common field. I would like to extract the time, did, and callerid from the event with the min(id) by apiid Additionally, extract ex... by fmatera Explorer in Splunk Search 11-11-2019 0 4	0	4
How to join two fields in a source with one field in another source? I have events from one source that look like: source=foo fieldA=100 source=foo fieldB=200 source=foo fieldA=300 fie... by justinnaldzin Engager in Splunk Search 11-11-2019 3 7	3	7
Storing spl in lookup Is it possible to store a search string in a lookup column, retrieve the content and run it as a search? For example:... by hoytn Explorer in Splunk Search 11-11-2019 0 2	0	2
double fields If Statements Hello Guys, i try to generate different fields using if 2. I would like to write a query which looks at the followi... by mklhs Path Finder in Splunk Search 11-11-2019 0 4	0	4
Create a filed from lookup data Hi, I would like to extract a field from lookup data, can i use below search for extraction \| inputlookup datafra... by raghu0463 Explorer in Splunk Search 11-11-2019 0 3	0	3
strptime conversion difficulty from a string Hello, I am having difficulty getting the strptime function to properly convert my date string into a usable and acc... by mdurdel New Member in Splunk Search 11-11-2019 0 3	0	3
Group by id. I have a query like this index=MyIndex \| stats values(status) as status by id, time \| dedup id,status ... by sandeepmakkena Contributor in Splunk Search 11-11-2019 0 3	0	3
highest - lowest in a row Date X Y Z XX Max Delta 10/1/2019 315 205 258 270 110 10/2/2019 293 194 235 247 99 10/3/2019 309 210... by reverse Contributor in Splunk Search 11-11-2019 0 5	0	5
Extracting a string of numbers from log file and tabulate the data I am trying to extract a string of numbers (6-8 digits) within a string. each of the string extracted/detected will b... by wyvivianho New Member in Splunk Search 11-11-2019 0 8	0	8
timechart for post for multiple web sites I have multiple web portals. portal= www.xyz.com, www.abc.com post_method = get \| post Now I want a timechart like ... by riqbal47010 Path Finder in Splunk Search 11-11-2019 0 3	0	3
Using Transaction Command more than once in the query My Query - index=abcd sourcetype=applog OR (sourcetype=nginx AND uri=/v1/abcd) \| transaction startswith="status=20... by vickyvishwa Explorer in Splunk Search 11-10-2019 0 1	0	1
Correlate across data models using a common field hi all, I have 2 accelerated data models defined, both having a common field (AccountId in one and account_id in ano... by krishnakesiraju Explorer in Splunk Search 11-10-2019 0 1	0	1
Help with join command that is not producing correct results Hi I have two searches search a : index=tech sourcetype=technical_rproxy_access OR sourcetype=technical_mule_api ... by madhuragujarath New Member in Splunk Search 11-10-2019 0 10	0	10
if multiple events at different time, only return most recent events based on a field Hi, I've got a search that returns me the following results: Basically, I would like to only keep the most recent ... by salt87 Engager in Splunk Search 11-10-2019 0 7	0	7
Minimum free space 32 bit I keep getting a message stating that I do not have enough space. I went to general settings to adjust the limitatio... by crystalkirkland New Member in Splunk Search 11-10-2019 0 5	0	5
How do I take specific information from Case ()? Hello, I am trying to take specific information after a eval function. How would I go about taking only the Chrome i... by lmzheng Explorer in Splunk Search 11-10-2019 0 5	0	5
How to fetch values from a string using rex command Hi, i have a field with values like AB101, I want to extract 101 separately into a new field by Puvi New Member in Splunk Search 11-10-2019 0 4	0	4
Splunk pie chart drilldown to show all values for slices, in timechart by default when page loads ? I have a pie chart drilldown wherein when I click on each slice, the drilldown panel shows the timechart for those ev... by pgadhari Builder in Splunk Search 11-10-2019 0 8	0	8
How to turn off parsing windows event json fields I am using Splunk universal forwarder to forward events from windows event log to Splunk. The event has data in JSON... by angshul Path Finder in Splunk Search 11-09-2019 0 3	0	3
How to compare two user lists and find number of distinct users who have successful/failed login events I need some help in formulating a complex search command. The requirement is to take one list (list2) of users and se... by adam_ali_syd New Member in Splunk Search 11-09-2019 0 3	0	3
Help with a nested search not returning any data I am running a nested search but does not return any data. However, when I run the search separately it does. The f... by lamelendrez Loves-to-Learn Lots in Splunk Search 11-09-2019 0 3	0	3
how to make column from Multivalues field Hi Splunker, Please find below the data of 2 events below where i have to change the result in tabular form.so that ... by m7787579 New Member in Splunk Search 11-09-2019 0 13	0	13
How to change column order created by chart I create a search: ...my search... \| chart values(duration) over TimeGap by Process The table shows duration used ... by halloweening New Member in Splunk Search 11-09-2019 0 2	0	2
How to Chart a value vs another value? (Not Time!) Possibly a stupid question but I've trying various things. If I google, all the results are people looking to chart v... by bellstephen41 New Member in Splunk Search 11-09-2019 0 4	0	4
How to update existing lookup csv I am sure someone must have achieved this I have an existing lookup table .It has 4 columns and it has values like b... by vikas_gopal Builder in Splunk Search 11-09-2019 0 6	0	6