Splunk Search

Community Activity

splunk result has fields unwanted Dear All, we have encountered one problem we designed a script to find out where the result is. 20110112_182817 re... by Anthony_Hou Path Finder in Splunk Search 11-14-2019 2 7	2	7
Creating a Conditional Field using Field Extraction Hey everyone, I am new to Splunk, and I need to create a new sourcetype along with field extractions. I am using re... by notimp47 New Member in Splunk Search 11-14-2019 0 4	0	4
subsearch not help I asked this earlier and the solution did not work, so I am asking again. I think I am really close... Basically wh... by mcbradford Contributor in Splunk Search 11-13-2019 0 4	0	4
Help with extract data from logs Hi I have logs of these events it contains requestID with some listType and in response it can contain requestID ... by tomas_maly New Member in Splunk Search 11-13-2019 0 1	0	1
print latest and values of status in an order. I have some this like this \|stats value(status) by time, id I want to print the latest time, values(status) in th... by sandeepmakkena Contributor in Splunk Search 11-13-2019 0 6	0	6
What will this query do? (This is a saved search running on cron *****) Hi Please help me understand what will this saved search do? index=os sourcetype=splunk_health_check \|eval value=del... by muizash Path Finder in Splunk Search 11-13-2019 0 2	0	2
Extracting filename from verbose message I am trying to write a splunk query to create a dashboard. I have message from where I need particular part as filen... by gravi Explorer in Splunk Search 11-13-2019 0 2	0	2
Data manipulation. Is this feasible ? Let's say I have a CSV with 2 columns So I have transactions count per day mentioned against the date.. Now I want to... by reverse Contributor in Splunk Search 11-13-2019 0 2	0	2
Timechart for a span=2hrs not splitting from 00:00 For example in the below search, when I try to perform timechart for span=2hrs, why it always takes from 23:00 of the... by vinaybandaru Path Finder in Splunk Search 11-13-2019 1 11	1	11
Conditional search Below is the log example. Fri Oct 11 20:01:48 2019: History was not closed with a proper agent termination after the ... by zzhao05 New Member in Splunk Search 11-13-2019 0 5	0	5
How do I find the time period when my events were in a particular state I am new to splunk and I am ingesting data from smart lights from my home into splunk, I want to create dashboard to ... by smucheli_splunk Splunk Employee in Splunk Search 11-13-2019 0 1	0	1
How to use a lookup after an inputlookup I can't get a search to work, the column I want to add with a lookup stays empty. The following example lookup I'm u... by atsin New Member in Splunk Search 11-13-2019 0 1	0	1
How to add different marker types for different lines in one chart? Hi, I have 3 lines in 1 chart (average, threshold, total_alarm) I would like to use different marker types for the 3 ... by bux187 New Member in Splunk Search 11-13-2019 0 1	0	1
Convert audit.log TTY data I'm sending my splunk server /var/log/audit.log data from each client machine (splunkforwarder). I have logging of TT... by cgkades Explorer in Splunk Search 11-13-2019 1 5	1	5
Search _internal for metrics from non-indexer instances Hi, I need to perform a search on forwarder data from the _internal index, but I need to exclude my indexers from th... by eden881 Path Finder in Splunk Search 11-13-2019 0 2	0	2
send job to background - resume after splunkd windows service restart? Hi, I have sent a query manually to the background as a job. It will run quite long since the disks are not the fast... by madingdisk Explorer in Splunk Search 11-13-2019 0 1	0	1
Not able to map 2 different type of events I have following below scenario Different stages of orders placed happens in below sequence order-process started -... by nilbak1 Communicator in Splunk Search 11-12-2019 0 3	0	3
Update search command string of search Manager by js i have an button that change the search command string, i want to update that string to "search" of searchManager and... by cuongnguyen112 Engager in Splunk Search 11-12-2019 0 1	0	1
count users who access the system only once per week or only 52 times per year Hi, I have user names in the field ContextUsername in index/ sourcetype index=otcs sourcetype=OtcsSummarytimings. To... by madingdisk Explorer in Splunk Search 11-12-2019 0 2	0	2
Parameters in script Hi, I have a script which needs parameters to be passed. I know that I can enroll the script in the input.conf file... by dbashyam Explorer in Splunk Search 11-12-2019 0 3	0	3
Calculating fields containing multiple values I have two fields that each contain the same number of multiple values. One contains epoch times for the start of an ... by kamryn Explorer in Splunk Search 11-12-2019 0 6	0	6
How do I divide my other results from one specific result? Currently I have index=* Name=rateA OR rateB OR rateC OR rateD OR rateE \| stats sum(Rate) as sumRate by _time, Name ... by sbentley_ea Explorer in Splunk Search 11-12-2019 0 3	0	3
How do I select a time frame for events? For the following search, I want to display the earliest and latest events within a duration of a year. However, I wa... by lmzheng Explorer in Splunk Search 11-12-2019 0 1	0	1
Append Column Header Field with Multivalues I need to show my table column header in below format. I need to get column name and static header under my column. ... by cchange Path Finder in Splunk Search 11-12-2019 0 4	0	4
eval condition help on manipulating a field which has multiple field values? I have an eval condition in my query as follows My_query \| eval object=host." (".id.")" \| table host object whic... by pavanae Builder in Splunk Search 11-12-2019 0 1	0	1