Splunk Search

Community Activity

Latest time and the corresponding raw data Hi, Can anyone help me how to get the latest time of an event and its corresponding raw logs(_raw). When i use stats ... by prettysunshinez Explorer in Splunk Search 11-06-2019 0 5	0	5
How to compare Column Chart with Line Chart? I need to show in a column chart the count for the top 5 destination hosts in proxy logs and above it a line of summe... by igschloessl Explorer in Splunk Search 11-06-2019 0 3	0	3
Search without join for multiple index Hi, I have a requirement where I have 2 Index, I want to display the raw data, Below is the query I tried but I am n... by vikashperiwal Path Finder in Splunk Search 11-06-2019 0 6	0	6
Matching patterns in multiple varieties of field values I have an index=os It has a field name os_description. This field has multiple versions/flavors of os mentioned in va... by mbasharat Builder in Splunk Search 11-06-2019 0 5	0	5
How come the comment "macro" is not working? I must be out of my mind. The comments built-in macro since version 6.5.0 gives me an error that it can't find the ma... by weidertc Contributor in Splunk Search 11-06-2019 1 8	1	8
does not appear in the field Hi all I have event like that. 2019-10-26 15:00:09.158, servicename="ROOT2", area="SCP", place="tokyo", path="AAA12... by nanachu Path Finder in Splunk Search 11-06-2019 0 4	0	4
Counting session IDs across multiple fields Hi all, brand new to splunk search syntax. I have a command like so: ... \| stats count by userAgent, browserVersion,... by benkeen Engager in Splunk Search 11-05-2019 0 2	0	2
How to select particular path using `where` ? I have the followinf query sourcetype="server" host=localqa \| stats count by Path \| rex field=Path "\/a... by JyotiP Path Finder in Splunk Search 11-05-2019 0 3	0	3
Inputlookup trend for 24hrs,7 days showing same graph Hi experts! Since I am new to Splunk, I understand that we cannot use a time chart with inputlookup(?). But I am usi... by gopiven Explorer in Splunk Search 11-05-2019 0 2	0	2
How to automate timechart for multiple users/fields? Greetings all, Noob here. I have the following timechart: index=fileshare user_login=john_doe@mycompany.com (event_... by mitsost Path Finder in Splunk Search 11-05-2019 1 19	1	19
How to pull stats to display etime, bind_id, conn, and the search_filter for any operation that takes longer than 20 seconds Hi all, I'm working with a sample log snippet below. The overall goal is to get stats about long-running operations. ... by justinsplunk_12 Explorer in Splunk Search 11-05-2019 1 7	1	7
a blank tab created after clicking "open in search" in specific dashboard panel while SPL is ~10K long We have a critical dashboard where users need to click on the magnifying glass to open up that search in a search win... by mchang_splunk Splunk Employee in Splunk Search 11-05-2019 0 1	0	1
Creating a query for Sankey diagram from log data I have a set of log data that is basically in this format: Event timestamp user 6 10/14/2019 1:29 Use... by rschuetzler Explorer in Splunk Search 11-05-2019 0 4	0	4
Can we generate a report per index that shows the time back stats of the queries? We need to decide soon how much storage to allocate to the hot/warm volume versus the cold one. Therefore, I would li... by danielbb Motivator in Splunk Search 11-05-2019 0 7	0	7
How to compare two strings and find the difference Hi all, In the middle of a search, I have two string fields, one is called A and the other B (both have the ";" as d... by edoardo_vicendo Builder in Splunk Search 11-05-2019 1 4	1	4
Help with rex to get a particular field The search I am using is below and in the output for few I am getting 3 records in the filed manage. Please help me t... by surekhasplunk Communicator in Splunk Search 11-05-2019 0 5	0	5
Event logs are related to incidents ; each log having an incident number and the state of that incident along with other attributes. If a certain incident is in resolved/closed state I want all logs pertaining to that incident to be excluded from the... by bineetadas New Member in Splunk Search 11-05-2019 0 3	0	3
Can someone clarify how the map command is supposed to work or if I have made a mistake in my search? Hello, I am currently trying to do a search across two different sourcetypes using the map command: sourcetype=sour... by chrishartsock Path Finder in Splunk Search 11-05-2019 0 7	0	7
count of the exact match Hi, I would want to have the count of a string (say "abcdef"). sometimes the string occurs multiple times in the sam... by prettysunshinez Explorer in Splunk Search 11-05-2019 0 1	0	1
How to group by forcing line value Hi, I want to show how many lines contains some value even if no line return. My data : Row 1 : F1: a Row 2 ... by matimat Explorer in Splunk Search 11-05-2019 1 4	1	4
How to return items dependent on occurrence I have the data field "user" with data like: user1, user1, user2, user2, user3, user3, user3, ... How do I get/coun... by steffen1 Engager in Splunk Search 11-04-2019 0 4	0	4
How to bring non matching values into the same column Hi , My current index when done table shows: Name\| Attendance \| Class abc \| Present \| 2A efg ... by ayush1906 Path Finder in Splunk Search 11-04-2019 0 3	0	3
What is the difference in name capturing group"(?)" and "(?P)"? How differences named capturing group expression between "(?<name>)" and "(?P<name>)"? by basplunk New Member in Splunk Search 11-04-2019 0 2	0	2
Wildcard * does not work with If or Case in Splunk There are 3 different values for one particular field say field1 - "INTPAY\ITS\TD_EFT\can contain other data", "INTPA... by gndivya Explorer in Splunk Search 11-04-2019 1 2	1	2
Disble hover for charts? Hi how to disable the hover functionality for line charts? I've tried disabling tooltips but it just hides the label-... by lsy9891 Engager in Splunk Search 11-04-2019 0 0	0	0