Splunk Search

Community Activity

検索結果の指定フィールド列で別ソースタイプを検索し結果を右列に追加する方法についてお世話になります。サーチ文の書き方についてご教示ください。まず、以下の検索結果を出しています。・サーチ文「soucetype="test1" \| table host, user, state」・サーチ結果－－－－－－... by mozukun3 New Member in Splunk Search 11-01-2019 0 5	0	5
Problem extracting fields from auto extracted field Hello, I have events in the following format: 20/08/19 16:34:17 login1 command RunAsUsers="web,tomcat,embed" wit... by ktn01 Path Finder in Splunk Search 11-01-2019 0 2	0	2
How to append data to a lookup without overwriting anything AND also not adding duplicate data entries into the lookup? Hi guys, I was wondering if anyone knew of a method of appending data to a lookup, but not overwriting anything in ... by Robbie1194 Communicator in Splunk Search 11-01-2019 0 2	0	2
Splunk to verify splunk query results I have created an alert which basically checks the occurrence in particular keyword in two log files , however there ... by bsaujla131984 Path Finder in Splunk Search 11-01-2019 0 1	0	1
How to join two searches on a common field where the value of the left search matches all values of the right search? I need to join two searches on a common field in which I want a value of the left search matches all the values of t... by ahuseid New Member in Splunk Search 11-01-2019 0 6	0	6
How to continue with last known value on a simple timechart Simple search to look at the battery status on my UPS: UPS_BATT \| timechart max(UPS_BATT) span=1m But the UPS_BATT... by ajtalbot1 Engager in Splunk Search 11-01-2019 0 4	0	4
Searching string with patterns Hi, I would want to search for all results for this specific string pattern 'record has not been created for id XXXXX... by akki2428 New Member in Splunk Search 11-01-2019 0 9	0	9
After upgrade from 7.0.x to 7.2.7, search time with multiple subsearch increase from several seconds to more than 1 hr Have a search with many subsearch and append command like below pattern. \| makeresults \| eval abcd="acded" \| appe... by daniel_splunk Splunk Employee in Splunk Search 11-01-2019 0 1	0	1
si versus collect Hi, Is there any benefit to using the old method when using summary indexing? Basically I would like to the know dif... by mansel_scheffel Explorer in Splunk Search 11-01-2019 0 6	0	6
Sum to have a value as zero in case not found Hi All, I have some search criteria followed by stats as: Search ns=app1 Error \| stats sum(eval(AcctNo="'1000394'")... by kdulhan Explorer in Splunk Search 10-31-2019 1 8	1	8
How to display details in table I need to display a table with 4 columns and date is like this: Colum A Col B Col C Col D x ... by rashi83 Path Finder in Splunk Search 10-31-2019 0 2	0	2
Search to filter data Hi, Can I write my search as: index=idx1 host != (a,b,c) \| stats count by host The thing is I want to filter some ... by raghu0463 Explorer in Splunk Search 10-31-2019 0 1	0	1
Macro with tsats query returns no results. I've created several macros with a tstat query. when running the macro through the UI, no results are displayed. When... by jscraig2006 Communicator in Splunk Search 10-31-2019 0 1	0	1
Help removing strings after a certain string with Rex I'm trying to remove characters after a certain string in my search string. I am still getting the strings after "3"... by harshparikhxlrd Path Finder in Splunk Search 10-31-2019 0 2	0	2
Exclude a specific date/time of data from an overall average I am calculating monthly averages and have an issue where on a single day in October there was an error in the data. ... by DanielleM Explorer in Splunk Search 10-31-2019 0 2	0	2
Does fields break streamstats? I have a query using streamstats that is on the intensive side because I'm not dealing with nicely-formatted data. (... by rmmiller Contributor in Splunk Search 10-31-2019 0 9	0	9
How to remove stats list limits that result to 100 despite count=0? In a search executed via Python SDK, the stat list truncates results to 100 results, despite the fact that count=0. ... by alancalvitti Path Finder in Splunk Search 10-31-2019 0 9	0	9
How to creat named field with regular expression Hi Team, I would like to create a named field to filter Ethernet port numbers. My expression: \beth\d(?:-\d+)(?:/\... by dabroma5 Explorer in Splunk Search 10-31-2019 0 5	0	5
How to create named fields with regular expression Hi Team I need to filter logs to catch switches port numbers. I use Splunk Cloud, my expression: \beth\d*(?:-\d+)... by dabroma5 Explorer in Splunk Search 10-31-2019 0 7	0	7
Need to remove particular character from a field value Hi Ninjas, I have the following values for host name field . appra94a0350 appra92a0350 appra84a0201 appra25a0201 ap... by pench2k19 Explorer in Splunk Search 10-31-2019 0 2	0	2
Eval, Replace and Regular Expression Hi Guys! i've got the next situation Trying to replace some characters in this events: \device\harddiskvolume4\wind... by jnahuelperez35 Path Finder in Splunk Search 10-31-2019 2 3	2	3
Field extraction of similiar field across multiple line from Powershell logs Hi, i was hoping to extract all the fields after "CommandInvocation" that appears in the PS log but i wasnt able to e... by totaro Explorer in Splunk Search 10-31-2019 0 2	0	2
How do I only index events within a log that start with a specific series of characters? Hello all, I am trying to index a subset of a very painful log which has header and footer noise and whose events st... by andrewtrobec Motivator in Splunk Search 10-31-2019 0 2	0	2
SOLVED - How to combine related fields I have this search to display sourcetypes by index. \| metasearch index=* sourcetype=* \| stats values(sourcetype) as ... by bleung93 Path Finder in Splunk Search 10-31-2019 0 2	0	2
How to mask credit card data in splunk using SEDCMD in props.conf on a HF... I'm using this regex to mask cc data in props.cof on a Heavy Forwarder....need help in validating.... log format ... by prakash007 Builder in Splunk Search 10-30-2019 0 5	0	5