Splunk Search

Community Activity

Transaction command doesn't work for all events when the 'endswith' event is seen next day. I am trying to run a transaction command for all the patrons where startswith=(Action=CardIn) endswith=(Action=CardOu... by aishwaryabh New Member in Splunk Search 11-02-2019 0 3	0	3
How to efficiently query all indexes for a list of IPs BACKGROUND: My Disaster Recovery team is compiling a list of all IPs endpoints, and has requested that I query all of... by asearson Explorer in Splunk Search 11-01-2019 0 4	0	4
How to generate timechart for eventstats per minute for multisearch index=something \| rex field=_raw ".\&WST=(?P<MMMId>[^&]+)." \| search Googly \| dedup MMMId \| bucket_... by rithick New Member in Splunk Search 11-01-2019 0 2	0	2
How can i disable the search that opens when i click on chart?! Hi I created a chart panel in a dashboard. The panel is based on an sql query. Everytime i click on the chart it sel... by alkhaldi Engager in Splunk Search 11-01-2019 0 4	0	4
Updating a lookup table with new row ? Hello All, I have an existing lookup file newlookupfile.csv. I'm trying to update the lookupfile with new row. I di... by iamsplunker31 Path Finder in Splunk Search 11-01-2019 0 6	0	6
Can you help me write a regular expression Need to extract Insurer , User , Dealer name 2019-11-01 06:54:20 W3SVC4 AUSYD11AS90 172.29.5.28 GET /Areas/Framewor... by rashi83 Path Finder in Splunk Search 11-01-2019 0 7	0	7
How to set up alerts with multiple fields with different thresholds Trying to setup up an alert with multiple fields extracted through Field. For example A,B, C etc and each having a d... by abhishekbhasin Explorer in Splunk Search 11-01-2019 1 12	1	12
How to improve performance of stats sum Hi I want to improve my search for better search performance, please find the attachment enclosed.![alt text by bapun18 Communicator in Splunk Search 11-01-2019 0 8	0	8
検索結果の指定フィールド列で別ソースタイプを検索し結果を右列に追加する方法についてお世話になります。サーチ文の書き方についてご教示ください。まず、以下の検索結果を出しています。・サーチ文「soucetype="test1" \| table host, user, state」・サーチ結果－－－－－－... by mozukun3 New Member in Splunk Search 11-01-2019 0 5	0	5
Problem extracting fields from auto extracted field Hello, I have events in the following format: 20/08/19 16:34:17 login1 command RunAsUsers="web,tomcat,embed" wit... by ktn01 Path Finder in Splunk Search 11-01-2019 0 2	0	2
How to append data to a lookup without overwriting anything AND also not adding duplicate data entries into the lookup? Hi guys, I was wondering if anyone knew of a method of appending data to a lookup, but not overwriting anything in ... by Robbie1194 Communicator in Splunk Search 11-01-2019 0 2	0	2
Splunk to verify splunk query results I have created an alert which basically checks the occurrence in particular keyword in two log files , however there ... by bsaujla131984 Path Finder in Splunk Search 11-01-2019 0 1	0	1
How to join two searches on a common field where the value of the left search matches all values of the right search? I need to join two searches on a common field in which I want a value of the left search matches all the values of t... by ahuseid New Member in Splunk Search 11-01-2019 0 6	0	6
How to continue with last known value on a simple timechart Simple search to look at the battery status on my UPS: UPS_BATT \| timechart max(UPS_BATT) span=1m But the UPS_BATT... by ajtalbot1 Engager in Splunk Search 11-01-2019 0 4	0	4
Searching string with patterns Hi, I would want to search for all results for this specific string pattern 'record has not been created for id XXXXX... by akki2428 New Member in Splunk Search 11-01-2019 0 9	0	9
After upgrade from 7.0.x to 7.2.7, search time with multiple subsearch increase from several seconds to more than 1 hr Have a search with many subsearch and append command like below pattern. \| makeresults \| eval abcd="acded" \| appe... by daniel_splunk Splunk Employee in Splunk Search 11-01-2019 0 1	0	1
si versus collect Hi, Is there any benefit to using the old method when using summary indexing? Basically I would like to the know dif... by mansel_scheffel Explorer in Splunk Search 11-01-2019 0 6	0	6
Sum to have a value as zero in case not found Hi All, I have some search criteria followed by stats as: Search ns=app1 Error \| stats sum(eval(AcctNo="'1000394'")... by kdulhan Explorer in Splunk Search 10-31-2019 1 8	1	8
How to display details in table I need to display a table with 4 columns and date is like this: Colum A Col B Col C Col D x ... by rashi83 Path Finder in Splunk Search 10-31-2019 0 2	0	2
Search to filter data Hi, Can I write my search as: index=idx1 host != (a,b,c) \| stats count by host The thing is I want to filter some ... by raghu0463 Explorer in Splunk Search 10-31-2019 0 1	0	1
Macro with tsats query returns no results. I've created several macros with a tstat query. when running the macro through the UI, no results are displayed. When... by jscraig2006 Communicator in Splunk Search 10-31-2019 0 1	0	1
Help removing strings after a certain string with Rex I'm trying to remove characters after a certain string in my search string. I am still getting the strings after "3"... by harshparikhxlrd Path Finder in Splunk Search 10-31-2019 0 2	0	2
Exclude a specific date/time of data from an overall average I am calculating monthly averages and have an issue where on a single day in October there was an error in the data. ... by DanielleM Explorer in Splunk Search 10-31-2019 0 2	0	2
Does fields break streamstats? I have a query using streamstats that is on the intensive side because I'm not dealing with nicely-formatted data. (... by rmmiller Contributor in Splunk Search 10-31-2019 0 9	0	9
How to remove stats list limits that result to 100 despite count=0? In a search executed via Python SDK, the stat list truncates results to 100 results, despite the fact that count=0. ... by alancalvitti Path Finder in Splunk Search 10-31-2019 0 9	0	9