Splunk Search

Community Activity

After upgrade from 7.0.x to 7.2.7, search time with multiple subsearch increase from several seconds to more than 1 hr Have a search with many subsearch and append command like below pattern. \| makeresults \| eval abcd="acded" \| appe... by daniel_splunk Splunk Employee in Splunk Search 11-01-2019 0 1	0	1
si versus collect Hi, Is there any benefit to using the old method when using summary indexing? Basically I would like to the know dif... by mansel_scheffel Explorer in Splunk Search 11-01-2019 0 6	0	6
Sum to have a value as zero in case not found Hi All, I have some search criteria followed by stats as: Search ns=app1 Error \| stats sum(eval(AcctNo="'1000394'")... by kdulhan Explorer in Splunk Search 10-31-2019 1 8	1	8
How to display details in table I need to display a table with 4 columns and date is like this: Colum A Col B Col C Col D x ... by rashi83 Path Finder in Splunk Search 10-31-2019 0 2	0	2
Search to filter data Hi, Can I write my search as: index=idx1 host != (a,b,c) \| stats count by host The thing is I want to filter some ... by raghu0463 Explorer in Splunk Search 10-31-2019 0 1	0	1
Macro with tsats query returns no results. I've created several macros with a tstat query. when running the macro through the UI, no results are displayed. When... by jscraig2006 Communicator in Splunk Search 10-31-2019 0 1	0	1
Help removing strings after a certain string with Rex I'm trying to remove characters after a certain string in my search string. I am still getting the strings after "3"... by harshparikhxlrd Path Finder in Splunk Search 10-31-2019 0 2	0	2
Exclude a specific date/time of data from an overall average I am calculating monthly averages and have an issue where on a single day in October there was an error in the data. ... by DanielleM Explorer in Splunk Search 10-31-2019 0 2	0	2
Does fields break streamstats? I have a query using streamstats that is on the intensive side because I'm not dealing with nicely-formatted data. (... by rmmiller Contributor in Splunk Search 10-31-2019 0 9	0	9
How to remove stats list limits that result to 100 despite count=0? In a search executed via Python SDK, the stat list truncates results to 100 results, despite the fact that count=0. ... by alancalvitti Path Finder in Splunk Search 10-31-2019 0 9	0	9
How to creat named field with regular expression Hi Team, I would like to create a named field to filter Ethernet port numbers. My expression: \beth\d(?:-\d+)(?:/\... by dabroma5 Explorer in Splunk Search 10-31-2019 0 5	0	5
How to create named fields with regular expression Hi Team I need to filter logs to catch switches port numbers. I use Splunk Cloud, my expression: \beth\d*(?:-\d+)... by dabroma5 Explorer in Splunk Search 10-31-2019 0 7	0	7
Need to remove particular character from a field value Hi Ninjas, I have the following values for host name field . appra94a0350 appra92a0350 appra84a0201 appra25a0201 ap... by pench2k19 Explorer in Splunk Search 10-31-2019 0 2	0	2
Eval, Replace and Regular Expression Hi Guys! i've got the next situation Trying to replace some characters in this events: \device\harddiskvolume4\wind... by jnahuelperez35 Path Finder in Splunk Search 10-31-2019 2 3	2	3
Field extraction of similiar field across multiple line from Powershell logs Hi, i was hoping to extract all the fields after "CommandInvocation" that appears in the PS log but i wasnt able to e... by totaro Explorer in Splunk Search 10-31-2019 0 2	0	2
How do I only index events within a log that start with a specific series of characters? Hello all, I am trying to index a subset of a very painful log which has header and footer noise and whose events st... by andrewtrobec Motivator in Splunk Search 10-31-2019 0 2	0	2
SOLVED - How to combine related fields I have this search to display sourcetypes by index. \| metasearch index=* sourcetype=* \| stats values(sourcetype) as ... by bleung93 Path Finder in Splunk Search 10-31-2019 0 2	0	2
How to mask credit card data in splunk using SEDCMD in props.conf on a HF... I'm using this regex to mask cc data in props.cof on a Heavy Forwarder....need help in validating.... log format ... by prakash007 Builder in Splunk Search 10-30-2019 0 5	0	5
How do I filter string values from a greater-than-or-equal-to numerical comparison? I have a field in my query called Attempt that is either a non-negative integer or a special value "null". I use the ... by entpnerd Explorer in Splunk Search 10-30-2019 0 1	0	1
max of two column Hi , my search output is like mysearch \| table col1 col2 col3 I want col4 as max(col1,col2) Thanks by vb1612 New Member in Splunk Search 10-30-2019 0 1	0	1
Blocked Field Values Trying to find the definition of the various values of the Blocked field. Yes and No are self explanatory, but I have... by stasiakm New Member in Splunk Search 10-30-2019 0 1	0	1
Help extracting from L15= so Please help me extract NGN4000000 from L15= so I can have a field of TotalCash_In_ATM=NGN4000000. 2019-10-29 12:... by rhugo Observer in Splunk Search 10-30-2019 0 5	0	5
Forcing a zero count in Time Chart I'm producing a report for some service owners. It is designed to give them a breakdown of successes and failures spl... by watsm10 Communicator in Splunk Search 10-30-2019 1 10	1	10
Search query result from two log statements. Hi, I wanted to search result as count from two log statements. one log statement has value "...Out of stock ..." a... by mahenderj New Member in Splunk Search 10-30-2019 0 3	0	3
Is it possible to use if else condition based on the search to create stats? index=concourse sourcetype="deployments: csv" if project = * and team=$team$ \| stats count by project, team elif team... by nukarajusundeep New Member in Splunk Search 10-30-2019 0 4	0	4