Splunk Search

Community Activity

Why does adding a comment change the number of rows returned by a search? Using Splunk Enterprise 7.3.2 on a MacBook. Two searches on the same static (loaded-once) search index, same date ra... by bretlowery1 New Member in Splunk Search 10-29-2019 0 2	0	2
How to get a multiselect form input to pass two types of values? When creating a search using pivot/data model, I can add a filter that looks something like: FILTER Brand in (brand... by spammenot66 Contributor in Splunk Search 10-29-2019 0 7	0	7
Use a lookup file to tag IP blocks So what I want to do is tag all IPs that belong to certain AWS regions and filter out those IPs. I want to try and ta... by arseniof New Member in Splunk Search 10-29-2019 0 1	0	1
How to make a string date UI sortable like _time? I have a string date field and would like to sort it in a table by clicking the field. No, I do not want it displaye... by nick405060 Motivator in Splunk Search 10-29-2019 0 1	0	1
Issue :- Searching hexadecimal Data from Windows host I have recently deployed Splunk UF on windows machined, installation and setup is successful. But while searching the... by dvohra Explorer in Splunk Search 10-29-2019 0 4	0	4
How to display the difference of results by source as a single value ,along with trending arrow of difference Hi Team, I have multiple sources in sourcetype. Want to see difference of result from last two sources. Latest source... by avni26 Explorer in Splunk Search 10-29-2019 0 7	0	7
Splunk multiply many fields in one search and compare against another field Hello, I have data that comes in via JSON format that looks like this: name: Item1 pricePerOne:10 name: Item2 pric... by Tylerdygert Path Finder in Splunk Search 10-29-2019 0 4	0	4
The fields are NOT showing up in an large multi-line event I have log data for a web service call. We log the web service call response status (success OR failure) as well as t... by khalilam1 New Member in Splunk Search 10-29-2019 0 4	0	4
エラーの初回発生日をカウントしたいご教授ください。複数端末のログ情報を集計しています。その中で、ある特定のエラーが発生した日がいつで、それが端末の稼働時間のどのタイミングかを一定のレンジでまとめたいと考えています。現在の総エラー数であれば、eval rang=... by tonakano Engager in Splunk Search 10-29-2019 0 5	0	5
calculate sum of duration between events I have events like below 2019-10-21 04:17:54.968, rev=true 2019-10-21 04:17:55.968, rev=true 2019-10-21 04:17:56.968... by ips_mandar Builder in Splunk Search 10-29-2019 0 4	0	4
Going crazy with simple Regex Hello, I wasted way too much time on my not working regex : Here's what my _raw data looks like : < Instrument=... by Zakary_n Path Finder in Splunk Search 10-29-2019 0 8	0	8
STRPTIME date question - Conf19 The below SPL works. The lastLoginDate is a range of dates from 2018 through 9/30/2019. I would like to find the las... by macattck Engager in Splunk Search 10-29-2019 0 8	0	8
From epoch to _time for make a timechart based search. Hello! i hope you can help me with this. I´m trying to set as _time an epoch field located at "rt" field. But if ... by cpm003 Path Finder in Splunk Search 10-29-2019 0 1	0	1
Splitting a column into two "even column index" and "odd column index" Hello, I have a column looking like this: Value 1.234 2.456 7.223 0.765 ... Preliminary I know that each first row ... by akashtanova Engager in Splunk Search 10-29-2019 0 3	0	3
help on appendcols subsearch hi I use the search below in order to calculate a percentage but I have a wrong result I am explaining When I execut... by jip31 Motivator in Splunk Search 10-29-2019 0 3	0	3
Deploy model from mltk toolkit experiment to predict next 5 values Hello Colleagues, I created an experiment to predict the numerical values and have a model generated / published. So... by damucka Builder in Splunk Search 10-28-2019 0 1	0	1
Splunk calculate sequential sum for every timestamp Hello, I would like to create fields (or a field with multiple values) which represents the sum for each timestamp. ... by ruhtraeel Path Finder in Splunk Search 10-28-2019 0 7	0	7
How to preventy hyphens in fieldnames with KV_MODE JSON? Hi everybody, I am extracting nested JSON with KV_MODE = JSON, which seems to work correctly. My problem is, I am ge... by jbrocks Communicator in Splunk Search 10-28-2019 0 2	0	2
ERROR SearchParser ERROR SearchParser - The search specifies a macro 'bcoat_request' that cannot be found. Reasons include: the macro na... by erlindemberg Explorer in Splunk Search 10-28-2019 0 2	0	2
How to use a value without including it in search results I am running a map command off of an initial search. The map ends with a sendemail command which sends a table of res... by w564432 Explorer in Splunk Search 10-28-2019 0 1	0	1
Why isn't this regex working on /var/log? Hi, I'm using a Single Instance of Splunk 6.6.2 and I've tried filtering some events of my log using the code below,... by rafamss Contributor in Splunk Search 10-28-2019 0 18	0	18
Good unix way check if splunkd and splunkweb are running What's a good Unix-y way to check whether splunkd and splunkweb are running? (I know the bin/splunk command does thi... by jeffoptimizely Explorer in Splunk Search 10-28-2019 3 9	3	9
How to apply color to a field with multiple values appended together? JobExecutionTime 2652.180000 3462.840000 823.780000 I have a field named JobExecutionTime and i have it as a list o... by kavyamohan Explorer in Splunk Search 10-28-2019 0 1	0	1
where in splunk do I find the CLI for Rest API I have logged in and "installed" the Rest APi App I cant seem to find where to go to use it? by peter_pergament New Member in Splunk Search 10-28-2019 0 8	0	8
How to calculate the difference between two fields on two paired events matched via the contents of a third field? Trying to calculate out a "TransactionTime" time by pairing two events by one matching field (ECID) and then working ... by jamesofthedead8 Explorer in Splunk Search 10-28-2019 0 4	0	4