Splunk Search

Community Activity

Join fields from 2 searches without join Hi, I need some help with a little issue, I have 2 sorcetypes like this: SOURCETYPE A: ID_1 \| DESCRIPCION 1 ... by jtg1703 New Member in Splunk Search 10-24-2019 0 2	0	2
Filter fight for sourcetype not working We have a sourcetype and I am trying to filter and everytime I do it shows not events. But I know that there are even... by jgillman Explorer in Splunk Search 10-24-2019 0 4	0	4
Splunk Query help to find time difference For last 30 days(which i will select in time filter) I would like to get the count of field X only if it is older tha... by NAVEEN_CTS Path Finder in Splunk Search 10-24-2019 0 1	0	1
change sourcetype for sourcetype not starting with specific word I want to change the sourcetype for all incoming logs with sourcetypes not starting with abc. I have following settin... by ss026381 Communicator in Splunk Search 10-24-2019 0 4	0	4
Calculating % error rate from a single field for a timechart Hey All, I'm trying to make a timechart that shows the % of un-successful requests processed every hour. Success (o... by dreeck Path Finder in Splunk Search 10-24-2019 1 3	1	3
Query using java jdk does not return any result if table command is used I'm using java sdk to execute a search and if search has a table or stats count the query does not return any result.... by osvaldo_pina Loves-to-Learn Lots in Splunk Search 10-24-2019 0 0	0	0
How to join the same sourcetype - Basically inner join with same sourcetype with different type of search string and compare the value (IN) condition. ) I am using the below query to achieve IN condition in same source. Basically I am achieving how many Order has been c... by shanaiyappan New Member in Splunk Search 10-24-2019 0 2	0	2
Splunk query question how can i do this search in better way: index=test_data sourcetype=test_source_data protocolName="ABCDE4C72260F082" ... by shtom New Member in Splunk Search 10-24-2019 0 2	0	2
Error Message About Literals Hello, One of my biggest pet peeves about software is the lack of information around error messages. Obviously, a dev... by genesiusj Builder in Splunk Search 10-24-2019 0 1	0	1
Custom Commands - Can Streaming Command return more than 1 row per result??? Hello, I'm creating a custom command on splunk (as you can see bellow), my problem is that from one row I want to cre... by ppatrikfr Path Finder in Splunk Search 10-24-2019 0 2	0	2
Missing fields in the index Hi, We have dynatrace data onboarded into Splunk though API. we came across this situation. When I ran the search w... by iamsplunker31 Path Finder in Splunk Search 10-24-2019 0 3	0	3
Create a timechart with Hours, Minutes, seconds on Y axis We have jobs running everyday and I want to do a timechart to show the start time of the job for each day. I have dat... by aohls Contributor in Splunk Search 10-24-2019 0 2	0	2
Consecutively two times- possible ? _time entity_id value duration 2016-01-21 06:52:04 lightA 1 770 2016-01... by reverse Contributor in Splunk Search 10-24-2019 0 2	0	2
Filter a ldapsearch query for a specific group using a wildcard? \| ldapsearch domain=default search="(sAMAccountNAme=%user%)" attrs="memberOf", is the query I am using but I want to ... by krisdev New Member in Splunk Search 10-24-2019 0 6	0	6
Need help in writing regex (PCRE) HI All, We have events where some fields are having multiple value , below is the example event1 : 123,... by pal_sumit1 Path Finder in Splunk Search 10-24-2019 0 3	0	3
How to update Search Command by JS Hello , I am using splunk WebFramework to develop, and i got an problem with update splunk search Command by JS Cur... by cuongnguyen112 Engager in Splunk Search 10-24-2019 0 3	0	3
help to display a timechart after a loadjob command hello I call a timechart from a loadjob command like below and it works \| loadjob savedsearch="admin:toto_sh:win ti... by jip31 Motivator in Splunk Search 10-23-2019 0 5	0	5
Search for result with double quotes Hello, I'm new to Splunk and am search for an event that would include this: toState: "stateB",", fromState: "state... by hendrkle New Member in Splunk Search 10-23-2019 0 6	0	6
Question on how to use the lookup file for Exception monitoring I have a lookup file which has below coloumns. Exception_Name Exception_Keyword Comments REXC ... by Deepz2612 Explorer in Splunk Search 10-23-2019 0 1	0	1
need to extract multiple values for a field in a custom event The whole event is coming in as below. Need eventtype to extract "event_type={type}" and size to extract all the valu... by ssyed2009 New Member in Splunk Search 10-23-2019 0 3	0	3
ITSI Grouping Hi, I am using ITSI grouping feature where we need to match the eventid from the two indexes of ITSI, index=itsi_not... by nikitakapoor109 New Member in Splunk Search 10-23-2019 0 2	0	2
how to extract a field from the results of a search query. Some events generated from the below search query. index=webmethods_nonprd CESAP.pub.Shipment.handler:processShipmen... by pratapa Explorer in Splunk Search 10-23-2019 0 3	0	3
splunk search matching term When searching and the auto suggestion is bringing up a matching term, is there a keystroke command to select that? ... by allenhau Engager in Splunk Search 10-23-2019 0 1	0	1
Help combining multiple searches into one search WITH good performance I am in need of combining these three searches into one search: 1. NameOfJob = BLT* \| spath message \| search... by tyhopping1 Engager in Splunk Search 10-23-2019 0 1	0	1
Trendline period integer syntax queston (sma \| ema \| wma) I am looking through the documentation on Splunk about trendlines and sma \| ema \| wma. In the documentation, it says ... by UMDTERPS Communicator in Splunk Search 10-23-2019 0 5	0	5