Splunk Search

Community Activity

splunk not recording spanningtree logs My core switch had several spanning errors this morning, but Splunk did not record them. They are in the switch logs ... by keithweller New Member in Splunk Search 10-23-2019 0 2	0	2
Timechart question:- combining two values for plotting timechart My query is something like below index = "A" \| table x \| stats dc(x) as total \| appendcols [search index = "B" earl... by cbhattad Path Finder in Splunk Search 10-23-2019 0 14	0	14
Attempting to build a baseline computer asset list as a datasource from existing indexes Hi Everyone, I hope the smarter folks over here can assist me with a query that has kept me up for days. Hopefully t... by cfoord New Member in Splunk Search 10-23-2019 0 1	0	1
１レコード内の複数の連続したデータを取り出して結合する方法ご教授ください。１つのレコードのパラメータで連続したデータA[],B[],C[]があります。これらのデータの中身の個数は同数であり、順番も連携しています。それぞれを取り出して意味のあるデータData(A[1],B[1],C[1... by tonakano Engager in Splunk Search 10-23-2019 0 6	0	6
How to rename field with * inside like: Service* Hi I need to rename a field name (from lookup csv) with special character inside, like: Service* Status+ the probl... by buzek Explorer in Splunk Search 10-23-2019 0 8	0	8
Compare values from log and lookup I have a lookup table that contains the data similar to the: Service_name, IP, Port HTTPS, 10.10.10.10, 443 DNS, 10.1... by ialahdal Path Finder in Splunk Search 10-23-2019 0 3	0	3
Search Count is different in direct search vs in table I am seeing an odd behavior where my search event count is different when the exact query is run separately vs when u... by asubramanian Explorer in Splunk Search 10-23-2019 0 1	0	1
What is the moving window for in finding outliers? Hi Splunkers, I referenced Splunk documentation on finding outliers below. Why is there a need for moving a windo... by sssignals Path Finder in Splunk Search 10-23-2019 0 1	0	1
Stats Max issue I have a query that I am running using dbxquery for specific reasons. Anyway I have run into an interesting issue th... by willadams Contributor in Splunk Search 10-22-2019 0 2	0	2
How to search more than 1 year data Hello, I want to search more than one year data for particular machine. How to check is possible to get more than ... by brpsingara Explorer in Splunk Search 10-22-2019 0 6	0	6
How to ignore case and remove characters? I occasionally use Splunk as part of my job to research issues, but am very much a novice. The query below charts the... by rmhughes Explorer in Splunk Search 10-22-2019 0 4	0	4
Word Count in a Url Newbie Here ! How can I get a word count in a url? I am trying to count the number of occurrence of a word "organizat... by tomlimbu New Member in Splunk Search 10-22-2019 0 2	0	2
Your entry was not saved. The following error was reported: SyntaxError: JSON Parse error: Unrecognized token '<‘. Hi, So I'm inheriting some splunk code that I'm going through and cleaning up. It contains: rex field=source "/data... by tristanmatthews Path Finder in Splunk Search 10-22-2019 8 28	8	28
Need Particular Host "DNS-DC-01" data from metadata I want to search "August 2018 activity on machine DNS-DC-01" Could you please help me, how to use metadata for part... by brpsingara Explorer in Splunk Search 10-22-2019 0 4	0	4
Need help in field extraction In the below log, I need to extract genres from the log. In a single log there are multiple genres. Such as for the b... by vikcee Path Finder in Splunk Search 10-22-2019 1 6	1	6
Why doesn't my base search query work? I wrote this base search query: host=NETWEBA* sourcetype="WinEventLog:Application" AND ApplicationSource="/jpw*" AND... by lsy9891 Engager in Splunk Search 10-22-2019 0 1	0	1
How to build daily average (response time) with data containing hourly average and number of events per hour? Hello Everyone, I construct a csv (output)lookup file containing the hourly average response time, the hourly number... by tomgc Engager in Splunk Search 10-22-2019 1 2	1	2
Need to filter search to match src_user and time from one eventcode below is what I have so far. What I need to do is match the src_user from event code 4724 and the time to events in 4... by lgrachek Explorer in Splunk Search 10-22-2019 0 8	0	8
How to get transaction to ignore endswith if startswith doesn't exist I have an issue where my transaction search finds endswith events with no startswith events. Not to go into too much ... by mikecal Explorer in Splunk Search 10-22-2019 0 3	0	3
how to transform from row to rows ? i have data like this : used_memory free_memory total_memory used_swap free_swap total_swap 665268 ... by cuongnguyen112 Engager in Splunk Search 10-22-2019 0 5	0	5
Multi search / correlate conundrum Sorry for not spelling the problem out in the title, I'm a bit stuck even for the correct language to describe my puz... by jeremywebb Explorer in Splunk Search 10-22-2019 1 4	1	4
URGENT REQUEST: how to pull specific values from given query? sourcetype=abc "responseStatus=500" "abc.xyz.logging.yyyy.zzzzz" "cccccccccccccc88888883333hhhh" \| rex field=_raw "\... by iqbalintouch Path Finder in Splunk Search 10-21-2019 0 2	0	2
How to extract a word from raw data in Splunk using rex SVSCPLEX,S0W1,S0W1.DAL-EBIS.IHOST.COM,SYSLOG,zOS-SYSLOG-Console,SYSLOG,-0400,NE,001C,19283 01.21.46.880 -0500,S0W1 ... by kavyamohan Explorer in Splunk Search 10-21-2019 0 4	0	4
How to format a website/service downtime duration calculation results Hi all, I have the below dataset for a website. Time,title, response code 01/10/2019 08:22 ABC_PORTAL 200 01/10... by venky1544 Builder in Splunk Search 10-21-2019 0 4	0	4
How to send a single email to multiple email id mentioned in different rows of the table Hi All I have following table as outcome of my query :- Name lastname Emailid A D ab... by rahulbhatia Path Finder in Splunk Search 10-21-2019 0 1	0	1