Splunk Search

Community Activity

Breaking of one field values into 2-3 different fields Hi, I have a field called Location and It have data like Call Type, Site, Wing and Room all in just one field called... by mohammedk01 Explorer in Splunk Search 10-25-2019 0 4	0	4
How to concatenate the two search results in single email report. We have two different scheduled search and it is providing the two different result. I would like send the both of th... by kartm2020 Communicator in Splunk Search 10-25-2019 0 1	0	1
Regex generation I have the below set of events where I wanted to write regex to capture only the last word Kindly help by Deepz2612 Explorer in Splunk Search 10-25-2019 0 3	0	3
Time conversion from milliseconds to break down to days hours minutes seconds I have been working on a search that gives a duration breakdown. I am trying to achieve: thehost theip c... by reneedeleon Engager in Splunk Search 10-25-2019 0 22	0	22
disable drill down on statistics table for last row I have a table as shown below team open>3 days open>4 days Avg_days_task_open A 2 4... by vkrishnachand New Member in Splunk Search 10-25-2019 0 1	0	1
How to append column total to column name? I have data something like this Name. Accepted Rejected Posted Total Change ... by sandeepmakkena Contributor in Splunk Search 10-25-2019 1 4	1	4
I want to include field values which have the latest timestamp value for a particular field events are like this : number = INCXXXXXX dv_sys = yyyy-mm-dd hh:mm:ss group = lx ........ for a particular value of ... by bineetadas New Member in Splunk Search 10-25-2019 0 2	0	2
CLI Search Command: Why does search that includes a field name fail? This cli search command works from a machine with a universal forwarder: splunk search "index="foo" earliest=-7d \| ... by williamcharlton Path Finder in Splunk Search 10-25-2019 0 6	0	6
How do I find a pattern in a field that contains 10 digit numbers that increase by 1? I have a field called data. Example of what is in the data field. 1234567890 9999999999 7638278823 1234567891 8475627... by milky88 New Member in Splunk Search 10-25-2019 0 1	0	1
append and transaction I have a pretty complex search where I'm trying to get the DHCP and ACS authentication logs correlated by MAC address... by jeff Contributor in Splunk Search 10-25-2019 1 3	1	3
Rsyslog failover and load balancing while forwarding logs to a FQDN(dns) which has 2 Heavy Forwarder IP's configured in DNS Round Robin 2 heavy forwarders are configured to receive syslog inputs on port UDP / TCP 1600.Linux servers are configured to sen... by simonselvin2019 Explorer in Splunk Search 10-25-2019 1 5	1	5
Display x-axis scale for a field that isn't _time Hi guys, I am trying to chart multiple days on the same line chart, kind of like in this example (https://docs.splunk... by w564432 Explorer in Splunk Search 10-25-2019 0 5	0	5
foreach command Hi everyone, I'm trying to get my head around this foreach statement but no luck so far ... Foreach seems like th... by kristofvdbdavin New Member in Splunk Search 10-25-2019 0 7	0	7
Question on how to use lookup file I have a lookup file which has below 3 columns. Exception_Name Exception_Keyword Comments REXC RemoteException Alert... by Deepz2612 Explorer in Splunk Search 10-25-2019 0 2	0	2
help on a filter issue after a loadjob command hi I use the search below and I call it from a loadjob command After the loadjob execution, I need to filter the da... by jip31 Motivator in Splunk Search 10-25-2019 0 4	0	4
DB Lookup failing with - No operations allowed after statement closed. Hi all, After finally getting a automatic DB Lookup working it fails after loading in a couple of value. I've setup ... by ldurham New Member in Splunk Search 10-24-2019 0 3	0	3
Show All the Results within the Field I want to show all the results within the field itself as I do not want it just show the top 10 limits from the list.... by keldridg2 New Member in Splunk Search 10-24-2019 0 5	0	5
How do you Timechart by multiple fields? Hi, I'm struggling with the below query "presentable" in a dashboard. Initially, my idea was to have time on the x-a... by Esperteyu Explorer in Splunk Search 10-24-2019 0 2	0	2
How to add a column showing search criteria that matched results? I'm writing a search to parse the command line arguments of 4688 events, and want to be able to sort by what matched ... by quadrant8 New Member in Splunk Search 10-24-2019 0 2	0	2
Which characters does Splunk allow in field names? It seems very strange to me to be asking this question in 2019 for Splunk 7.3.1, but I've used Splunk, I've read the ... by Graham_Hanningt Builder in Splunk Search 10-24-2019 3 3	3	3
Join fields from 2 searches without join Hi, I need some help with a little issue, I have 2 sorcetypes like this: SOURCETYPE A: ID_1 \| DESCRIPCION 1 ... by jtg1703 New Member in Splunk Search 10-24-2019 0 2	0	2
Filter fight for sourcetype not working We have a sourcetype and I am trying to filter and everytime I do it shows not events. But I know that there are even... by jgillman Explorer in Splunk Search 10-24-2019 0 4	0	4
Splunk Query help to find time difference For last 30 days(which i will select in time filter) I would like to get the count of field X only if it is older tha... by NAVEEN_CTS Path Finder in Splunk Search 10-24-2019 0 1	0	1
change sourcetype for sourcetype not starting with specific word I want to change the sourcetype for all incoming logs with sourcetypes not starting with abc. I have following settin... by ss026381 Communicator in Splunk Search 10-24-2019 0 4	0	4
Calculating % error rate from a single field for a timechart Hey All, I'm trying to make a timechart that shows the % of un-successful requests processed every hour. Success (o... by dreeck Path Finder in Splunk Search 10-24-2019 1 3	1	3