Splunk Search

Community Activity

Splunk query question how can i do this search in better way: index=test_data sourcetype=test_source_data protocolName="ABCDE4C72260F082" ... by shtom New Member in Splunk Search 10-24-2019 0 2	0	2
Error Message About Literals Hello, One of my biggest pet peeves about software is the lack of information around error messages. Obviously, a dev... by genesiusj Builder in Splunk Search 10-24-2019 0 1	0	1
Custom Commands - Can Streaming Command return more than 1 row per result??? Hello, I'm creating a custom command on splunk (as you can see bellow), my problem is that from one row I want to cre... by ppatrikfr Path Finder in Splunk Search 10-24-2019 0 2	0	2
Missing fields in the index Hi, We have dynatrace data onboarded into Splunk though API. we came across this situation. When I ran the search w... by iamsplunker31 Path Finder in Splunk Search 10-24-2019 0 3	0	3
Create a timechart with Hours, Minutes, seconds on Y axis We have jobs running everyday and I want to do a timechart to show the start time of the job for each day. I have dat... by aohls Contributor in Splunk Search 10-24-2019 0 2	0	2
Consecutively two times- possible ? _time entity_id value duration 2016-01-21 06:52:04 lightA 1 770 2016-01... by reverse Contributor in Splunk Search 10-24-2019 0 2	0	2
Filter a ldapsearch query for a specific group using a wildcard? \| ldapsearch domain=default search="(sAMAccountNAme=%user%)" attrs="memberOf", is the query I am using but I want to ... by krisdev New Member in Splunk Search 10-24-2019 0 6	0	6
Need help in writing regex (PCRE) HI All, We have events where some fields are having multiple value , below is the example event1 : 123,... by pal_sumit1 Path Finder in Splunk Search 10-24-2019 0 3	0	3
How to update Search Command by JS Hello , I am using splunk WebFramework to develop, and i got an problem with update splunk search Command by JS Cur... by cuongnguyen112 Engager in Splunk Search 10-24-2019 0 3	0	3
help to display a timechart after a loadjob command hello I call a timechart from a loadjob command like below and it works \| loadjob savedsearch="admin:toto_sh:win ti... by jip31 Motivator in Splunk Search 10-23-2019 0 5	0	5
Search for result with double quotes Hello, I'm new to Splunk and am search for an event that would include this: toState: "stateB",", fromState: "state... by hendrkle New Member in Splunk Search 10-23-2019 0 6	0	6
Question on how to use the lookup file for Exception monitoring I have a lookup file which has below coloumns. Exception_Name Exception_Keyword Comments REXC ... by Deepz2612 Explorer in Splunk Search 10-23-2019 0 1	0	1
need to extract multiple values for a field in a custom event The whole event is coming in as below. Need eventtype to extract "event_type={type}" and size to extract all the valu... by ssyed2009 New Member in Splunk Search 10-23-2019 0 3	0	3
ITSI Grouping Hi, I am using ITSI grouping feature where we need to match the eventid from the two indexes of ITSI, index=itsi_not... by nikitakapoor109 New Member in Splunk Search 10-23-2019 0 2	0	2
how to extract a field from the results of a search query. Some events generated from the below search query. index=webmethods_nonprd CESAP.pub.Shipment.handler:processShipmen... by pratapa Explorer in Splunk Search 10-23-2019 0 3	0	3
splunk search matching term When searching and the auto suggestion is bringing up a matching term, is there a keystroke command to select that? ... by allenhau Engager in Splunk Search 10-23-2019 0 1	0	1
Help combining multiple searches into one search WITH good performance I am in need of combining these three searches into one search: 1. NameOfJob = BLT* \| spath message \| search... by tyhopping1 Engager in Splunk Search 10-23-2019 0 1	0	1
Trendline period integer syntax queston (sma \| ema \| wma) I am looking through the documentation on Splunk about trendlines and sma \| ema \| wma. In the documentation, it says ... by UMDTERPS Communicator in Splunk Search 10-23-2019 0 5	0	5
How to split multiple vlaues in single cell to new line in join search There few columns in the table that has multiple values in single line. I need them to be in separate/ newlines. Cu... by gravi Explorer in Splunk Search 10-23-2019 0 2	0	2
How do we change the default search period to one hour? We would like to change the default search period to an hour. How can we do it in 7.3? by danielbb Motivator in Splunk Search 10-23-2019 1 2	1	2
splunk not recording spanningtree logs My core switch had several spanning errors this morning, but Splunk did not record them. They are in the switch logs ... by keithweller New Member in Splunk Search 10-23-2019 0 2	0	2
Timechart question:- combining two values for plotting timechart My query is something like below index = "A" \| table x \| stats dc(x) as total \| appendcols [search index = "B" earl... by cbhattad Path Finder in Splunk Search 10-23-2019 0 14	0	14
Attempting to build a baseline computer asset list as a datasource from existing indexes Hi Everyone, I hope the smarter folks over here can assist me with a query that has kept me up for days. Hopefully t... by cfoord New Member in Splunk Search 10-23-2019 0 1	0	1
１レコード内の複数の連続したデータを取り出して結合する方法ご教授ください。１つのレコードのパラメータで連続したデータA[],B[],C[]があります。これらのデータの中身の個数は同数であり、順番も連携しています。それぞれを取り出して意味のあるデータData(A[1],B[1],C[1... by tonakano Engager in Splunk Search 10-23-2019 0 6	0	6
How to rename field with * inside like: Service* Hi I need to rename a field name (from lookup csv) with special character inside, like: Service* Status+ the probl... by buzek Explorer in Splunk Search 10-23-2019 0 8	0	8