Splunk Search

Community Activity

How to format event in search Hi, I am running a search and the event structure is displaying as: { [-] line: 2019-09-27 11:47:29,696 [server]... by gentcore New Member in Splunk Search 09-27-2019 0 1	0	1
Interpreting execution costs on the Job Inspector page: Query update Could see an old question in 2010 , but just getting confused on the timings/duration vs execution cost I've a sear... by koshyk Super Champion in Splunk Search 09-27-2019 1 1	1	1
How to format multi-value table I need help formatting a mulitvalue field, the desired output below, followed by data in the field. For the data in ... by paulholguin New Member in Splunk Search 09-27-2019 0 3	0	3
Count the number of api occurrence in 10 second I have the following API's, for which I need to count the occurrence of each in every 10 seconds for 1 hour time inte... by JyotiP Path Finder in Splunk Search 09-27-2019 0 3	0	3
Difference bewteen two variable date reports, considering the direction Hello, I'm trying to create a search that shows what results are missing today - a, compared to yesterday - b. a and... by ABurk New Member in Splunk Search 09-27-2019 0 3	0	3
how to execute a search everyday and every 8 hours I have three teams in industrial company, the first starts work at 6am, the second at 2pm, and the third at 10pm, the... by amani28 New Member in Splunk Search 09-27-2019 0 6	0	6
Update indexed data after a monitored file has been changed Dear friends, with my company besides investigating log-data we are getting ready to roll-out splunk for the Busines... by mkohl New Member in Splunk Search 09-27-2019 0 2	0	2
How to print a change in value Hi all, Please help me to set an alert when a value change occurred. Also, I need to print old and new values. by tech_soul New Member in Splunk Search 09-27-2019 0 1	0	1
SNMP polling get data of same oid (modular input app) Hello Splunker's, I use the SNMP modular input application, to collect SNMP polling data. I want to recover only a... by TISKAR Builder in Splunk Search 09-27-2019 0 1	0	1
Is it possible to exclude search results with two lookup files? Hi,all I'm sorry but I use lookup for the first time. Is it possible to exclude search results with two lookup file... by subachu New Member in Splunk Search 09-26-2019 0 3	0	3
What are better ways to provide counts? Dear All, There are 3 source types and we are pushing data into same index we need to give the count based on each s... by santosh11 New Member in Splunk Search 09-26-2019 0 2	0	2
How to search iterate through lookup file I have an input lookup table with a list of user accounts we are trying to search through. Instead of doing index=w... by chrisfilor Engager in Splunk Search 09-26-2019 0 1	0	1
help on a text comparison fonction Hi I need to compare two fields from the text characters of these two fields So I need to do something like this whe... by jip31 Motivator in Splunk Search 09-26-2019 0 3	0	3
Vertical Scroll bar to Bar Chart Dear Friends, Is there a way to add the vertical scroll bar to bar chart . Please suggest. by splunklakshman Explorer in Splunk Search 09-26-2019 0 2	0	2
Why does my timechart search return "No results found"? Hi, I have a search where Splunk data is joined with a lookup, and I need a timechart on one of the fields provided ... by a212830 Champion in Splunk Search 09-26-2019 0 8	0	8
How to search over multiple lines Hello together, I want to search for "Binding Type: 0" in the following example log: LogName=Directory Service Sour... by ahmet_goekduman New Member in Splunk Search 09-26-2019 0 1	0	1
How to disable serverclass aids In the serverclass spec link:serverclass.spec , Is there a way to disable these "helpful" regex aids? I'm already pr... by trs01 New Member in Splunk Search 09-26-2019 0 0	0	0
How to add two rows to one? I have 2 rows with same field name, how do I add the count of 2 rows and display the result in one row. please find... by mmengu416 New Member in Splunk Search 09-26-2019 0 1	0	1
How to perform branching to different SPL commands based on the value of a field? Hello, Novice, but getting better. I am searching the Internet, Splunk Docs, and Splunk Answers for an answer. Meanwh... by genesiusj Builder in Splunk Search 09-26-2019 0 7	0	7
Behaviour with the fillnull & replace commands host=* sourcetype=* \|replace .zip WITH IN Object \| replace .csv WITH IN Object \| replace .null WITH IN Obj... by akarivaratharaj Communicator in Splunk Search 09-26-2019 0 1	0	1
Forcing eventgen to refresh normalised replacement files I am using eventgen to generate transaction type data, where I create an event in Splunk and then at some point in th... by bowesmana SplunkTrust in Splunk Search 09-26-2019 0 2	0	2
need to route data to nullqueue based on index Hi, I need to route the index data to null-queue based on the strings from the events. For example, all the events t... by purnavenkatesh Explorer in Splunk Search 09-25-2019 0 12	0	12
How to subtract values from same field in subsequent event and with the resulted values i want to make a chart Hi All, I am new to Splunk. please help me here on this requirement. i would like to check if there is any possibil... by harishbabu New Member in Splunk Search 09-25-2019 0 1	0	1
Index a CSV with different data types Hi all - bit of a weird one! I've run out of ideas. Help please! I'm trying to index some CSV files. However, the fi... by phil__tanner Path Finder in Splunk Search 09-25-2019 0 3	0	3
How to efficiently restrict time range for main search only Hi, I have a couple searches where the main search can be limited a fair amount, lets say the last 2 weeks, but I hav... by aatern Engager in Splunk Search 09-25-2019 0 3	0	3