Splunk Search

Community Activity

How to search iterate through lookup file I have an input lookup table with a list of user accounts we are trying to search through. Instead of doing index=w... by chrisfilor Engager in Splunk Search 09-26-2019 0 1	0	1
help on a text comparison fonction Hi I need to compare two fields from the text characters of these two fields So I need to do something like this whe... by jip31 Motivator in Splunk Search 09-26-2019 0 3	0	3
Vertical Scroll bar to Bar Chart Dear Friends, Is there a way to add the vertical scroll bar to bar chart . Please suggest. by splunklakshman Explorer in Splunk Search 09-26-2019 0 2	0	2
Why does my timechart search return "No results found"? Hi, I have a search where Splunk data is joined with a lookup, and I need a timechart on one of the fields provided ... by a212830 Champion in Splunk Search 09-26-2019 0 8	0	8
How to search over multiple lines Hello together, I want to search for "Binding Type: 0" in the following example log: LogName=Directory Service Sour... by ahmet_goekduman New Member in Splunk Search 09-26-2019 0 1	0	1
How to disable serverclass aids In the serverclass spec link:serverclass.spec , Is there a way to disable these "helpful" regex aids? I'm already pr... by trs01 New Member in Splunk Search 09-26-2019 0 0	0	0
How to add two rows to one? I have 2 rows with same field name, how do I add the count of 2 rows and display the result in one row. please find... by mmengu416 New Member in Splunk Search 09-26-2019 0 1	0	1
How to perform branching to different SPL commands based on the value of a field? Hello, Novice, but getting better. I am searching the Internet, Splunk Docs, and Splunk Answers for an answer. Meanwh... by genesiusj Builder in Splunk Search 09-26-2019 0 7	0	7
Behaviour with the fillnull & replace commands host=* sourcetype=* \|replace .zip WITH IN Object \| replace .csv WITH IN Object \| replace .null WITH IN Obj... by akarivaratharaj Communicator in Splunk Search 09-26-2019 0 1	0	1
Forcing eventgen to refresh normalised replacement files I am using eventgen to generate transaction type data, where I create an event in Splunk and then at some point in th... by bowesmana SplunkTrust in Splunk Search 09-26-2019 0 2	0	2
need to route data to nullqueue based on index Hi, I need to route the index data to null-queue based on the strings from the events. For example, all the events t... by purnavenkatesh Explorer in Splunk Search 09-25-2019 0 12	0	12
How to subtract values from same field in subsequent event and with the resulted values i want to make a chart Hi All, I am new to Splunk. please help me here on this requirement. i would like to check if there is any possibil... by harishbabu New Member in Splunk Search 09-25-2019 0 1	0	1
Index a CSV with different data types Hi all - bit of a weird one! I've run out of ideas. Help please! I'm trying to index some CSV files. However, the fi... by phil__tanner Path Finder in Splunk Search 09-25-2019 0 3	0	3
How to efficiently restrict time range for main search only Hi, I have a couple searches where the main search can be limited a fair amount, lets say the last 2 weeks, but I hav... by aatern Engager in Splunk Search 09-25-2019 0 3	0	3
How to exclude certain wildcard matches from the search I need to search for *exception in our logs (e.g. "NullPointerException") but want to exclude certain matches (e.g. "... by franjo Explorer in Splunk Search 09-25-2019 0 11	0	11
How to create average duration over time overlay in timechart I have a time chart that displays the average duration of calls for each day in the time range, the time range is set... by kmedara Engager in Splunk Search 09-25-2019 1 3	1	3
How to combine mv field values into string I have a string field that I split into a variable-length multi-value, removed the last value and need to combine it ... by c_o_serban Engager in Splunk Search 09-25-2019 0 1	0	1
Help with field extraction [Response:"AccessToken":"XXXXX", "AuthenticationLevel":"2","AuthProviderInfo":" [Response:"AccessToken":"XXXXX", "Au... by vikram1583 Explorer in Splunk Search 09-25-2019 0 2	0	2
How to use mvcount to get the accurate count of a keyword by source I have logs that have a keyword "*CLP" repeated multiple times in each event. I am trying the get the total counts of... by skakani114 New Member in Splunk Search 09-25-2019 0 2	0	2
How to compare last value and the second last value if they are non-numeric I want to get notified every time when an account expiry date is removed from Active directory and set to Never "Acc... by massumtaqi New Member in Splunk Search 09-25-2019 0 5	0	5
Historical searches for multisearch command Does anyone know of a way to search all search histories containing \|multisearch? Based on the previous answer, this ... by spammenot66 Contributor in Splunk Search 09-25-2019 0 1	0	1
Last Chance Index setup issues hello, we are trying to configure a lastchanceindex to capture events being sent to a non-existing index, however it ... by lavster Path Finder in Splunk Search 09-25-2019 0 1	0	1
Auto Lookup CIDR For this my ultimate goal is to set up a automatic lookup for a source type. Set this to Global also I set up the th... by jgillman Explorer in Splunk Search 09-25-2019 0 0	0	0
BREAK_ONLY_BEFORE_DATE=true is not working Here is my log sent from an UF to and Indexer: 2019-09-16 09:37:00 Fetching ISS data 'issfiles/sampleFile.tmp' -> 'i... by mukuru74 New Member in Splunk Search 09-25-2019 0 7	0	7
Auto Lookup CIDR I have created a csv lookup file that looks like this computerip Sitename 10.89.64.0/24 Test Si... by jgillman Explorer in Splunk Search 09-25-2019 0 1	0	1