Splunk Search

Community Activity

How to create average duration over time overlay in timechart I have a time chart that displays the average duration of calls for each day in the time range, the time range is set... by kmedara Engager in Splunk Search 09-25-2019 1 3	1	3
How to combine mv field values into string I have a string field that I split into a variable-length multi-value, removed the last value and need to combine it ... by c_o_serban Engager in Splunk Search 09-25-2019 0 1	0	1
Help with field extraction [Response:"AccessToken":"XXXXX", "AuthenticationLevel":"2","AuthProviderInfo":" [Response:"AccessToken":"XXXXX", "Au... by vikram1583 Explorer in Splunk Search 09-25-2019 0 2	0	2
How to use mvcount to get the accurate count of a keyword by source I have logs that have a keyword "*CLP" repeated multiple times in each event. I am trying the get the total counts of... by skakani114 New Member in Splunk Search 09-25-2019 0 2	0	2
How to compare last value and the second last value if they are non-numeric I want to get notified every time when an account expiry date is removed from Active directory and set to Never "Acc... by massumtaqi New Member in Splunk Search 09-25-2019 0 5	0	5
Historical searches for multisearch command Does anyone know of a way to search all search histories containing \|multisearch? Based on the previous answer, this ... by spammenot66 Contributor in Splunk Search 09-25-2019 0 1	0	1
Last Chance Index setup issues hello, we are trying to configure a lastchanceindex to capture events being sent to a non-existing index, however it ... by lavster Path Finder in Splunk Search 09-25-2019 0 1	0	1
Auto Lookup CIDR For this my ultimate goal is to set up a automatic lookup for a source type. Set this to Global also I set up the th... by jgillman Explorer in Splunk Search 09-25-2019 0 0	0	0
BREAK_ONLY_BEFORE_DATE=true is not working Here is my log sent from an UF to and Indexer: 2019-09-16 09:37:00 Fetching ISS data 'issfiles/sampleFile.tmp' -> 'i... by mukuru74 New Member in Splunk Search 09-25-2019 0 7	0	7
Auto Lookup CIDR I have created a csv lookup file that looks like this computerip Sitename 10.89.64.0/24 Test Si... by jgillman Explorer in Splunk Search 09-25-2019 0 1	0	1
Integrating AWS CUR using AWS Redshift with Splunk Db connect Hi, I am working on onboarding CUR data of AWS to Splunk in order to design dashboards with specific to few items l... by Madhavi_alugant New Member in Splunk Search 09-25-2019 0 0	0	0
How to use timechart with Eval command index=storage source="/******.csv" \| stats sum(00_) //It represents sum of various fields \| eval sum1=0 \| forea... by shugup2923 Path Finder in Splunk Search 09-25-2019 0 2	0	2
I want to exclude events before a certain date ( not timestamp). Lets say i have a column called as birthdate in my events and i do not want to see the events or birth records which ... by PC00128849 New Member in Splunk Search 09-25-2019 0 3	0	3
Subtract different time format Hello, i have only two values logout_time and online_time and i would like to get the login_time. How could i subtra... by criedman Explorer in Splunk Search 09-25-2019 0 2	0	2
How to extract from multiline events using regular expressions with variables? Hi, I have a rather large multiline event which I am trying to extract data from. The problem is that the format is ... by arisat Engager in Splunk Search 09-25-2019 0 3	0	3
Warning in email notification in splunk Dear Team, We have configured the email notification in splunk but we are getting the below warning message. How can... by santosh11 New Member in Splunk Search 09-24-2019 0 2	0	2
custom time range to sub search Hi, I want to run a search for a selected time range, and also want to do a sub search for the same duration in the p... by amerineni Loves-to-Learn in Splunk Search 09-24-2019 0 3	0	3
Unable to search for logs from console Somehow i have not got logs from universal forwarder servers since Sep 11, How to find out the reason ? by andydong New Member in Splunk Search 09-24-2019 0 2	0	2
一定数値の範囲の数をカウントしたいご教授ください。今日の日付とデータの日付を比較し、差分（何日間）をdurationという名前で抽出ししました。このdurationを一定の範囲の数をカウントしてビジュアライズしたいと考えたのですが、この範囲カウントが出来ませんで... by tonakano Engager in Splunk Search 09-24-2019 0 2	0	2
tonumber() not working on scientific notation Hi All, I am indexing a file with JSON and epoch values on the JSON are written in scientific notation An example o... by 999chris New Member in Splunk Search 09-24-2019 0 3	0	3
How to search with "IN" to produce same results as "OR"? I have a search with a bunch of OR's and I wanted to replace it with "IN" however I do not get the same results. My ... by balcv Contributor in Splunk Search 09-24-2019 0 2	0	2
Convert a dashboard into an APP Is it possible to convert a dashboard into an APP? I am trying to make it easier for managment to access it. If it ... by lamelendrez Loves-to-Learn Lots in Splunk Search 09-24-2019 0 1	0	1
How to 'join' two data sets but neither left join or inner join are suitable? Hi everyone, I've tried to answer this myself but no luck. I fear it might be so simple i'm overlooking it. I'm comf... by lewisgrantevans Explorer in Splunk Search 09-24-2019 0 3	0	3
Display Dates that Expire in 90 days Hello, We have a field called "Certificate Expiration Date" and trying to only show items that expire 90 days or le... by jordanking1992 Path Finder in Splunk Search 09-24-2019 0 1	0	1
How to group by a field and display multiple fields I have trace, level, and message fields in my events. I want to group by trace, and I also want to display all other ... by andytangjpmc New Member in Splunk Search 09-24-2019 0 1	0	1