Splunk Search

Community Activity

Error while creating eval expression for calculated fields in data models I have a data model and defined about 5 fields. But one of the fields doesnt always have a value. I want it to show a... by pdantuuri0411 Explorer in Splunk Search 09-19-2019 0 2	0	2
How to look for events within a specified time period? Thx to @richgalloway he provided me the way forward on returning raw events in table format after a search with event... by jwalzerpitt Influencer in Splunk Search 09-19-2019 0 1	0	1
help with regex How to capture everything until second period.I have the below sample data.I want to capture the one in bold YYMPv2-... by vrmandadi Builder in Splunk Search 09-19-2019 1 4	1	4
How to search multiple counts based on fields condition using single stat There are multiple fields like time number description severity status restore_duration I want to take total count ,... by avni26 Explorer in Splunk Search 09-19-2019 1 3	1	3
How to use tokens from search in a lookup So this might be overly complicated for what I'm trying to accomplish but perhaps you all might be able to assist me.... by Csparks321 New Member in Splunk Search 09-19-2019 0 2	0	2
field location in log effect search completion time Noticing a big difference in time it takes to do a search on 2 different fields in a log. Is this just due to the sl... by jerrythoms Explorer in Splunk Search 09-19-2019 0 2	0	2
How to create a table with raw events after stats? I am running the following search looking for a user who logins in from multiple cities within a five minute time per... by jwalzerpitt Influencer in Splunk Search 09-19-2019 0 6	0	6
running splunk in openshift container. sudo error in script entrypoint.sh Hi, I can run splunk as a docker image - no problem. But running in Openshift it crashes running sudo (assume in en... by jjwallaby Engager in Splunk Search 09-19-2019 0 1	0	1
Simple rex works on REGEX101 but not in splunk. Hey so I have a list of of values, that need to be standardized. The values I'm need to transform look like this: Po... by codedtech Path Finder in Splunk Search 09-19-2019 0 1	0	1
DateStamp removal from a specified path ? Hi, I want to remove the date convention from a specified path ,can anyone help me with the rex command use for it ?... by bapun18 Communicator in Splunk Search 09-19-2019 0 1	0	1
Calculate the value of a field based on the values of other fields I have a some fields like this: Group_servers\|Name_server\|Status Group1\| server1\|OK Grou... by alex_orl Engager in Splunk Search 09-19-2019 0 2	0	2
How to access data from table that is not displayed Hello, I have a table with three columns, but I only want to display two columns, so I use the field command. When I... by mabinn Explorer in Splunk Search 09-19-2019 1 3	1	3
How can I produce results with a span of 1 day Hi, I am joining several source files in splunk to degenerate some total count. One thing to note is I am using ctcS... by Gowtham0809 New Member in Splunk Search 09-18-2019 0 8	0	8
Alert based on same domain count We have email data reported in Splunk and I want to build an Alert, based on a search, that can trigger if it sees mo... by balcv Contributor in Splunk Search 09-18-2019 0 1	0	1
How to extract values from three levels deep list Hello splunkers, currently the appevent that I'm working on contain lists within lists : trx: [ [-] { ... by helmekkaoui New Member in Splunk Search 09-18-2019 0 6	0	6
Charting Total Index Size vs Used Space Inside Index Hello to all, We have a few indexes that are configured with different max MB's. I want to be able to create a das... by aferone Builder in Splunk Search 09-18-2019 0 3	0	3
Arrange non-null values in a field Hi, I have the below events 100, ABC, , , 110, DEF, , , , , , , , ,120 ,GHI, 130, JKL, , , , , , , , ,140 ,MNO , ... by rupesh26 Path Finder in Splunk Search 09-18-2019 0 2	0	2
The system is approaching the maximum number of historical searches that can be run concurrently. current=7 maximum=8 I am not searching anything why above message display very frequently? While I have deleted all saved search. by jangid Builder in Splunk Search 09-18-2019 1 13	1	13
Retrieving unique values of an indexed field Is there a quick way to retrieve the list of all unique values of an indexed field? I know I could search for the fi... by NancyCunningham Engager in Splunk Search 09-18-2019 3 7	3	7
How to extract data from Splunk to get the allowed and blocked events count separately for each firewall I have few firewall logs coming into the Splunk. I need to extract the data from Splunk to get the allowed and blocke... by anshubathla New Member in Splunk Search 09-18-2019 0 2	0	2
How to count stats by grouping substring from an URI Here is my search: index=app sourcetype=access context=PL uri=/PL/data/2.0/space/* and I have the following logs ... by prakashpnvs Engager in Splunk Search 09-18-2019 0 2	0	2
Eval condition in props.conf using mvindex? I have a field which contains 2 values for every event as shown below: Field Name :- Username Example Values :- A,B... by pavanae Builder in Splunk Search 09-18-2019 0 4	0	4
Column not appending to first search I have read a lot of similar questions to mine but I still can't get the results to work as needed. I have two searc... by l0gik Explorer in Splunk Search 09-18-2019 0 2	0	2
How to get stats from log and display src,dest from another log having uniqueId is common I have a set of logs... log1 is task startingtime log having taskbegin ,uniqueID, src ,dest and log2 is task endTime... by arjun_krishna Explorer in Splunk Search 09-18-2019 0 4	0	4
Regex command causing the search to not work - unknown search command Hi People, I am trying to run a regex command to cut out a part of the REQ field, On regex 101 it is working fine, ... by ssjabid Explorer in Splunk Search 09-18-2019 0 5	0	5