Splunk Search

Community Activity

Why is newly configured ingestion not showing older logs? My search is that I have to log in the client machine, which needs to be ingested into Splunk Cloud- so I have deploy... by anandhalagarasa Path Finder in Splunk Search 09-13-2019 0 7	0	7
splunk tags.conf disable stanza We need to override a tags & eventtypes from one of the official TA (eg eventtype=ssh_authentication). eventtypes.... by koshyk Super Champion in Splunk Search 09-13-2019 0 2	0	2
Extract multiple values from a single field into multiple unique fields Hello, Is there a way to split out the unique values of a field into separate fields that are returned after a searc... by alex387 New Member in Splunk Search 09-13-2019 0 4	0	4
Search for a value in a set of results, then indicate in a new field if the value was found I have a somewhat complicated search whose results I present in a dashboard, and looks a bit like this: [ search... by toryan Engager in Splunk Search 09-13-2019 0 0	0	0
New field created through field transformation not appearing in search results I have created a field called PROCESS via Fields » Field transformations I could not see in the field appear in th... by pkbhavani New Member in Splunk Search 09-13-2019 0 1	0	1
If len() then A else B Hi All, I'm looking to include a If Else Check along with Len() Function along with Eval in my Search. My Raw synta... by sai33 Explorer in Splunk Search 09-13-2019 0 2	0	2
How do I block GUI messages about missing indexes? Since 7.3 the missing indexes message below goes to all my users causing many panicked questions about Splunk being d... by twinspop Influencer in Splunk Search 09-13-2019 0 4	0	4
Rename as Search vs Rename as Query? Hi I need a little clarification as the related posts I have found are confusing. I inherited a lot of reports from... by Glasses Builder in Splunk Search 09-13-2019 0 4	0	4
Why is imported error log producing wrong time and date stamps in results Just installed Splunk Enterprise free edition on a Windows 10 computer. Downloaded a Wordpress error log from a dec... by kfelts68 Explorer in Splunk Search 09-13-2019 0 2	0	2
How to search for the latest field value that is not equal to a certain value? Hi Just not having luck with my syntax. I have proofpoint logs and I am looking for the latest final_action value tha... by Glasses Builder in Splunk Search 09-13-2019 1 14	1	14
Calculate last 3 months count average and compare the result with last month count I want to calculate last 3months count and take its average and need to compare with last month total count. For exam... by avni26 Explorer in Splunk Search 09-13-2019 0 3	0	3
use case - Long running search query Hi, For a testing purposes, can i have few long running search SPL queries please. Using the search tutorials sample ... by inventsekar SplunkTrust in Splunk Search 09-13-2019 0 1	0	1
Need to compare the last hour values of the fields with current one hour Hi, We are monitoring the transaction count. I need to verify the results of last one hour, if there is any decrease ... by kartm2020 Communicator in Splunk Search 09-13-2019 0 7	0	7
Help with dur2sec function not displaying Hi I am having an issue with the result of my dur2sec function not displaying. Here is the SPL. I am still new to s... by PBerry7538 New Member in Splunk Search 09-13-2019 0 2	0	2
How to post process this query to display timechart instead? Hi, I have this query that I use as a base search query. host=NETWEBA* sourcetype=iis NOT("ErrorGuid") cs_uri_stem=... by lsy9891 Engager in Splunk Search 09-13-2019 0 1	0	1
how to display a field two times in a table with the original values and after a rename of the values hi As you can see below, I am doing a stats with the field "process_name" In order to be more comprenhensive, I am d... by jip31 Motivator in Splunk Search 09-13-2019 0 4	0	4
Show result of multiple queries as rows of single Table (one query=one row) Hi, I have a multiple search queries for which I have created separate panels in Dashboard, each showing the output ... by harshal_chakran Builder in Splunk Search 09-12-2019 0 9	0	9
Any tips for setting up a production workflow that includes sandboxes, a test lab, and a production environment? We have an established Splunk Enterprise production environment that several departments use. Some people want to dev... by jmulcaster_splu Splunk Employee in Splunk Search 09-12-2019 0 1	0	1
Can a variable value which depends on a dropdown token be included in search? Hello everyone, I am trying to assign a value to "myVar", which depends on a dropdown token on my dashboard. The val... by efranke New Member in Splunk Search 09-12-2019 0 2	0	2
How to access data in rows of table and then search further using each of those values? Suppose I have logged data with certain fields like id, level, message etc. Ex: id:123 level:warn Message:xyz task i... by sai_shreyashi_p New Member in Splunk Search 09-12-2019 0 4	0	4
Search Help - Add Index to this _internal Search - And combine hosts I would like to add which index each of these hosts comes from in this search. index=_internal source=*/metrics.log ... by aferone Builder in Splunk Search 09-12-2019 0 5	0	5
join retrieving wrong results \| inputlookup fnms_copy1.csv \| eval MACaddress = replace(MACaddress,":", "") \| where MACaddress!=" " \| rename MACaddr... by harinivgr Explorer in Splunk Search 09-12-2019 0 0	0	0
How do you specify chart colours for a JSStack chart? I have a simple column chart with fields '-','High', 'Medium', 'Low', 'None'. I am using JS stack with the following ... by lquinn Contributor in Splunk Search 09-12-2019 4 4	4	4
Using where in search I have the following search index="pan" (dest_ip="192.168." AND NOT src_ip="192.168." AND NOT src_location="AU" AN... by balcv Contributor in Splunk Search 09-12-2019 0 2	0	2
How to stats by merging multiple events I have events in same index and source-type as follows: 9/12/19 11:28:46.398 AM [WARNING/ForkPoolWorker-13] project=... by humantorch New Member in Splunk Search 09-12-2019 0 1	0	1