Splunk Search

Community Activity

	Find the LAST instance of an extracted field I have event data which looks like this: Sep 12 11:33:23 hostname AUDIT "2019-09-12 11:33:23.677 GMT+1000" 192.168... by jeremyhagand61 Communicator in Splunk Search 09-12-2019 0 2	0	2
	Searching multiple log messages and count their occurrence index=my_index earliest=-30d "[ERR] Failed to connect with downstream node" OR "[ERR] Failed to authenticate downstre... by asubramanian Explorer in Splunk Search 09-12-2019 0 2	0	2
	Need another column in chart Forgive my newbiness. I've been working with Splunk for many years but not developing reports. I have a report that... by tsheets13 Communicator in Splunk Search 09-12-2019 0 2	0	2
	How to align events returned by two separate searches in a table I have a search that references CSV sources which are ingested from a UF; let's call these sources foo.csv and bar.cs... by beetlegeuse Path Finder in Splunk Search 09-12-2019 0 4	0	4
	Table of monthly (or weekly) averages using epoch time in field (not _time) Hello! I'm trying to build a table showing the monthly averages of a calculation for "OEE" by a Machine field. I the... by johnansett Communicator in Splunk Search 09-12-2019 0 3	0	3
	Using Tokens in a Search - No Dashboard Hello, I will continue to search Answers for an answer. Here's my issue. I have a dashboard with numerous searches a... by genesiusj Builder in Splunk Search 09-12-2019 0 2	0	2
	hosts with certain criteria (simplified REGEX) I want to pull data for certain HOSTs in my index. For example: (host=pr1p01 OR host=pr1p03 OR host=*pr1p05 .. ) -... by Noorzaie Explorer in Splunk Search 09-12-2019 0 19	0	19
	How to have stats with no result found Hi, I'm looking at logs on a Gateway to see if there is traffic or not for specific files at a specific time. I wan... by pbd Explorer in Splunk Search 09-12-2019 0 4	0	4
	Eval a transaction with conditional statement I am using a transaction to group some jobs and get the timings. In doing so I want to check for certain steps, file ... by aohls Contributor in Splunk Search 09-12-2019 0 2	0	2
	Issue with parsing large dataset using Join Hello, I am using the following search to parse 2 indexes since I want to combine the results from both indexes based... by kiranpatil1985 New Member in Splunk Search 09-12-2019 0 1	0	1
	Search not working after migration to new Splunk cluster I have migrated my data collections from an older Splunk instance to a new clustered environment and am having issues... by morphis72 Path Finder in Splunk Search 09-12-2019 0 3	0	3
	How to display checkbox based on parent checkbox selection I need to display list of checkboxes based on the parent check box selection. Say, I have 1, 2, 3 as parent checkboxe... by paviach New Member in Splunk Search 09-12-2019 0 4	0	4
	Field extraction. I have a raw event like this for each order, if a user buys two products of different units how can I tie each produc... by sandeepmakkena Contributor in Splunk Search 09-11-2019 0 1	0	1
	How to write regex to extract this line in this very long field? Hi, I have a field called message: Message="Fault bucket , type 0 Event Name: ServiceHang Response: Not available C... by lsy9891 Engager in Splunk Search 09-11-2019 0 1	0	1
	How to split a GC log using eval funciton? Below is the sample GC log. Could someone let me know how to split it using eval function? 2019-09-11T02:27:50.180-... by aqaadi Engager in Splunk Search 09-11-2019 0 1	0	1
	Count number of events by item in a JSON Array Use case, I have JSON events that contain an array of US states. I want to count the number of events by state. For ... by mzeb New Member in Splunk Search 09-11-2019 0 1	0	1
	Trying to get total count till selected year from multiselect input Hi All, I am trying to display total active users count till selected year. I could achieve this , if I select only ... by piyali_sarkar New Member in Splunk Search 09-11-2019 0 5	0	5
	Go to last page of search results When there are more than 10 pages of results, showing the Prev / Next buttons, is there a way to go to the last page ... by donna_oquinn New Member in Splunk Search 09-11-2019 0 3	0	3
	How to color code one column based on another (Dynamic)column when using chart command? I have 700 sites, I am running a chart command to get some value for each site per day. \| bin span=1d _time \| eval... by achoudhary1 New Member in Splunk Search 09-11-2019 0 0	0	0
	How to find the matches of the fields from the first table with the values of the second Hello. I have two tables. I need to compare the values of two columns in each table. In result, I want to receive ro... by verteletskyia Observer in Splunk Search 09-11-2019 0 3	0	3
	How to convert hexadecimal IP to decimal Hello all, How can we convert this to regular IP? I tried using the below search but it's not converting correctly. B... by vrmandadi Builder in Splunk Search 09-11-2019 0 2	0	2
	How to write an efficient subsearch with or without coalesce? Need some advice writing a subsearch... I have an index=email with two sourcetypes sourcetype=MTA sourcetype=MSG bo... by Glasses Builder in Splunk Search 09-11-2019 0 5	0	5
	Extract URL field with regex for certain error codes Hi everyone, I have one logfile per day that is filled with several lines of information showing requests to play vi... by splunkchris2 New Member in Splunk Search 09-11-2019 0 5	0	5
	Why does isnotnull command return true for blank Country field added by iplocation? I am using the iplocation command on an IP based field to add new fields to each event, most importantly the Country ... by frbuser Path Finder in Splunk Search 09-11-2019 0 11	0	11
	Outputlookup to override values of a single column in lookup.csv I have a search which returns a table with columns name,value,state - I have a lookup file (lookup.csv) with columns ... by mounicachinni New Member in Splunk Search 09-11-2019 0 0	0	0