Splunk Search

Community Activity

Why is the same search returning different results each time it is run? I use Splunk to calculate user's Internet hits. There are about 710 thousands entries. I searched several times, but ... by pop1989 Explorer in Splunk Search 09-14-2019 0 4	0	4
subnet information I have subnet lookup in cidr notation. so i am trying to print subnet detail with dest ip but not getting result. qu... by nishit_92 Explorer in Splunk Search 09-14-2019 0 2	0	2
looping through all rows of lookup file and match Hi, I have a lookup file with following structure. pattern,output_value "aaa\s+:\d\d:", 2 "aaa\s+:\d:", 1 For m... by ankitarath2011 Path Finder in Splunk Search 09-14-2019 0 7	0	7
Extracting field data from alert to be emailed I have an alert configured to automatically send an email upon a user account locking. I'm looking for the email to o... by reaver3020 New Member in Splunk Search 09-14-2019 0 1	0	1
How to get results only if search field contains a word in the lookup table If I have a search result which has a field named "Field1" and It has values like : This is Word1 now. This is Word2 ... by ashishmgupta Explorer in Splunk Search 09-14-2019 0 1	0	1
Lookup table for lot of fields My event log has comma separated field values of 100+ fields. Each field can have about 2-15 different values. Exampl... by smiththebest New Member in Splunk Search 09-14-2019 0 0	0	0
Why is newly configured ingestion not showing older logs? My search is that I have to log in the client machine, which needs to be ingested into Splunk Cloud- so I have deploy... by anandhalagarasa Path Finder in Splunk Search 09-13-2019 0 7	0	7
splunk tags.conf disable stanza We need to override a tags & eventtypes from one of the official TA (eg eventtype=ssh_authentication). eventtypes.... by koshyk Super Champion in Splunk Search 09-13-2019 0 2	0	2
Extract multiple values from a single field into multiple unique fields Hello, Is there a way to split out the unique values of a field into separate fields that are returned after a searc... by alex387 New Member in Splunk Search 09-13-2019 0 4	0	4
Search for a value in a set of results, then indicate in a new field if the value was found I have a somewhat complicated search whose results I present in a dashboard, and looks a bit like this: [ search... by toryan Engager in Splunk Search 09-13-2019 0 0	0	0
New field created through field transformation not appearing in search results I have created a field called PROCESS via Fields » Field transformations I could not see in the field appear in th... by pkbhavani New Member in Splunk Search 09-13-2019 0 1	0	1
If len() then A else B Hi All, I'm looking to include a If Else Check along with Len() Function along with Eval in my Search. My Raw synta... by sai33 Explorer in Splunk Search 09-13-2019 0 2	0	2
How do I block GUI messages about missing indexes? Since 7.3 the missing indexes message below goes to all my users causing many panicked questions about Splunk being d... by twinspop Influencer in Splunk Search 09-13-2019 0 4	0	4
Rename as Search vs Rename as Query? Hi I need a little clarification as the related posts I have found are confusing. I inherited a lot of reports from... by Glasses Builder in Splunk Search 09-13-2019 0 4	0	4
Why is imported error log producing wrong time and date stamps in results Just installed Splunk Enterprise free edition on a Windows 10 computer. Downloaded a Wordpress error log from a dec... by kfelts68 Explorer in Splunk Search 09-13-2019 0 2	0	2
How to search for the latest field value that is not equal to a certain value? Hi Just not having luck with my syntax. I have proofpoint logs and I am looking for the latest final_action value tha... by Glasses Builder in Splunk Search 09-13-2019 1 14	1	14
Calculate last 3 months count average and compare the result with last month count I want to calculate last 3months count and take its average and need to compare with last month total count. For exam... by avni26 Explorer in Splunk Search 09-13-2019 0 3	0	3
use case - Long running search query Hi, For a testing purposes, can i have few long running search SPL queries please. Using the search tutorials sample ... by inventsekar SplunkTrust in Splunk Search 09-13-2019 0 1	0	1
Need to compare the last hour values of the fields with current one hour Hi, We are monitoring the transaction count. I need to verify the results of last one hour, if there is any decrease ... by kartm2020 Communicator in Splunk Search 09-13-2019 0 7	0	7
Help with dur2sec function not displaying Hi I am having an issue with the result of my dur2sec function not displaying. Here is the SPL. I am still new to s... by PBerry7538 New Member in Splunk Search 09-13-2019 0 2	0	2
How to post process this query to display timechart instead? Hi, I have this query that I use as a base search query. host=NETWEBA* sourcetype=iis NOT("ErrorGuid") cs_uri_stem=... by lsy9891 Engager in Splunk Search 09-13-2019 0 1	0	1
how to display a field two times in a table with the original values and after a rename of the values hi As you can see below, I am doing a stats with the field "process_name" In order to be more comprenhensive, I am d... by jip31 Motivator in Splunk Search 09-13-2019 0 4	0	4
Show result of multiple queries as rows of single Table (one query=one row) Hi, I have a multiple search queries for which I have created separate panels in Dashboard, each showing the output ... by harshal_chakran Builder in Splunk Search 09-12-2019 0 9	0	9
Any tips for setting up a production workflow that includes sandboxes, a test lab, and a production environment? We have an established Splunk Enterprise production environment that several departments use. Some people want to dev... by jmulcaster_splu Splunk Employee in Splunk Search 09-12-2019 0 1	0	1
Can a variable value which depends on a dropdown token be included in search? Hello everyone, I am trying to assign a value to "myVar", which depends on a dropdown token on my dashboard. The val... by efranke New Member in Splunk Search 09-12-2019 0 2	0	2