Splunk Search

Community Activity

How to access data in rows of table and then search further using each of those values? Suppose I have logged data with certain fields like id, level, message etc. Ex: id:123 level:warn Message:xyz task i... by sai_shreyashi_p New Member in Splunk Search 09-12-2019 0 4	0	4
Search Help - Add Index to this _internal Search - And combine hosts I would like to add which index each of these hosts comes from in this search. index=_internal source=*/metrics.log ... by aferone Builder in Splunk Search 09-12-2019 0 5	0	5
join retrieving wrong results \| inputlookup fnms_copy1.csv \| eval MACaddress = replace(MACaddress,":", "") \| where MACaddress!=" " \| rename MACaddr... by harinivgr Explorer in Splunk Search 09-12-2019 0 0	0	0
How do you specify chart colours for a JSStack chart? I have a simple column chart with fields '-','High', 'Medium', 'Low', 'None'. I am using JS stack with the following ... by lquinn Contributor in Splunk Search 09-12-2019 4 4	4	4
Using where in search I have the following search index="pan" (dest_ip="192.168." AND NOT src_ip="192.168." AND NOT src_location="AU" AN... by balcv Contributor in Splunk Search 09-12-2019 0 2	0	2
How to stats by merging multiple events I have events in same index and source-type as follows: 9/12/19 11:28:46.398 AM [WARNING/ForkPoolWorker-13] project=... by humantorch New Member in Splunk Search 09-12-2019 0 1	0	1
How to combine specific values from two multivalue fields I have Splunk pulling in data from a lookup and creating two multivalue fields. I want to combine these two into a th... by valaverdyan Engager in Splunk Search 09-12-2019 0 1	0	1
Correlating fields and printing some fields . Logger 1: has StartId: 1234, and commitCode as 101. Logger 2: has EndId: 1234(which is same as start ID), WebOrderID... by sandeepmakkena Contributor in Splunk Search 09-12-2019 0 1	0	1
Find the LAST instance of an extracted field I have event data which looks like this: Sep 12 11:33:23 hostname AUDIT "2019-09-12 11:33:23.677 GMT+1000" 192.168... by jeremyhagand61 Communicator in Splunk Search 09-12-2019 0 2	0	2
Searching multiple log messages and count their occurrence index=my_index earliest=-30d "[ERR] Failed to connect with downstream node" OR "[ERR] Failed to authenticate downstre... by asubramanian Explorer in Splunk Search 09-12-2019 0 2	0	2
Need another column in chart Forgive my newbiness. I've been working with Splunk for many years but not developing reports. I have a report that... by tsheets13 Communicator in Splunk Search 09-12-2019 0 2	0	2
How to align events returned by two separate searches in a table I have a search that references CSV sources which are ingested from a UF; let's call these sources foo.csv and bar.cs... by beetlegeuse Path Finder in Splunk Search 09-12-2019 0 4	0	4
Table of monthly (or weekly) averages using epoch time in field (not _time) Hello! I'm trying to build a table showing the monthly averages of a calculation for "OEE" by a Machine field. I the... by johnansett Communicator in Splunk Search 09-12-2019 0 3	0	3
Using Tokens in a Search - No Dashboard Hello, I will continue to search Answers for an answer. Here's my issue. I have a dashboard with numerous searches a... by genesiusj Builder in Splunk Search 09-12-2019 0 2	0	2
hosts with certain criteria (simplified REGEX) I want to pull data for certain HOSTs in my index. For example: (host=pr1p01 OR host=pr1p03 OR host=*pr1p05 .. ) -... by Noorzaie Explorer in Splunk Search 09-12-2019 0 19	0	19
How to have stats with no result found Hi, I'm looking at logs on a Gateway to see if there is traffic or not for specific files at a specific time. I wan... by pbd Explorer in Splunk Search 09-12-2019 0 4	0	4
Eval a transaction with conditional statement I am using a transaction to group some jobs and get the timings. In doing so I want to check for certain steps, file ... by aohls Contributor in Splunk Search 09-12-2019 0 2	0	2
Issue with parsing large dataset using Join Hello, I am using the following search to parse 2 indexes since I want to combine the results from both indexes based... by kiranpatil1985 New Member in Splunk Search 09-12-2019 0 1	0	1
Search not working after migration to new Splunk cluster I have migrated my data collections from an older Splunk instance to a new clustered environment and am having issues... by morphis72 Path Finder in Splunk Search 09-12-2019 0 3	0	3
How to display checkbox based on parent checkbox selection I need to display list of checkboxes based on the parent check box selection. Say, I have 1, 2, 3 as parent checkboxe... by paviach New Member in Splunk Search 09-12-2019 0 4	0	4
Field extraction. I have a raw event like this for each order, if a user buys two products of different units how can I tie each produc... by sandeepmakkena Contributor in Splunk Search 09-11-2019 0 1	0	1
How to write regex to extract this line in this very long field? Hi, I have a field called message: Message="Fault bucket , type 0 Event Name: ServiceHang Response: Not available C... by lsy9891 Engager in Splunk Search 09-11-2019 0 1	0	1
How to split a GC log using eval funciton? Below is the sample GC log. Could someone let me know how to split it using eval function? 2019-09-11T02:27:50.180-... by aqaadi Engager in Splunk Search 09-11-2019 0 1	0	1
Count number of events by item in a JSON Array Use case, I have JSON events that contain an array of US states. I want to count the number of events by state. For ... by mzeb New Member in Splunk Search 09-11-2019 0 1	0	1
Trying to get total count till selected year from multiselect input Hi All, I am trying to display total active users count till selected year. I could achieve this , if I select only ... by piyali_sarkar New Member in Splunk Search 09-11-2019 0 5	0	5