Splunk Search

Community Activity

How to combine two searches into one table using count twice I have two searches, one getting the current connections and the other getting an average. I'm trying to grab the fie... by aking76 Path Finder in Splunk Search 09-09-2019 0 6	0	6
How to get the row text from inputlookup in a variable for email alert HI! I am using a CSV file to catch some alerts, and that part works fine, I catch all my alerts. index="main" [inp... by mbreton Engager in Splunk Search 09-09-2019 0 0	0	0
Comparing appVersions over time Hi, I am trying to compare my latest app vs all the other app Version to evaluate adoption rate. I would like to disp... by khanyag1 New Member in Splunk Search 09-09-2019 0 9	0	9
Is it possible to use EVAL field in sendemail with DBXQUERY search? I am needing to pass a custom date to the sendemail subject line and I know it is possible using a standard Splunk se... by jnsd03 Explorer in Splunk Search 09-09-2019 0 0	0	0
handling error issues i ran a normal query, but it is auto cancelled after sometime ,so i am interested in why the query has failed.is ther... by farooq3679 Engager in Splunk Search 09-09-2019 0 4	0	4
How to optimize rex to avoid the error message: Error in 'rex' command: regex= has exceeded configured match_limit, consider raising the value in limits.conf Hi. Can you help me, please, to optimize the regular expression. The problem is, when I search in longer time, I rece... by spisiakmi Contributor in Splunk Search 09-09-2019 0 8	0	8
Per day and Per second results not matching up. I am running following queries to get event counts average per second and per day over a weeks period but the results... by angersleek Path Finder in Splunk Search 09-09-2019 0 3	0	3
Convert columns to rows I have a table like below A B C 1 2,3,4 Hello Need a query for wh... by jiaqya Builder in Splunk Search 09-09-2019 0 1	0	1
Multiple fields in one chart Hi, I struggling to create chart, which will be with multiple field values (max,avg and min pauses) + need to see mo... by pudanelilita Explorer in Splunk Search 09-09-2019 0 2	0	2
How do i find out if a field contains part of another field? Hello community. I'm struggling to find emails that have a word in the subject which also have the word in an attach... by sgrierson New Member in Splunk Search 09-08-2019 0 4	0	4
How to get results for individual fields per second I have the following query which gives me per second average results for the events. Is there a way I can modify it ... by angersleek Path Finder in Splunk Search 09-08-2019 0 2	0	2
There are sites that provide geolocation of IPs. Is there a way to create a Splunk form for this function? Does the ip address in question need to be indexed somewhere prior? Rather than use 3rd party websites, we'd like to use Splunk to geolocate an address that may not yet be indexed. Sim... by scott_sackrider Explorer in Splunk Search 09-08-2019 1 2	1	2
search show results not existing in logs. Hi Splunker; I have the below search: index=winevents host=prdaddc02 OR host=PRDADDC01 OR host=DZITHQ-DC3 sourcetyp... by aalhabbash1 Path Finder in Splunk Search 09-07-2019 0 2	0	2
Unexplained: Inconsistent/incomplete transaction eventcount when using maxevents with startswith I am getting an inconsistent number of events in a transaction, relative to the value specified for maxevents=x: \| ... by collinrice Explorer in Splunk Search 09-06-2019 0 0	0	0
epoch time difference between first and last. Hello All, I am trying to find the difference between first time and last time in epoch time. and i want the differ... by AbubakarShahid New Member in Splunk Search 09-06-2019 0 2	0	2
Help with regex with two different type events Hello I have the below sample events Thu Sep 5 10:00:02 EDT 2019 XDB EXPIRED & LOCKED ... by vrmandadi Builder in Splunk Search 09-06-2019 0 5	0	5
Reading Event Counts for all indexes and then reading their corresponding Count for threshold Check Specified in the lookup File Can Please anyone help me in building the query for my alert so that It takes the index name and its corresponding th... by bapun18 Communicator in Splunk Search 09-06-2019 0 3	0	3
I want to use an 'or' argument in my search is this possible? So I have a search query which returns registrations for a website called CXI. See below: sourcetype=applog Successf... by a123537 New Member in Splunk Search 09-06-2019 0 5	0	5
How to display a live map from a website into dashboard Hello everyone, I'm a newbie and I did build my own dashboard in Splunk. I was able to create different charts and I... by tcalvillo Engager in Splunk Search 09-06-2019 0 5	0	5
how do i use the variable name1 in the table command later? ... \|rename General.SetupViews as Modes\|eval mode=split(Modes," ")\|eval name1=mvindex(mode,0) \| eval name2=mvindex(mo... by pratyushd New Member in Splunk Search 09-06-2019 0 4	0	4
how to fix " app not found" issue Hi, Whenever log into the splunk , i am getting " app not found" error . can i please know how to keep "searching an... by kteng2024 Path Finder in Splunk Search 09-06-2019 0 4	0	4
How to write query for creating alert using lookup Hi Splunkers, I have the events getting ingested as below: timestamp patch_version hostname Now,I want to crea... by Arpmjdr Explorer in Splunk Search 09-06-2019 0 5	0	5
How to separate the fields AppDomainName and ApplicationSource in timechart? Hi I have this query that counts the number of errors for two applications but I get the application names from diff... by lsy9891 Engager in Splunk Search 09-06-2019 0 1	0	1
how to extract only numeric values from field into table ? it fetching the non field values too from. for example: dport=86 pattern: 0 tcp && dst port 86 && dst 345 here dport is field and pattern is non field value. i... by salmanbpc New Member in Splunk Search 09-06-2019 0 1	0	1
help on subsearch in order to match a common field between 2 lookup files hi In a first lookup (host.csv), I have a field "host" In a second lookup (toto.csv), I have also a field "host" Is ... by jip31 Motivator in Splunk Search 09-06-2019 0 2	0	2