Splunk Search

Community Activity

How to create a regex for unmapped queries? I have Splunk logs like: class,method,user,transactionType,,428856645467856301,1073258159,50213,5,2019-08-21 23:17:5... by Nidd Path Finder in Splunk Search 08-22-2019 0 3	0	3
How do I use transaction to extract my required information? I'm very new to Splunk and need to get some details about a transaction which spans multiple events. Am trying to get... by jwindley_splunk Splunk Employee in Splunk Search 08-21-2019 0 7	0	7
Different values in column between two rows Hi , I am having data like Col1 Col2(created from values()) row 1 X ... by vb1612 New Member in Splunk Search 08-21-2019 0 4	0	4
Need to extract field while search only (dont want to use field extraction) using REX Hi, I have diff log formats in a single sourcetype. Thus can't define field extraction - is there way to use REX in ... by rashi83 Path Finder in Splunk Search 08-21-2019 0 1	0	1
How to customize bar chart colors based on the values? Hi Splunkers. I've been trying for a while to customize a bar chart I have. Here are the data I have: range ... by guimilare Communicator in Splunk Search 08-21-2019 2 5	2	5
Lookup based on if statement I am looking to enhance a search with a lookup (if it returns an IP) to replace the value returned in the TID field i... by donemery Explorer in Splunk Search 08-21-2019 0 2	0	2
How to format the SPL as code? Hi, I am working on a dashboard. i am creating a table to monitor the count, average response time and maximum respo... by venkat0896 Path Finder in Splunk Search 08-21-2019 0 8	0	8
How don't we nullify the data? A developer here wrote the following - \|eval admin_activity=if((like(cmd_data, "%audit%") AND like(cmd_data, "%star... by danielbb Motivator in Splunk Search 08-21-2019 0 2	0	2
Can we Ignore timechart column if all rows having 0 values ? Hi, How can we Ignore timechart column if all rows having 0 values. basically I am using trellis to display and w... by AKG1_old1 Builder in Splunk Search 08-21-2019 0 4	0	4
How to use a lookup to compare multiple fields I am trying to run a search from amazon. index=amazon-aws sourcetype="aws:description" source="*:ec2_instances" W... by dsmith1988 Engager in Splunk Search 08-21-2019 0 2	0	2
sql query to splunk query How I can Change this sql query to splunk query, I tried in different way but It is not giving proper result please h... by deeptha1992 New Member in Splunk Search 08-21-2019 0 4	0	4
How to dynamically set an index based on a string in events with a fallback option? I have some logs where there are events that are like this: Apr 5 21:16:33 myhost001.company.com key=value key2=va... by Ricapar Communicator in Splunk Search 08-21-2019 0 6	0	6
Logs are getting truncated after the forwarding has been setup into splunk The data in event 1 is incomplete and the rest of it is getting populated into event2 and so on . If i am not wrong ,... by Sujithkumarkb Observer in Splunk Search 08-21-2019 0 0	0	0
Failed to parse templatized search for field.... Hi. I wonder whether someone may be able to help me please. I'm using the query below: \| multisearch [ search `gat... by IRHM73 Motivator in Splunk Search 08-21-2019 0 3	0	3
Lookup Table search wildcards I have created a lookup table, service.csv host,service,resource "host1","fdl","all" "host2","finance","db" "host3... by balcv Contributor in Splunk Search 08-20-2019 0 2	0	2
Return Timestamp from inner and outter search Hi, I am trying to create a search that finds two sequential events. So far I have: index=wineventlog EventCode=462... by shayvdee Explorer in Splunk Search 08-20-2019 0 4	0	4
Get a total for a multivalue field by multiple fields Greetings, I'm trying to get multiple totals for multiple fields. My current query incorporates \| stats count as ... by cquinney Communicator in Splunk Search 08-20-2019 0 3	0	3
How can I extract a license file from existing license volume Hi, I am trying to extract a license file from our current license pool. All I could see is the delete option for th... by divyamudundi Path Finder in Splunk Search 08-20-2019 2 4	2	4
XML Parsing Props.conf Any help is appreciated in parsing the following xml data retrieved from DB connect input. We just need the Name an... by uvmk61 New Member in Splunk Search 08-20-2019 0 5	0	5
help with tstats and eval Hi, I'm trying to count the number of events for a specific index/sourcetype combo, and then total them into a new f... by a212830 Champion in Splunk Search 08-20-2019 0 1	0	1
How to search for data Hello there, In our company we've been using Splunk for a while now but I think we use it not to it's full potential... by juanherrera Explorer in Splunk Search 08-20-2019 0 7	0	7
Do math on this period's numbers versus last period's I'd like to build an alert that essentially says "if the count from this hour is more than twice, or less than half, ... by shulmaniel New Member in Splunk Search 08-20-2019 0 3	0	3
Multiple stat intervals over a large dataset/summary index We have logging with user data for the requests each use does. We have created some averages and dashboards with this... by aohls Contributor in Splunk Search 08-20-2019 0 4	0	4
How to get Stats from Search and Average? This is probably quite simple and I am missing something.. i am using this search. index=sxxx sourcetype=sxxx host=... by jpsquires New Member in Splunk Search 08-20-2019 0 3	0	3
use of tstats instead of stats I am trying to iterate through 16million data and trying to use tstats instead of stats... please help me out in conv... by vikashperiwal Path Finder in Splunk Search 08-20-2019 0 6	0	6