Splunk Search

Community Activity

	Lookup field values not in search(index) I need to display the values which are present in mylookup and NOT in my index Search I tried : \| inputlookup myloo... by vickram New Member in Splunk Search 08-12-2019 0 1	0	1
	geostat is taking only one value from the lookup table I'm trying to show the count of the number of hosts in an area using a cluster map. I have added a lookup CSV file wi... by gwtm_hak Engager in Splunk Search 08-12-2019 0 2	0	2
	Monthly Graph not showing proper value on X axis I am creating monthly chart using splunk timechart query as shown below: index="sample_audit_log" \| timechart span=1... by hanibans New Member in Splunk Search 08-12-2019 0 4	0	4
	How many wildcards are used in Splunk? For example: I know there is ... and , both of which are used in the monitor stanza. The is also used in gener... by itsmevic Communicator in Splunk Search 08-12-2019 0 2	0	2
	Chart Add fields sum of columns and columns larger then 1 I am ruining a search to look for 7705 routers that has rebooted for loss of power. this is working well, but I wish ... by shouldntdothat Explorer in Splunk Search 08-12-2019 0 2	0	2
	How to pass a value extracted from a main search to a sub search from different source? Example: source="FILE1.log" search_input \| rex ".]Rpc id :(?[0-9][0-9][0-9][0-9][0-9][0-9])" \| append [search sour... by vivek991985 New Member in Splunk Search 08-12-2019 0 2	0	2
	Why does Using "\|" pipe cause 2nd line on search ? Search ends with unbalanced parentheses. Adding parentheses doesn't help. After adding pipe (\|) , search looks like following : 1 (index=main sourcetype=access_combined_wcookie status=200 fil... by brolarf New Member in Splunk Search 08-12-2019 0 5	0	5
	join two lookup tables Hi, I have two lookup tables created by a search with outputlookup command ,as: table_1.csv with fields _time, A,B ta... by awedmondson Explorer in Splunk Search 08-12-2019 0 3	0	3
	How to collect and dedup the newest to a new Index Hello Splunkers, I've got an existing index which I would like to process and collect in a new Index. My rough idea ... by sai33 Explorer in Splunk Search 08-12-2019 0 3	0	3
	Transaction - max span is 1 calendar day Hi all, can I define somehow that I will get the only a transaction from the same calendar day? I know that I can use... by alisaf New Member in Splunk Search 08-12-2019 0 4	0	4
	How to append generating command results to a search? I'm using a custom Generating Command and I need to append results to a search. I want to use it like \| inputlookup... by smurs New Member in Splunk Search 08-12-2019 0 1	0	1
	Stats command not showing field column when data is not there Hi. I am running below search. Sometimes error does not happen but in that case, stats command shows no data. Can I s... by madhuragujarath New Member in Splunk Search 08-12-2019 0 1	0	1
	Error in 'eval' command: The expression is malformed. The factor is missing. Hello Splunkers, Today I have upgraded my Splunk environment from 6.0.1 to 6.6.1. Every dashboard and Splunk query i... by ramprakash Explorer in Splunk Search 08-12-2019 0 8	0	8
	Unable to mask data using Regex I'm testing the data-mask feature by anonymizing the numbers in the brackets: splunk[9085] but it's not working Is my... by bdalsania_splun Splunk Employee in Splunk Search 08-12-2019 0 1	0	1
	How to find out which source, source type and host are not getting data into Splunk? Hi All, In my environment having a huge number of host, source and source types. From some of the host or source or ... by Reddi694325 Path Finder in Splunk Search 08-12-2019 0 1	0	1
	How to count distinct IPs from a given country I am trying to parse a syslog input to count the number of distinct IPs for a given country. My search string is i... by mlines333 New Member in Splunk Search 08-12-2019 0 1	0	1
	How to list of search results with a value > X in a specific search field Hello, I have the following field:= message.msg: msg: before send to xxx, payload = {"id":"abc123","userId":1,"curr... by alysea New Member in Splunk Search 08-12-2019 0 5	0	5
	Error in 'DataModelCache': Invalid or unaccelerable root object for datamodel Hi Champs, I am getting below error when I run below tstats command. My datamodel is just a search query with multi... by nareshinsvu Builder in Splunk Search 08-11-2019 0 3	0	3
	At which layer lookup works? Hi There, Could anyone help me understand at which Splunk layer lookup works, I mean at input layer, indexer layer or... by rajeev_ku Path Finder in Splunk Search 08-11-2019 0 2	0	2
	How to create a bar chart that will stack values of given max value Hi, I want to create a bar chart that will stack values of given max value. So the max value will be the max value... by limjophilip New Member in Splunk Search 08-11-2019 0 9	0	9
	Regex not working for multiline events Hi, My logs look like this ... AS RAW TEXT: {"timestamp":"2019-08-08 10:23:38.320","level":"INFO","thread":"task-s... by namrithadeepak Path Finder in Splunk Search 08-11-2019 0 3	0	3
	Using field of a search in other search I am trying to use a field of a Index1 in Index2 to search for status of Correlation ID, but it is not working as exp... by bsaujla131984 Path Finder in Splunk Search 08-11-2019 0 2	0	2
	Column chart color change if threshold is hit Currently, i have a column chart with the default color blue. I want these default color to change if a certain count... by newbie09 Explorer in Splunk Search 08-11-2019 0 14	0	14
	How to add another column which shows TRUE/False based on row values HI all, Could anyone help me to add another column which shows true/false based on values on the other 3 rows. When a... by vinaykataaig Explorer in Splunk Search 08-10-2019 0 1	0	1
	In a distributed search environment, how to find out from which location it reading the configuration file of distsearch.conf ? Hi All, Please let me know how to find out from which location splunk is reading the configuration file of distsearch... by Hemnaath Motivator in Splunk Search 08-09-2019 0 5	0	5