Splunk Search

Community Activity

	How can we convert a time from EST to UTC in Splunk search? A user tells us - -- I need to convert time value from EST to UTC in Splunk search. Is there any function available... by danielbb Motivator in Splunk Search 08-08-2019 0 6	0	6
	How to set field in subsearch? Hi, how to a must write search then set fields from general search to subsearch? Example: index=name host=thishost \|... by sbimizry Engager in Splunk Search 08-08-2019 0 1	0	1
	How to dynamically change the number of rows in a table - This was working using input token in 6.6.1, now is unreliable in 7.2 I have been using inputs to allow users to select the number of rows in a table. This has been working well, with n... by nzsci New Member in Splunk Search 08-08-2019 0 1	0	1
	How to extract field from Windows event log The event I have is from a windows event log and AppLocker See below: LogName=Microsoft-Windows-AppLocker/EXE and D... by davidjohnbecket Path Finder in Splunk Search 08-08-2019 0 4	0	4
	how to fillnull json value pair using spath or some other command <notification-list xmlns="http://www......./restful/schema/response"> <added-instance preexisting="false"> <alarm id=... by surekhasplunk Communicator in Splunk Search 08-08-2019 0 2	0	2
	Any better way to rename Hi this is my data structure, i'm trying to rename clk1 , clk2, clk3 as something like this \| rename clk* as * But ... by Maniteja81 New Member in Splunk Search 08-08-2019 0 5	0	5
	Throttle Alerts for a table of results until end of the current day I am trying to setup an alert which will run every hour and considers the data from the start of current day(earliest... by njohnson7 Path Finder in Splunk Search 08-08-2019 0 2	0	2
	InnerSearch not creating columns with eventstats I want to get the result and divide it into three sections as three-column such as last 15 min result, avg of 7 day a... by naved77 Loves-to-Learn Lots in Splunk Search 08-07-2019 0 2	0	2
	Eval subsearch give error when result not found Hi, my search is the following \| inputlookup genesis.csv \| eval _time=now() \| eval field1=[ \| inputlookup lookup.c... by salt87 Engager in Splunk Search 08-07-2019 0 2	0	2
	Search Optimization saved search using time vs where clause I currently have a search, which takes 5 minutes to complete, I did not write the search query, and would like to see... by wrussell12 Explorer in Splunk Search 08-07-2019 0 4	0	4
	Can you help me with the following issue involving the mvexpand Limit (Total Output Limit)? I like and need mvexpand to work with some of my data. Sometimes, our input events contain information about multi... by kulick Path Finder in Splunk Search 08-07-2019 0 4	0	4
	How to combine multiple searches to get result Ex: index=newIndex host="1.12.123.4*" "Field"="abcd"\| stats count as totalcount \| where totalcount >= 10 ... by celerickalyan11 New Member in Splunk Search 08-07-2019 0 9	0	9
	How to get a distinct count of only unique values of a field So I'm trying to get a distinct count of source mac addresses by device. The srcmac gives me the mac address The de... by summitsplunk Communicator in Splunk Search 08-07-2019 0 1	0	1
	How to replace any multi values found in search result with true and if the value is null replace with No Hi there! I am updating my question: Below is the scenario where I wanted to see what are the servers got patched sin... by vinaykataaig Explorer in Splunk Search 08-07-2019 0 7	0	7
	How to extract a string from an event? Hello, I am very new to Splunk and I would like some help in doing this. I need to extract from this field: Event... by owie6466 Explorer in Splunk Search 08-07-2019 0 3	0	3
	How to extract and print out the Splunk tokens in python I have a python script that attempts to get a token from Splunk search result and then build my REST post to TrueSigh... by nimercu New Member in Splunk Search 08-07-2019 0 0	0	0
	Search for "search concurrent %" and "skipped search ratio %" I want to create the dashboard for Splunk Health, one of the KPI is "search concurrent %" and " skipped search ratio ... by Joycetran New Member in Splunk Search 08-07-2019 0 3	0	3
	Active Directory - Finding if an account is enabled Hello, I am monitoring Active Directory with Splunk and have two questions: 1.) How do I format time in a search? ... by kholleran Communicator in Splunk Search 08-07-2019 0 3	0	3
	How to do you change ownership of a lookup file? We have several lookup files for users who have left, and we would like to transfer the ownership to a new production... by sheamus69 Communicator in Splunk Search 08-07-2019 0 2	0	2
	Table or graph view for range of results I have logs in my application, that looks like: 8/7/19 1:30:35.977 AM [8/7/19 1:30:35:977 MST] 00000232 MyClass ... by Nidd Path Finder in Splunk Search 08-07-2019 0 3	0	3
	last 7 days on an input lookup I have the below query where i want all closed dates counted by the last 7 days but the below is not working \| input... by Sfry1981 Communicator in Splunk Search 08-07-2019 0 3	0	3
	Can I ignore some words form a field? Hi team! I have a problem. I want to ignore some words from a field. This what I have: "Aplicación restringida det... by christianubeda Path Finder in Splunk Search 08-07-2019 0 3	0	3
	Counting based on range I have an application log like: 8/7/19 1:30:35.977 AM [8/7/19 1:30:35:977 MST] 00000232 MyClass I Method Process... by Nidd Path Finder in Splunk Search 08-07-2019 0 4	0	4
	Count different field values by value I have results of a field Severity High Medium Low How do i count the amount of Highs, Mediums and Lows in one field... by lavster Path Finder in Splunk Search 08-07-2019 0 1	0	1
	Send command with SH Hi everyone, I would need a .sh script that allows me to read only the second line of a file and then send it to mac... by broccolino New Member in Splunk Search 08-07-2019 0 0	0	0