Splunk Search

Community Activity

Optimize Nested Search This search is slow (our dns logs are large). index=winlogs sourcetype=dns \| eval dottedquestion=replace(replace(que... by antb Path Finder in Splunk Search 08-08-2019 0 4	0	4
How to group a list per Index/object? Hi, I would like to ask for help in grouping a list per Index/object. I have tried using tables but the values are ... by yomixxxmx New Member in Splunk Search 08-08-2019 0 6	0	6
Get the roles from rest API and set to field in search I need to get the roles assigned to current logged in user and set the value to filed in search. Anybody has any ide... by bhupalbobbadi Path Finder in Splunk Search 08-08-2019 0 4	0	4
Compare Current Field Value to 24 Hour Average So I am currently trying to compare the average value of a field is using 7 days of events to what the value is curre... by mcg_connor Path Finder in Splunk Search 08-08-2019 0 2	0	2
How to create a regex that extracts date and time from the description field? I have 1000 of text entities under the description field, and I want to write a regex for it and put to a different e... by mayank101 New Member in Splunk Search 08-08-2019 0 7	0	7
see results of a rex command i have this rex code to extract the string from an event field: \| rex "(?\d{1,2})\s+hours?\s+ago" \| eval process=c... by owie6466 Explorer in Splunk Search 08-08-2019 0 4	0	4
Eval Statement for today plus 7 days? All, Quick one I am stuck on. I want an EVAL statement that takes _indexedtime and adds 7 days to it and creates a ... by daniel333 Builder in Splunk Search 08-08-2019 0 1	0	1
Query to get results from multiple indexes? I've 2 indexes "abc" and "def". There is a field "account_number" in index "abc" and a field "Emp_nummber" in index "... by amaurya1 Explorer in Splunk Search 08-08-2019 0 1	0	1
error: 'lookup-table-files': File is binary and not gzipped Hi, I am trying to add a new lookup table using the GUI and get the above error. I looked at the file with a hex edit... by yonahol Explorer in Splunk Search 08-08-2019 1 17	1	17
SPL query to replace ALL values in a field with "Hello World" I'm trying to write a simple query to replace all of the values in a field (let's call this field my_field) with a si... by brinley Path Finder in Splunk Search 08-08-2019 0 8	0	8
Help with count of specific string value of all the row and all the fields in table Hi Team, I With reference to the screenshot, the part of the table which is highlighted in yellow is what I have an... by ashish9433 Communicator in Splunk Search 08-08-2019 0 6	0	6
statement optimization because the link is the same for more condition. I like to use or operator how can i optimize this statement : <condition field="title"> <link> <![CDATA[/app/webs... by w044f New Member in Splunk Search 08-08-2019 0 1	0	1
Calculate total and average and display the results in single column Having the following search result, I need to calculate total for few rows and average for few rows and both results ... by Rajik31 New Member in Splunk Search 08-08-2019 0 2	0	2
Extracting words in a string with regular expressions Hi, I'm struggling to get a regular expression for characters in a string. https://status.aws.amazon.com/rss/#elb-u... by pipipipi Path Finder in Splunk Search 08-08-2019 0 8	0	8
How can we convert a time from EST to UTC in Splunk search? A user tells us - -- I need to convert time value from EST to UTC in Splunk search. Is there any function available... by danielbb Motivator in Splunk Search 08-08-2019 0 6	0	6
How to set field in subsearch? Hi, how to a must write search then set fields from general search to subsearch? Example: index=name host=thishost \|... by sbimizry Engager in Splunk Search 08-08-2019 0 1	0	1
How to dynamically change the number of rows in a table - This was working using input token in 6.6.1, now is unreliable in 7.2 I have been using inputs to allow users to select the number of rows in a table. This has been working well, with n... by nzsci New Member in Splunk Search 08-08-2019 0 1	0	1
How to extract field from Windows event log The event I have is from a windows event log and AppLocker See below: LogName=Microsoft-Windows-AppLocker/EXE and D... by davidjohnbecket Path Finder in Splunk Search 08-08-2019 0 4	0	4
how to fillnull json value pair using spath or some other command <notification-list xmlns="http://www......./restful/schema/response"> <added-instance preexisting="false"> <alarm id=... by surekhasplunk Communicator in Splunk Search 08-08-2019 0 2	0	2
Any better way to rename Hi this is my data structure, i'm trying to rename clk1 , clk2, clk3 as something like this \| rename clk* as * But ... by Maniteja81 New Member in Splunk Search 08-08-2019 0 5	0	5
Throttle Alerts for a table of results until end of the current day I am trying to setup an alert which will run every hour and considers the data from the start of current day(earliest... by njohnson7 Path Finder in Splunk Search 08-08-2019 0 2	0	2
InnerSearch not creating columns with eventstats I want to get the result and divide it into three sections as three-column such as last 15 min result, avg of 7 day a... by naved77 Loves-to-Learn Lots in Splunk Search 08-07-2019 0 2	0	2
Eval subsearch give error when result not found Hi, my search is the following \| inputlookup genesis.csv \| eval _time=now() \| eval field1=[ \| inputlookup lookup.c... by salt87 Engager in Splunk Search 08-07-2019 0 2	0	2
Search Optimization saved search using time vs where clause I currently have a search, which takes 5 minutes to complete, I did not write the search query, and would like to see... by wrussell12 Explorer in Splunk Search 08-07-2019 0 4	0	4
Can you help me with the following issue involving the mvexpand Limit (Total Output Limit)? I like and need mvexpand to work with some of my data. Sometimes, our input events contain information about multi... by kulick Path Finder in Splunk Search 08-07-2019 0 4	0	4