Splunk Search

Community Activity

Eval Statement for today plus 7 days? All, Quick one I am stuck on. I want an EVAL statement that takes _indexedtime and adds 7 days to it and creates a ... by daniel333 Builder in Splunk Search 08-08-2019 0 1	0	1
Query to get results from multiple indexes? I've 2 indexes "abc" and "def". There is a field "account_number" in index "abc" and a field "Emp_nummber" in index "... by amaurya1 Explorer in Splunk Search 08-08-2019 0 1	0	1
error: 'lookup-table-files': File is binary and not gzipped Hi, I am trying to add a new lookup table using the GUI and get the above error. I looked at the file with a hex edit... by yonahol Explorer in Splunk Search 08-08-2019 1 17	1	17
SPL query to replace ALL values in a field with "Hello World" I'm trying to write a simple query to replace all of the values in a field (let's call this field my_field) with a si... by brinley Path Finder in Splunk Search 08-08-2019 0 8	0	8
Help with count of specific string value of all the row and all the fields in table Hi Team, I With reference to the screenshot, the part of the table which is highlighted in yellow is what I have an... by ashish9433 Communicator in Splunk Search 08-08-2019 0 6	0	6
statement optimization because the link is the same for more condition. I like to use or operator how can i optimize this statement : <condition field="title"> <link> <![CDATA[/app/webs... by w044f New Member in Splunk Search 08-08-2019 0 1	0	1
Calculate total and average and display the results in single column Having the following search result, I need to calculate total for few rows and average for few rows and both results ... by Rajik31 New Member in Splunk Search 08-08-2019 0 2	0	2
Extracting words in a string with regular expressions Hi, I'm struggling to get a regular expression for characters in a string. https://status.aws.amazon.com/rss/#elb-u... by pipipipi Path Finder in Splunk Search 08-08-2019 0 8	0	8
How can we convert a time from EST to UTC in Splunk search? A user tells us - -- I need to convert time value from EST to UTC in Splunk search. Is there any function available... by danielbb Motivator in Splunk Search 08-08-2019 0 6	0	6
How to set field in subsearch? Hi, how to a must write search then set fields from general search to subsearch? Example: index=name host=thishost \|... by sbimizry Engager in Splunk Search 08-08-2019 0 1	0	1
How to dynamically change the number of rows in a table - This was working using input token in 6.6.1, now is unreliable in 7.2 I have been using inputs to allow users to select the number of rows in a table. This has been working well, with n... by nzsci New Member in Splunk Search 08-08-2019 0 1	0	1
How to extract field from Windows event log The event I have is from a windows event log and AppLocker See below: LogName=Microsoft-Windows-AppLocker/EXE and D... by davidjohnbecket Path Finder in Splunk Search 08-08-2019 0 4	0	4
how to fillnull json value pair using spath or some other command <notification-list xmlns="http://www......./restful/schema/response"> <added-instance preexisting="false"> <alarm id=... by surekhasplunk Communicator in Splunk Search 08-08-2019 0 2	0	2
Any better way to rename Hi this is my data structure, i'm trying to rename clk1 , clk2, clk3 as something like this \| rename clk* as * But ... by Maniteja81 New Member in Splunk Search 08-08-2019 0 5	0	5
Throttle Alerts for a table of results until end of the current day I am trying to setup an alert which will run every hour and considers the data from the start of current day(earliest... by njohnson7 Path Finder in Splunk Search 08-08-2019 0 2	0	2
InnerSearch not creating columns with eventstats I want to get the result and divide it into three sections as three-column such as last 15 min result, avg of 7 day a... by naved77 Loves-to-Learn Lots in Splunk Search 08-07-2019 0 2	0	2
Eval subsearch give error when result not found Hi, my search is the following \| inputlookup genesis.csv \| eval _time=now() \| eval field1=[ \| inputlookup lookup.c... by salt87 Engager in Splunk Search 08-07-2019 0 2	0	2
Search Optimization saved search using time vs where clause I currently have a search, which takes 5 minutes to complete, I did not write the search query, and would like to see... by wrussell12 Explorer in Splunk Search 08-07-2019 0 4	0	4
Can you help me with the following issue involving the mvexpand Limit (Total Output Limit)? I like and need mvexpand to work with some of my data. Sometimes, our input events contain information about multi... by kulick Path Finder in Splunk Search 08-07-2019 0 4	0	4
How to combine multiple searches to get result Ex: index=newIndex host="1.12.123.4*" "Field"="abcd"\| stats count as totalcount \| where totalcount >= 10 ... by celerickalyan11 New Member in Splunk Search 08-07-2019 0 9	0	9
How to get a distinct count of only unique values of a field So I'm trying to get a distinct count of source mac addresses by device. The srcmac gives me the mac address The de... by summitsplunk Communicator in Splunk Search 08-07-2019 0 1	0	1
How to replace any multi values found in search result with true and if the value is null replace with No Hi there! I am updating my question: Below is the scenario where I wanted to see what are the servers got patched sin... by vinaykataaig Explorer in Splunk Search 08-07-2019 0 7	0	7
How to extract a string from an event? Hello, I am very new to Splunk and I would like some help in doing this. I need to extract from this field: Event... by owie6466 Explorer in Splunk Search 08-07-2019 0 3	0	3
How to extract and print out the Splunk tokens in python I have a python script that attempts to get a token from Splunk search result and then build my REST post to TrueSigh... by nimercu New Member in Splunk Search 08-07-2019 0 0	0	0
Search for "search concurrent %" and "skipped search ratio %" I want to create the dashboard for Splunk Health, one of the KPI is "search concurrent %" and " skipped search ratio ... by Joycetran New Member in Splunk Search 08-07-2019 0 3	0	3