Splunk Search

Community Activity

lookup table does not exist I am having an issue where anyone that does a splunk search gets the following error: The lookup table 'event_id_to_... by gl0balt3kkie New Member in Splunk Search 07-31-2019 0 6	0	6
Does IN support wildcards? The following doesn't seem to work - NOT hostname IN (".<domain1>.com", ".<domain2>.com") Does IN support wildca... by danielbb Motivator in Splunk Search 07-31-2019 0 2	0	2
How to expand rows without mvexpand command I am basically dealing with huge set of records where i am ending in mvexpand memory limit error. I want to extract d... by vkrishnachand New Member in Splunk Search 07-31-2019 0 6	0	6
How to join value using wildcard? (Urgent) I want to calculate the sum of count value in a tree form of data Count table: http://i60.tinypic.com/2qs1bmf.png I... by kelvin56887 Explorer in Splunk Search 07-31-2019 2 4	2	4
Lookup table help Hi All, Still learning the ropes here, but am making some dashboards and could use some help with a lookup table. I ... by picaresqu3 Engager in Splunk Search 07-31-2019 0 3	0	3
Error on Real time searches "Dispatch Command: Unknown error for indexer: xxxxx" I have 34 realtime searches on a dashboard, whenever i open that dashboard on another user i get the error : "Dispat... by ygdrassilp Explorer in Splunk Search 07-31-2019 0 2	0	2
Bypassing lookup 1000 limit Hi all, I am trying to make a correlation between an inventory of assets and vulnerability indexed data. I am curren... by cpm003 Path Finder in Splunk Search 07-31-2019 0 2	0	2
How do I get a TRUE average event count per hour grouped by a single field? I'd like to assess how many events I'm getting per hour for each value of the signature field. However, stats calcula... by RDurica Engager in Splunk Search 07-31-2019 0 2	0	2
Can you help me with a dashboard based on reports that are filtering by time? Hello, I created a simple dashboard with some panels taking data from the index. It was taking a long time to load,... by patrycja Explorer in Splunk Search 07-31-2019 0 5	0	5
dashboard panel option open in search fails open in search fails due to long search size, is there a way to allow open in search option to carry-forward longer q... by VI371887 Path Finder in Splunk Search 07-31-2019 0 2	0	2
Conditional append Hello, I don't know if it possible, but I want to make a conditional append in my search query. I'm using saved sea... by patrycja Explorer in Splunk Search 07-31-2019 1 5	1	5
How to populate column in results using two indexes? Hello all - Trying to figure out how to return the table below when using two index/sourcetypes. I'd like to do so... by splunker1981 Path Finder in Splunk Search 07-31-2019 0 3	0	3
Regex help for Bind DNS logs At some point in the past month, the existing extract in transforms.conf quit working and the DNS logs (ingesting fro... by jwalzerpitt Influencer in Splunk Search 07-31-2019 0 6	0	6
Join two indexes with two different time ranges I am trying to join two indexes through a common field but has a different name in the indexes and want to run in dif... by vrmandadi Builder in Splunk Search 07-31-2019 0 6	0	6
Why isnt the dedup command not working in some fields? Im having an issue where my contact field and l2 field is showing duplicates of the same name and when i use the dedu... by payton_tayvion Path Finder in Splunk Search 07-31-2019 0 1	0	1
Extract two field into two variable from a single line of log I want to extract the PID number from the log and store in variable failedPID. i have many of this kind of message w... by anilkashyap New Member in Splunk Search 07-31-2019 0 3	0	3
using eval to calculate time between events not working I am trying to use eval to calculate the time between events. Those events have a unique ID. This is the sarch that I... by Mike6960 Path Finder in Splunk Search 07-31-2019 0 6	0	6
Can't use wildcard 'Exception' cause search job falling but 'Exception' without it doesn't get any result for java.lang.ArrayIndexOutOfBoundsException instead I have a complicated request that starts like host=hb* Exception OR Exception: NOT whitehat NOT org.springframework... by yuraminsk Engager in Splunk Search 07-31-2019 0 2	0	2
Dedup performance 1 field vs multiple fields vs concatenated field Which one would be faster or better in general: \| dedup fieldA fieldB --> I would assume that Splunk does a concaten... by wfskmoney Path Finder in Splunk Search 07-31-2019 0 1	0	1
how can i extract the below fields from my raw data through transforms and props.conf I want to extract the below fields from my raw data and place it into a field . How can i do it with transforms and p... by Sujithkumarkb Observer in Splunk Search 07-31-2019 0 5	0	5
Error in drilldown that returns blank page or no search We have an existing Drill down that currently works. We are adding 2 new lines to the drilldown that filter out compu... by dpelletier Observer in Splunk Search 07-30-2019 0 1	0	1
Field shows up under interesting fields but when you click any of the values, there are no results We have data indexed in Splunk that has a field called pod. In the screenshots, you can see that pod has a list of va... by jordanking1992 Path Finder in Splunk Search 07-30-2019 0 3	0	3
How to edit my search to prevent duplicate values when using replace command Hello fellow Splunkers Not sure the best way to approach the following problem. I use replace to update values wit... by splunker1981 Path Finder in Splunk Search 07-30-2019 0 2	0	2
How to append a search and filter by values based off a parent search I have a search for a dashboard and I'd like to filter it based on an IN search with results from parent search. Is ... by splkcurtis New Member in Splunk Search 07-30-2019 0 1	0	1
Does the transaction command create an event id? I'm using the transaction command to correlate some searches, no I don't want to use stats, and its all split how I w... by esalmon_splunk Splunk Employee in Splunk Search 07-30-2019 0 3	0	3