Splunk Search

Community Activity

Bypassing lookup 1000 limit Hi all, I am trying to make a correlation between an inventory of assets and vulnerability indexed data. I am curren... by cpm003 Path Finder in Splunk Search 07-31-2019 0 2	0	2
How do I get a TRUE average event count per hour grouped by a single field? I'd like to assess how many events I'm getting per hour for each value of the signature field. However, stats calcula... by RDurica Engager in Splunk Search 07-31-2019 0 2	0	2
Can you help me with a dashboard based on reports that are filtering by time? Hello, I created a simple dashboard with some panels taking data from the index. It was taking a long time to load,... by patrycja Explorer in Splunk Search 07-31-2019 0 5	0	5
dashboard panel option open in search fails open in search fails due to long search size, is there a way to allow open in search option to carry-forward longer q... by VI371887 Path Finder in Splunk Search 07-31-2019 0 2	0	2
Conditional append Hello, I don't know if it possible, but I want to make a conditional append in my search query. I'm using saved sea... by patrycja Explorer in Splunk Search 07-31-2019 1 5	1	5
How to populate column in results using two indexes? Hello all - Trying to figure out how to return the table below when using two index/sourcetypes. I'd like to do so... by splunker1981 Path Finder in Splunk Search 07-31-2019 0 3	0	3
Regex help for Bind DNS logs At some point in the past month, the existing extract in transforms.conf quit working and the DNS logs (ingesting fro... by jwalzerpitt Influencer in Splunk Search 07-31-2019 0 6	0	6
Join two indexes with two different time ranges I am trying to join two indexes through a common field but has a different name in the indexes and want to run in dif... by vrmandadi Builder in Splunk Search 07-31-2019 0 6	0	6
Why isnt the dedup command not working in some fields? Im having an issue where my contact field and l2 field is showing duplicates of the same name and when i use the dedu... by payton_tayvion Path Finder in Splunk Search 07-31-2019 0 1	0	1
Extract two field into two variable from a single line of log I want to extract the PID number from the log and store in variable failedPID. i have many of this kind of message w... by anilkashyap New Member in Splunk Search 07-31-2019 0 3	0	3
using eval to calculate time between events not working I am trying to use eval to calculate the time between events. Those events have a unique ID. This is the sarch that I... by Mike6960 Path Finder in Splunk Search 07-31-2019 0 6	0	6
Can't use wildcard 'Exception' cause search job falling but 'Exception' without it doesn't get any result for java.lang.ArrayIndexOutOfBoundsException instead I have a complicated request that starts like host=hb* Exception OR Exception: NOT whitehat NOT org.springframework... by yuraminsk Engager in Splunk Search 07-31-2019 0 2	0	2
Dedup performance 1 field vs multiple fields vs concatenated field Which one would be faster or better in general: \| dedup fieldA fieldB --> I would assume that Splunk does a concaten... by wfskmoney Path Finder in Splunk Search 07-31-2019 0 1	0	1
how can i extract the below fields from my raw data through transforms and props.conf I want to extract the below fields from my raw data and place it into a field . How can i do it with transforms and p... by Sujithkumarkb Observer in Splunk Search 07-31-2019 0 5	0	5
Error in drilldown that returns blank page or no search We have an existing Drill down that currently works. We are adding 2 new lines to the drilldown that filter out compu... by dpelletier Observer in Splunk Search 07-30-2019 0 1	0	1
Field shows up under interesting fields but when you click any of the values, there are no results We have data indexed in Splunk that has a field called pod. In the screenshots, you can see that pod has a list of va... by jordanking1992 Path Finder in Splunk Search 07-30-2019 0 3	0	3
How to edit my search to prevent duplicate values when using replace command Hello fellow Splunkers Not sure the best way to approach the following problem. I use replace to update values wit... by splunker1981 Path Finder in Splunk Search 07-30-2019 0 2	0	2
How to append a search and filter by values based off a parent search I have a search for a dashboard and I'd like to filter it based on an IN search with results from parent search. Is ... by splkcurtis New Member in Splunk Search 07-30-2019 0 1	0	1
Does the transaction command create an event id? I'm using the transaction command to correlate some searches, no I don't want to use stats, and its all split how I w... by esalmon_splunk Splunk Employee in Splunk Search 07-30-2019 0 3	0	3
Extract data from URL string I am trying to extract the file types, file names, and URLs from proxy logs for monitoring purposes. Here is what I'... by Vfinney Observer in Splunk Search 07-30-2019 0 1	0	1
How to count the number of different values (multivalue) in a field? I have a multivalue field with at least 3 different combinations of values. See Example.CSV below (the 2 "apple orang... by russell120 Communicator in Splunk Search 07-30-2019 0 6	0	6
Pareto Chart I would like to make a Pareto chart that shows the sum of how many scrapped pieces were produced by their given reaso... by kelseycasco New Member in Splunk Search 07-30-2019 0 1	0	1
Fillnull command is not working in my search for specific sourcetype Hi, I been using fill null commands on my other searched without any issue, but in a specific case i am unable to g... by Gowtham0809 New Member in Splunk Search 07-30-2019 0 4	0	4
How to eval time from timepicker and use it in search? I need to eval time in hours between now and earliest time from timepicker to use it in search. e.g. if timepicker se... by kimberlytrayson Path Finder in Splunk Search 07-30-2019 0 7	0	7
smallest value in a multi value field splunk Hi, Does anybody know how to pull the smallest or the largest value in a multi value field ? \| makeresults \| eval ... by nawazns5038 Builder in Splunk Search 07-30-2019 0 11	0	11