Splunk Search

Community Activity

help with appendcols needed Hello, I have quite long SPL search in my alert and one part of it looks as follows: \| eval rcatrigger = "" \| appen... by damucka Builder in Splunk Search 07-30-2019 0 2	0	2
large delay between dispatch_time and scheduled_time in shc - SHCRepJob failed Hi forum, we are facing large increasing delays between dispatch_time and scheduled_time in scheduler log. We see de... by schose Builder in Splunk Search 07-30-2019 0 1	0	1
What is the fastest way to turn Splunk search results into analyzable text using Java Eclipse? I am writing a series of programs to make regular calls to the Splunk server and quickly sort the results of a search... by DreadEclipse Explorer in Splunk Search 07-30-2019 0 2	0	2
Combine multiple events into a new field I'm attempting to find out when Windows event log service has been stopped/logs cleared but only when a shutdown comm... by wgawhh5hbnht Communicator in Splunk Search 07-29-2019 0 2	0	2
Tokens not being resolved by SearchManager I am creating a SearchManager var detailSearch = new SearchManager({ id: 'detailSearch', earliest_time: '-... by bowesmana SplunkTrust in Splunk Search 07-29-2019 0 1	0	1
How to find an exclusive value based on another field There are 3 fields important to this search Application InstalledVersion InstalledStatus I am trying to find device... by JoshuaJohn Contributor in Splunk Search 07-29-2019 0 1	0	1
search a result and then a field value create array and pass 1 by 1 in another search query at same time Hi All, is this doable that a search request give a list of results in that a filed will have order id those are lis... by varunawasthi9 New Member in Splunk Search 07-29-2019 0 4	0	4
How to trim URL after the last "/" I'm trying to trim the URL's for a particular search, where it removes everything after the last "/". In other words:... by RaymondN80 New Member in Splunk Search 07-29-2019 0 10	0	10
How to set a custom value if extraction found a match Hello All, I have a log file where I am trying to extract one match, and If I find that match I have to put as "File... by mnarmada Path Finder in Splunk Search 07-29-2019 0 8	0	8
Searching two different records with one common field Hi, I have two different records: [2019-07-22 10:32:03.819930 -0500] rprt s=2tuw17mc0b cmd=env_rcpt value=ken@gmail.c... by vnguyen46 Contributor in Splunk Search 07-29-2019 0 5	0	5
What end of anchor parameter to use for the Symantec event? I am trying to figure out what end of the anchor parameter to use for the Symantec event. Here is a snippet of the ... by jwalzerpitt Influencer in Splunk Search 07-29-2019 0 3	0	3
Creating an alert with field value count within a transaction I am trying to create an alert for the below search that would go off if within the event there are 10 times where Ev... by mcg_connor Path Finder in Splunk Search 07-29-2019 0 2	0	2
Create custom search command in windows environment I created a custom search command on windows, but the following error message is displayed and I can not execute it. ... by ketaka Explorer in Splunk Search 07-29-2019 0 4	0	4
Splunk combine timechart result from two queries Have the following queries query 1 - cf_org_name="xxx" cf_space_name="yyy" cf_app_name=zzz index=123* msg= "Transact... by officialsubho New Member in Splunk Search 07-29-2019 0 3	0	3
Real-time table in dashboard is not real-time, until you sort it Hi there, I have a real-time table in one of my dashboards that doesn't update when you first load the page. If you ... by nick405060 Motivator in Splunk Search 07-29-2019 0 9	0	9
CRL logs not being properly displayed I'm running CRL expiration checks and using splunk to read the logs to track the last check run and when they are nex... by espengler Engager in Splunk Search 07-29-2019 0 8	0	8
How to write "\| stats count" to field? How to I must a write result from stats count to field? Example ideas... \| inputlookup lookup \| stats count(eval(fi... by sbimizry Engager in Splunk Search 07-29-2019 0 6	0	6
How to get total and sub search total per unique field value? I'm trying to chart the exception rate of various apps that we run, and would ideally be generating a table that look... by watersd Engager in Splunk Search 07-29-2019 0 5	0	5
How to avoid changing timezone to get proper results? Hi all, Generating some calls logs from different timezones America , ASIA, UK and so on. So I am running a search w... by splunkuseradmin Path Finder in Splunk Search 07-29-2019 0 3	0	3
How to use tokens in same search query? Hello, I'm trying to pass values of field to other field. Is there a best way to do it? Query: index=alerts stat... by knalla Path Finder in Splunk Search 07-29-2019 0 1	0	1
Getting Search Results using Java REST API Am i right to say that the results derived from the Splunk search is returned as XML by default? I was using the Java... by misteryuku Communicator in Splunk Search 07-29-2019 0 2	0	2
How to run a search and retrieve elements from a Splunk API in java Hi. I am trying to run a search from a Splunk API in java, store the results with fields host, sourcetype, source in ... by kalyani1184 New Member in Splunk Search 07-29-2019 0 18	0	18
How to clear SearchManager results once processed with on('data') I have a modal dialog that pops up and shows a table of results. When I click OK on that, I do some processing on the... by bowesmana SplunkTrust in Splunk Search 07-29-2019 0 0	0	0
Field search needs unnecessary wildcard character * I am doing search on data coming from fluentd k8s. On top of that data , I wanted to filter on basis of field. A... by bibekmantree New Member in Splunk Search 07-29-2019 0 5	0	5
Join a search by field across indexes I have two different indexes, with the common field being username. One index that contains phishing history data. ... by aarichow Explorer in Splunk Search 07-28-2019 3 5	3	5