Splunk Search

Community Activity

Drilldown using chart clicks but also need all values Hi, Something eiher I forgot or not getting right. I have a chart. See attached. When I click on the EVENTYPE value ... by mbasharat Builder in Splunk Search 08-01-2019 0 10	0	10
Two Queries That Return Results Do not Return Results After Join I have written two individual queries that both return the expected results. A. tag=tag name location="location nam... by ryanmcdermott12 Explorer in Splunk Search 08-01-2019 0 4	0	4
How to edit my search to exclude duplicate events using one field and display a chart based on other fields? I have a search that works, but I've recently discovered that my events are recorded in two separate log files, somet... by jdhux New Member in Splunk Search 08-01-2019 0 4	0	4
What does the ES tstats macro mean? The tstats macro is defined, within the SA-Utils app as - tstats prestats=true local=`tstats_local` `summariesonly` ... by danielbb Motivator in Splunk Search 08-01-2019 0 1	0	1
How to pass search name to savedsearch Hello, I have the following search, which works fine and returns the proper result "RCA_MEMORY": \|makeresults \| ev... by damucka Builder in Splunk Search 08-01-2019 0 0	0	0
i want to create the field of error : create the field "DM Call errors #" , then count this number. I tried to use case, but I dont have the field as tit... by Joycetran New Member in Splunk Search 08-01-2019 0 1	0	1
Replace random string in a field Hi team, I've 1 field named - 'URI' coming in micro service log dump. Example Values of URI field is like below - ... by pjtbasu Explorer in Splunk Search 08-01-2019 0 1	0	1
How to create a list of all indexes with source, host, and sourcetype with last seen field? Hello all, I'm currently working on figuring how to create a list of as mentioned in the title with the last seen fie... by mpham07 Path Finder in Splunk Search 08-01-2019 0 2	0	2
mvexpand not working for IP6 field I have the Cisco ISE app loaded and there is a field, Framed_IPv6_Address that may contain up to six IPv6 addresses. ... by jwalzerpitt Influencer in Splunk Search 08-01-2019 0 6	0	6
Column chart Hi all, I am having issues with creating column chart visualization. I have for example table that looks like this... by astatrial Contributor in Splunk Search 08-01-2019 0 6	0	6
operation:"copying source to destination", error:"Access is denied." I was getting numerous errors given below on one of the SHC members, ERROR CsvDataProvider - The lookup table 'XX... by damode Motivator in Splunk Search 08-01-2019 0 1	0	1
View all Splunk instance in a single Splunk? We have 6 splunk deployment server and need to login to every server to see the dashboards in respective servers. Is ... by Vinesh93 Explorer in Splunk Search 08-01-2019 0 1	0	1
How do I get cumulative moving average? Hi guys, I am trying to compute and chart the cumulative moving average (ref. of what is it:https://en.wikipedia.org... by brdennehy Explorer in Splunk Search 08-01-2019 0 4	0	4
Box Plot Viz HI, I tried to install the Box Plot Viz downloaded from here --> https://splunkbase.splunk.com/app/3157/#/details H... by ericchaucl Path Finder in Splunk Search 07-31-2019 0 3	0	3
Matching / Compaire 2 Fields Hello, i would like to find out if both systems deliver the same output. The output of both systems is written to th... by mklhs Path Finder in Splunk Search 07-31-2019 0 1	0	1
help on a complex lookup data matching in order to calculate a new field Hi I use the search below in order to catch a field called "flag_patch_version" from a csv file called "patchlevel.c... by jip31 Motivator in Splunk Search 07-31-2019 0 10	0	10
How to update 'Website URL' and 'Organization name' in Splunk Answers user profile I don't see an option to add/update 'Website URL' and 'Organization name' in Splunk Answers user profile. Any guidanc... by jawaharas Motivator in Splunk Search 07-31-2019 0 2	0	2
Why are we getting error "Timed out waiting for peer XXX", but the search status=success? To monitor if my nightly searches ran properly I'm looking at: index=_internal sourcetype=scheduler earliest=@d \| <f... by secfrit Explorer in Splunk Search 07-31-2019 0 4	0	4
Trying to dur2sec a HH field that is more than 24H I'm trying to dur2sec a hour field that is more than 24H and therefore doesn't work. Anyone have any suggestions on ... by wweiland Contributor in Splunk Search 07-31-2019 0 4	0	4
Azure Firewall Log - Field Extraction Help Has anyone figured out how to extract the useful fields from Azure Firewall Logs? We are logging our Azure Firewall l... by jordanmedved Explorer in Splunk Search 07-31-2019 0 11	0	11
How to extract a list of quoted key value pairs when some values have spaces? Hello, I am attempting to figure out how to extract the following example event for all fields (the real event has ~... by prcough New Member in Splunk Search 07-31-2019 0 1	0	1
lookup table does not exist I am having an issue where anyone that does a splunk search gets the following error: The lookup table 'event_id_to_... by gl0balt3kkie New Member in Splunk Search 07-31-2019 0 6	0	6
Does IN support wildcards? The following doesn't seem to work - NOT hostname IN (".<domain1>.com", ".<domain2>.com") Does IN support wildca... by danielbb Motivator in Splunk Search 07-31-2019 0 2	0	2
How to expand rows without mvexpand command I am basically dealing with huge set of records where i am ending in mvexpand memory limit error. I want to extract d... by vkrishnachand New Member in Splunk Search 07-31-2019 0 6	0	6
How to join value using wildcard? (Urgent) I want to calculate the sum of count value in a tree form of data Count table: http://i60.tinypic.com/2qs1bmf.png I... by kelvin56887 Explorer in Splunk Search 07-31-2019 2 4	2	4