Splunk Search

Community Activity

	smallest value in a multi value field splunk Hi, Does anybody know how to pull the smallest or the largest value in a multi value field ? \| makeresults \| eval ... by nawazns5038 Builder in Splunk Search 07-30-2019 0 11	0	11
	Addtotals possible on stats list/count search? I have the following search results and would like to add the count totals up. If I add the following line: \|addtota... by jwalzerpitt Influencer in Splunk Search 07-30-2019 0 9	0	9
	How to use the predict command without the time chart? I would like to predict how long the transaction would take given the dataset grows. Let us assume the job runs daily... by hackerspoint New Member in Splunk Search 07-30-2019 0 1	0	1
	How to create a search for deleted OU? Good day. Could you help me in the following situation? I was informed that an OU had been removed from the active d... by mariorodriguez Engager in Splunk Search 07-30-2019 0 2	0	2
	What are the statistics telling me under the content management page? I can't find anything about them anywhere else, under statistics I see a list of items Avg. Event Count Avg. Result C... by bmicek New Member in Splunk Search 07-30-2019 0 0	0	0
	Help with JOIN in multi search I'm trying to do a JOIN with 2 search but I'm having issues. I tried to do a multi search join but I'm getting a str... by jmpaul012 New Member in Splunk Search 07-30-2019 0 10	0	10
	Splunk App for Windows Infrastructure: Receiving different results from directories Hi, For some reason when running one of the preset Active Directory searches like 'Group Changes' for instance I do ... by romulusc New Member in Splunk Search 07-30-2019 0 2	0	2
	can I give a description to an extracted field? I have a GUID field in my logs, and the guid is unique for a specific location. I wanted to query for all events that... by rileyken Explorer in Splunk Search 07-30-2019 0 3	0	3
	help with appendcols needed Hello, I have quite long SPL search in my alert and one part of it looks as follows: \| eval rcatrigger = "" \| appen... by damucka Builder in Splunk Search 07-30-2019 0 2	0	2
	large delay between dispatch_time and scheduled_time in shc - SHCRepJob failed Hi forum, we are facing large increasing delays between dispatch_time and scheduled_time in scheduler log. We see de... by schose Builder in Splunk Search 07-30-2019 0 1	0	1
	What is the fastest way to turn Splunk search results into analyzable text using Java Eclipse? I am writing a series of programs to make regular calls to the Splunk server and quickly sort the results of a search... by DreadEclipse Explorer in Splunk Search 07-30-2019 0 2	0	2
	Combine multiple events into a new field I'm attempting to find out when Windows event log service has been stopped/logs cleared but only when a shutdown comm... by wgawhh5hbnht Communicator in Splunk Search 07-29-2019 0 2	0	2
	Tokens not being resolved by SearchManager I am creating a SearchManager var detailSearch = new SearchManager({ id: 'detailSearch', earliest_time: '-... by bowesmana SplunkTrust in Splunk Search 07-29-2019 0 1	0	1
	How to find an exclusive value based on another field There are 3 fields important to this search Application InstalledVersion InstalledStatus I am trying to find device... by JoshuaJohn Contributor in Splunk Search 07-29-2019 0 1	0	1
	search a result and then a field value create array and pass 1 by 1 in another search query at same time Hi All, is this doable that a search request give a list of results in that a filed will have order id those are lis... by varunawasthi9 New Member in Splunk Search 07-29-2019 0 4	0	4
	How to trim URL after the last "/" I'm trying to trim the URL's for a particular search, where it removes everything after the last "/". In other words:... by RaymondN80 New Member in Splunk Search 07-29-2019 0 10	0	10
	How to set a custom value if extraction found a match Hello All, I have a log file where I am trying to extract one match, and If I find that match I have to put as "File... by mnarmada Path Finder in Splunk Search 07-29-2019 0 8	0	8
	Searching two different records with one common field Hi, I have two different records: [2019-07-22 10:32:03.819930 -0500] rprt s=2tuw17mc0b cmd=env_rcpt value=ken@gmail.c... by vnguyen46 Contributor in Splunk Search 07-29-2019 0 5	0	5
	What end of anchor parameter to use for the Symantec event? I am trying to figure out what end of the anchor parameter to use for the Symantec event. Here is a snippet of the ... by jwalzerpitt Influencer in Splunk Search 07-29-2019 0 3	0	3
	Creating an alert with field value count within a transaction I am trying to create an alert for the below search that would go off if within the event there are 10 times where Ev... by mcg_connor Path Finder in Splunk Search 07-29-2019 0 2	0	2
	Create custom search command in windows environment I created a custom search command on windows, but the following error message is displayed and I can not execute it. ... by ketaka Explorer in Splunk Search 07-29-2019 0 4	0	4
	Splunk combine timechart result from two queries Have the following queries query 1 - cf_org_name="xxx" cf_space_name="yyy" cf_app_name=zzz index=123* msg= "Transact... by officialsubho New Member in Splunk Search 07-29-2019 0 3	0	3
	Real-time table in dashboard is not real-time, until you sort it Hi there, I have a real-time table in one of my dashboards that doesn't update when you first load the page. If you ... by nick405060 Motivator in Splunk Search 07-29-2019 0 9	0	9
	CRL logs not being properly displayed I'm running CRL expiration checks and using splunk to read the logs to track the last check run and when they are nex... by espengler Engager in Splunk Search 07-29-2019 0 8	0	8
	How to write "\| stats count" to field? How to I must a write result from stats count to field? Example ideas... \| inputlookup lookup \| stats count(eval(fi... by sbimizry Engager in Splunk Search 07-29-2019 0 6	0	6