Splunk Search

Community Activity

	How to count the number of different values (multivalue) in a field? I have a multivalue field with at least 3 different combinations of values. See Example.CSV below (the 2 "apple orang... by russell120 Communicator in Splunk Search 07-30-2019 0 6	0	6
	Pareto Chart I would like to make a Pareto chart that shows the sum of how many scrapped pieces were produced by their given reaso... by kelseycasco New Member in Splunk Search 07-30-2019 0 1	0	1
	Fillnull command is not working in my search for specific sourcetype Hi, I been using fill null commands on my other searched without any issue, but in a specific case i am unable to g... by Gowtham0809 New Member in Splunk Search 07-30-2019 0 4	0	4
	How to eval time from timepicker and use it in search? I need to eval time in hours between now and earliest time from timepicker to use it in search. e.g. if timepicker se... by kimberlytrayson Path Finder in Splunk Search 07-30-2019 0 7	0	7
	smallest value in a multi value field splunk Hi, Does anybody know how to pull the smallest or the largest value in a multi value field ? \| makeresults \| eval ... by nawazns5038 Builder in Splunk Search 07-30-2019 0 11	0	11
	Addtotals possible on stats list/count search? I have the following search results and would like to add the count totals up. If I add the following line: \|addtota... by jwalzerpitt Influencer in Splunk Search 07-30-2019 0 9	0	9
	How to use the predict command without the time chart? I would like to predict how long the transaction would take given the dataset grows. Let us assume the job runs daily... by hackerspoint New Member in Splunk Search 07-30-2019 0 1	0	1
	How to create a search for deleted OU? Good day. Could you help me in the following situation? I was informed that an OU had been removed from the active d... by mariorodriguez Engager in Splunk Search 07-30-2019 0 2	0	2
	What are the statistics telling me under the content management page? I can't find anything about them anywhere else, under statistics I see a list of items Avg. Event Count Avg. Result C... by bmicek New Member in Splunk Search 07-30-2019 0 0	0	0
	Help with JOIN in multi search I'm trying to do a JOIN with 2 search but I'm having issues. I tried to do a multi search join but I'm getting a str... by jmpaul012 New Member in Splunk Search 07-30-2019 0 10	0	10
	Splunk App for Windows Infrastructure: Receiving different results from directories Hi, For some reason when running one of the preset Active Directory searches like 'Group Changes' for instance I do ... by romulusc New Member in Splunk Search 07-30-2019 0 2	0	2
	can I give a description to an extracted field? I have a GUID field in my logs, and the guid is unique for a specific location. I wanted to query for all events that... by rileyken Explorer in Splunk Search 07-30-2019 0 3	0	3
	help with appendcols needed Hello, I have quite long SPL search in my alert and one part of it looks as follows: \| eval rcatrigger = "" \| appen... by damucka Builder in Splunk Search 07-30-2019 0 2	0	2
	large delay between dispatch_time and scheduled_time in shc - SHCRepJob failed Hi forum, we are facing large increasing delays between dispatch_time and scheduled_time in scheduler log. We see de... by schose Builder in Splunk Search 07-30-2019 0 1	0	1
	What is the fastest way to turn Splunk search results into analyzable text using Java Eclipse? I am writing a series of programs to make regular calls to the Splunk server and quickly sort the results of a search... by DreadEclipse Explorer in Splunk Search 07-30-2019 0 2	0	2
	Combine multiple events into a new field I'm attempting to find out when Windows event log service has been stopped/logs cleared but only when a shutdown comm... by wgawhh5hbnht Communicator in Splunk Search 07-29-2019 0 2	0	2
	Tokens not being resolved by SearchManager I am creating a SearchManager var detailSearch = new SearchManager({ id: 'detailSearch', earliest_time: '-... by bowesmana SplunkTrust in Splunk Search 07-29-2019 0 1	0	1
	How to find an exclusive value based on another field There are 3 fields important to this search Application InstalledVersion InstalledStatus I am trying to find device... by JoshuaJohn Contributor in Splunk Search 07-29-2019 0 1	0	1
	search a result and then a field value create array and pass 1 by 1 in another search query at same time Hi All, is this doable that a search request give a list of results in that a filed will have order id those are lis... by varunawasthi9 New Member in Splunk Search 07-29-2019 0 4	0	4
	How to trim URL after the last "/" I'm trying to trim the URL's for a particular search, where it removes everything after the last "/". In other words:... by RaymondN80 New Member in Splunk Search 07-29-2019 0 10	0	10
	How to set a custom value if extraction found a match Hello All, I have a log file where I am trying to extract one match, and If I find that match I have to put as "File... by mnarmada Path Finder in Splunk Search 07-29-2019 0 8	0	8
	Searching two different records with one common field Hi, I have two different records: [2019-07-22 10:32:03.819930 -0500] rprt s=2tuw17mc0b cmd=env_rcpt value=ken@gmail.c... by vnguyen46 Contributor in Splunk Search 07-29-2019 0 5	0	5
	What end of anchor parameter to use for the Symantec event? I am trying to figure out what end of the anchor parameter to use for the Symantec event. Here is a snippet of the ... by jwalzerpitt Influencer in Splunk Search 07-29-2019 0 3	0	3
	Creating an alert with field value count within a transaction I am trying to create an alert for the below search that would go off if within the event there are 10 times where Ev... by mcg_connor Path Finder in Splunk Search 07-29-2019 0 2	0	2
	Create custom search command in windows environment I created a custom search command on windows, but the following error message is displayed and I can not execute it. ... by ketaka Explorer in Splunk Search 07-29-2019 0 4	0	4