Splunk Search

Community Activity

Issue with stats count with multiple fields I am using the stats count function to get a count of unique events. as part of the list I am want to show additional... by a238574 Path Finder in Splunk Search 07-26-2019 0 3	0	3
Use saved search (reports) as lookup I have a savedsearch (reports) that i want to use as lookup, it is possible? Should i use it as subsearch? by splunk6161 Path Finder in Splunk Search 07-26-2019 0 4	0	4
How can we show all fields, including rare ones? I'm running - index=<indexname> \| fields or index=<indexname> \| fieldsummary They don't show the fields which ... by danielbb Motivator in Splunk Search 07-26-2019 0 5	0	5
compare a time in a log file to time now Hello splunk communitie, i am trying to make a comparison between the time in a event named Account_Expires against ... by jeroenborger Explorer in Splunk Search 07-26-2019 0 8	0	8
How do I filter Event Log with blacklists in inputs.conf I'm trying to create a blacklist for several Event IDs to exclude any events with multiple user accounts. For example... by alexrivero New Member in Splunk Search 07-26-2019 0 3	0	3
column in search needs to be populated by another search I have a search that tells me if an index hasn't received data from a log on a server. This allows me to monitor the ... by jcgever Explorer in Splunk Search 07-26-2019 0 0	0	0
Help in writing eval I have a string like ABC:BOOT3RDSUNMONTH_MAINT2_sadasdczxc1and I want to put the jobs which have boot in their string... by mayank101 New Member in Splunk Search 07-25-2019 0 1	0	1
Duration between first occurence of one event and occurence of another event I want to get the duration between two different events. In a simplified structure my events have a timestamp and a s... by ikey Engager in Splunk Search 07-25-2019 0 2	0	2
How to drilldown in pie chart based on the selection made Hi , I have a pie chart with different dataservices and its size percentage. I am trying setup drilldown for each of... by sangs8788 Communicator in Splunk Search 07-25-2019 0 8	0	8
Same Column Value Difference C1 C2 A 12 A 120 B 45 B 78 C 98 C 90 D 0 D 86 how to find difference in values of C2 for every same C1 value by reverse Contributor in Splunk Search 07-25-2019 0 8	0	8
Conditional find and replace Hello, I have a question on a conditional find and replace. I have a query that calculates a mean for the different ... by willemjongeneel Communicator in Splunk Search 07-25-2019 0 2	0	2
Want to display count as zero in statistics when there is no events for a IP. index=bc cs_host="collector" NOT 10.xx,xxx.121 c_ip=10.xx.xxx.233 OR c_ip=10.xx.xxx.234 OR c_ip=10.xx.xxx.248 OR c_i... by sathiyasun Explorer in Splunk Search 07-25-2019 1 1	1	1
How do I edit my search to compare a list of IPs from a lookup to IPs in firewall logs? I'm still new to Splunk and trying to figure out the correct syntax for lookups. My goal is to compare a list of kno... by CYBR_AH Explorer in Splunk Search 07-25-2019 0 4	0	4
extract multi valued field HI everyone, the filed containst two values. one in each line. fieldname = value1 value2 How... by rashid47010 Communicator in Splunk Search 07-25-2019 0 1	0	1
How TO EXCLUDE DUPLICATE EVENT FROM SEARCH QUERY WHICH IS PRESENT IN LOOKUP TABLE Hi All, I have drafted a splunk query (splunk versin 6.6.2 ) which gives certain fields and i tabulated those fields... by himanshu_b_shek New Member in Splunk Search 07-25-2019 0 0	0	0
Count values in multivalue field encoded as a string I have the following entry in several of my events: puppy_name = "Scout Windixie Spot" If it's not obvious already... by brinley Path Finder in Splunk Search 07-25-2019 0 3	0	3
Search failing and not returning all results in Statistics My search does not complete even after giving it an over hour. The progress bar is all the way at the end, and it tel... by splunklearner12 Path Finder in Splunk Search 07-25-2019 0 5	0	5
Join 2 search results where common field has multivalues in one search to display in single table Trying to Join 2 search results (where the common field has multivalues in one of the searches) to display in single ... by instabill1108 New Member in Splunk Search 07-24-2019 0 0	0	0
Basic Query using Dates We have indexed fields like the following: fname (a-z) lname (a-z) pdate (name_month day year) policy ( strong... by modulussplunk Loves-to-Learn in Splunk Search 07-24-2019 0 2	0	2
How to replace specific field value? I am trying to replace a specific field. I have a table that is like: Name Street Zip Note Joh... by kdimaria Communicator in Splunk Search 07-24-2019 0 4	0	4
How to fetch the values from log using regular expression? Hi Team, Need your help on below search: I'm spitting something like this in the log: My Test Data\|My Test ID\|My C... by aqaadi Engager in Splunk Search 07-24-2019 0 5	0	5
makemv not working I have the following single-value field (that really should be a multi-value field): puppy_name="Spot Dexter Jake" ... by brinley Path Finder in Splunk Search 07-24-2019 0 1	0	1
How can I parse out both the Named Address and IP Address and format them into an Extracted Field? The log entry I have has: Message=DNS query is completed for the name my.big.server.name.com, type 28, query options... by justdan23 Path Finder in Splunk Search 07-24-2019 0 2	0	2
Unable to get PREAMBLE_REGEX to work Hi, I have a csv file with headers, and a preamble. I already have the fields being discovered, but I'm unable to... by a212830 Champion in Splunk Search 07-24-2019 0 1	0	1
How do I add fields from a lookup table to my search event? I have a lookup table geo-lookup.csv which has data in the format: IP, Coordinates, Location. My search has the fiel... by angshul Path Finder in Splunk Search 07-24-2019 0 2	0	2