Splunk Search

Community Activity

How to merge the two events by creating new field?? Hello everyone, I have created some fields A, B, C but now I want to combine the fields, Ex: I have created fields li... by marisstella Explorer in Splunk Search 07-14-2019 0 1	0	1
Props.conf extract not working Hi folks, Recently onboarded a new sourcetype configured with search time extractions. Regex works when tested on sa... by milesmedboe Explorer in Splunk Search 07-14-2019 0 15	0	15
SPL-Search based on mutiple values Hello, i'm searching for a certain condition and wrote the query below .It works but not quite what I'm looking for... by srs20 New Member in Splunk Search 07-14-2019 0 7	0	7
How to compare fields of two different events and if they match how to show the event count ? Eg : Event 1 : Field1, Field a, Field b Event 2 : Field2, Fields n, Field y How to compare Field1 of event 1 ... by jhonsonkelly56 New Member in Splunk Search 07-14-2019 0 5	0	5
Unable to see correct result after running splunk query issue : Unable to see correct result after running query. I have lookup file .CSV which consists some field (AD group... by su_kumar New Member in Splunk Search 07-14-2019 0 1	0	1
Predict error in time chart I'm working on a query that predicts GB growth, I keep getting "command="predict", Unknown field after eval". Here i... by codedtech Path Finder in Splunk Search 07-14-2019 0 1	0	1
Populating dashboard panel with data from drilldown or multiselect token In my dashboard, I have the user select a server and then a line chart displays of application crashes on the selecte... by TylerJVitale Explorer in Splunk Search 07-14-2019 0 2	0	2
Value that may or may not be there in field extraction I am attempting to setup an exctraction for the following; 2 hrs 2 mins 36 secs 312 ms; extracting it as the time val... by aohls Contributor in Splunk Search 07-14-2019 0 5	0	5
Extract key-value pairs I'm trying to extract the key-value pairs from an Untangle firewall log ( syslog ), but the Regex example I found on ... by scottkoontz57 New Member in Splunk Search 07-13-2019 0 8	0	8
Timespan single value by day excluding yesterday, but maintaining the entire 24 hour count of yesterday and the previous days All I want to do is display a single value of yesterdays entire 24 hour count compared to that of the previous day/ye... by clozach Path Finder in Splunk Search 07-13-2019 0 3	0	3
display count of hostnames in first day of week have last_seen>30 days for 08.07.19 count number of hostnames that have last_seen > 30 days for 01.07.19 count number of hostnames that have... by cipi23 New Member in Splunk Search 07-13-2019 0 1	0	1
How to create a rate on a timechart with two measures? Works just fine \| timechart count by orderLineState \| eval cancelRate=round((cancelled/(cancelled+released))*100,2... by taynord Engager in Splunk Search 07-13-2019 0 2	0	2
How to indicate different period of search date after eval command ? I have different case: \| eval this_week = case(last_seen < strftime(relative_time(now(), "-mon"), "%Y-%m-%dT%H:%M:%S... by malear_ion New Member in Splunk Search 07-13-2019 0 1	0	1
How can I tally a value that represents usage in 3 letters and get the number of events that have each? I have a field lets call it usage that can up to 3 of these letters (b, n, e) i.e. all possible logged permutations w... by tirams New Member in Splunk Search 07-13-2019 0 5	0	5
How to extract the single field with the multiple values? Hiiii How to extract the single field with multiple values? Like status is active, failed, cancelled, deactivated, fo... by marisstella Explorer in Splunk Search 07-13-2019 0 6	0	6
Rex for cef event and create field alias accordingly sample CEF: May 20 20:44:51 10.XX.XX.XX May 20 2019 20:44:51 avcm02.com CEF:0\|AV\|Control Manager\|7.0\|BM:1000\|Behavi... by ritikaviavi Observer in Splunk Search 07-13-2019 0 2	0	2
converting an triming field values I need to to convert this field in to a number and remove the $ capacity_gb = $8,191.75, I've tried eval to num and c... by codedtech Path Finder in Splunk Search 07-13-2019 0 4	0	4
How to use tstats to show unique list of hosts for a specified index? Hi, I'm using this search: \| tstats count by host where index="wineventlog" to attempt to show a unique list of hosts... by russell120 Communicator in Splunk Search 07-12-2019 0 3	0	3
Stuck on Merge splunk.com accounts page I must have two accounts associated with my e-mail address. I am stuck on the page stating that I should merge them. ... by jchrysler Engager in Splunk Search 07-12-2019 1 0	1	0
Top 10 per group Is there a way to get the top 10 count for a number of groupings eg: Col1 Col2 Count G1 SG1 10 G1 ... by alucarddjin Path Finder in Splunk Search 07-12-2019 0 1	0	1
Combining details from two log entries into one table under common ID Hello Comminity, Here goes the more detailed descrition 2019-07-12 11:19:55.519 [VDI111][Process1][Info] msg=report... by pitaszek New Member in Splunk Search 07-12-2019 0 1	0	1
LDAP server warning: Insufficient access Hello , I have a connexion problem between Splunk and the LDAP. Please find below the log that i have continuously ... by mkamal18 New Member in Splunk Search 07-12-2019 0 0	0	0
Is there any option in Splunk to run a search in a loop? Hi All, Good morning, Is there any option in Splunk to run a search in a loop? Basically what I want to say is I hav... by sunnyb147 Path Finder in Splunk Search 07-12-2019 0 6	0	6
help on where command which returns wrong results hello I have an issue with the the tonumber command When I execute the query below and even if I specify that I wan... by jip31 Motivator in Splunk Search 07-12-2019 0 11	0	11
I have a seach command but i need to remove the percent column I have a command that gives me the correct info what i want which is (eventtype="wineventlog_system") source="inEven... by pboon New Member in Splunk Search 07-12-2019 0 4	0	4