Splunk Search

Community Activity

query to check is a list is [] or has values in it I'm having trouble querying the field attached in the image. I either want to know is its empty or has values in it. ... by wajeeh911 Engager in Splunk Search 07-11-2019 0 5	0	5
Create a New field on an event by evaluating two different event values Hello Splunkers, Facing one issue in identifying Creator_Process_Name, In windows process creation event we have N... by CryoHydra Path Finder in Splunk Search 07-11-2019 0 4	0	4
Return the closest match for a wildcard lookup I have a lookup 3 wildcard fields. What I want to be able to do is to only return the closes match, so if there are m... by bowesmana SplunkTrust in Splunk Search 07-11-2019 0 0	0	0
Minimum disk usage(5000MB) on Search head error Hi Guys, I have my searches disabled on Search heads as the default minimum free disk space is 5000MB. Problem is m... by ramprakash Explorer in Splunk Search 07-11-2019 0 9	0	9
Sort columns in descending order after using xyseries By default xyseries sorts the column titles in alphabetical/ascending order. How do I make it do the opposite? I've ... by vishanik91 New Member in Splunk Search 07-11-2019 0 1	0	1
How to compare and show the difference between two mv fields? I have two mvfields and am looking for a way to show the difference (the missing fields) when comparing mvfield req ... by taynord Engager in Splunk Search 07-11-2019 0 4	0	4
Create search query where events match lookup table 'fieldA' column (all have values) but exclude events that do not have a value in 'fieldB' column. Example Lookup Table entries: fieldA fieldB value value value 'blank' value value Show events... by tinanicole21 New Member in Splunk Search 07-11-2019 0 8	0	8
how to use makecontinuous in combination with stats to fill in time Hello, I have this search query: sourcetype="device" \| bucket span=1d _time \| makecontinuous _time \| stats count... by jorjiana88 Path Finder in Splunk Search 07-11-2019 0 12	0	12
How to write an expression that extracts only the first three letters of a string? I have a different string named: 1. GBP:BOOT1STSUNMONTH_MAINT2 2. AMP:BOOT1STSATMONTH_MAINT4 3. AMP:USFIMBSWEEKEN... by mayank101 New Member in Splunk Search 07-11-2019 0 4	0	4
Sharing field extractions with two Apps and another role I'm having some issues when trying to share KO (field extractions) with other roles and users. I have field extracti... by mortf Explorer in Splunk Search 07-11-2019 0 2	0	2
The LDAP connector in splunk is generating a ton of successful logins. The ldap connector that is used to map AD groups is generating a ton of events, is there a way to stop that? Ive tr... by rmontoya746 New Member in Splunk Search 07-11-2019 0 0	0	0
REX Extract and/or separate a single field into 1 or 2 fields based on different patterns Need to extract or split a filed value into different fields based on a condition/irregular pattern(or however it can... by sh254087 Communicator in Splunk Search 07-11-2019 0 3	0	3
Sub-search not yielding results in SQL The search below does not yield results like NOT IN SQL. Any suggestion please. earliest=06/19/2019:23:00:00 latest=... by seemakurthy New Member in Splunk Search 07-11-2019 0 3	0	3
how to change background color on panel log results We have a search on a dashboard that spits out results of some log files that we are monitoring. For charts, we can ... by jmabry New Member in Splunk Search 07-11-2019 0 0	0	0
Too many search jobs found in the dispatch directory error I see the error "Too many search jobs found in the dispatch directory error" many time. I know to clean the directory... by jayannah Builder in Splunk Search 07-11-2019 3 5	3	5
How to use search from summary index as a condition in another search? Hi, I have index="ekra_protokol" which has these events: datum_zeit;meldung 2019-06-19 05:56:26.754: Test Drucken .... by spisiakmi Contributor in Splunk Search 07-11-2019 0 5	0	5
Search Query Hi Team, There is an requirement in writing the search query. i.e. index=xyz host=abc source=mno "Server starting" ... by anandhalagarasa Path Finder in Splunk Search 07-11-2019 0 4	0	4
How to replace hostname with IP in result? Hi, splunkers: I have a puzzle that I need to show host IP in result but not the hostname. E.g. after I ran the sear... by aojie654 Path Finder in Splunk Search 07-11-2019 0 7	0	7
identify which user is doing longest searches Hi Everyone! I need some help to identify which user are running longest/bad searches. Sometimes splunk goes very sl... by amirarsalan Explorer in Splunk Search 07-11-2019 0 7	0	7
Rex multiple strings from field query Morning all, I hope this is an easy one where i am just missing some login somewhere. I have a field called errors... by stephenreece New Member in Splunk Search 07-11-2019 0 3	0	3
Need help in extracting json fields Hi Below is my json data format . organisations: { [-] : { [+] } adbsafegate.com: { [... by Nadhiyaa Path Finder in Splunk Search 07-11-2019 0 1	0	1
How to create trellis timechart with stacked bars Hi, I want to create a timechart as trellis with stacked bars. I have the following columns: Workdate, Duration, B... by tdoSplunk Path Finder in Splunk Search 07-11-2019 1 2	1	2
How to use regex to extract field? I have a field "dimension" with values: dimension=InstanceIdentifier=[aaamcehjcdbp01] dimension=InstanceIdentifier... by shugup2923 Path Finder in Splunk Search 07-11-2019 0 2	0	2
Help with Timechart search Hi there, I am just trying to get my head around a visualization that I want to create. Scenario: To identify outl... by chriscioffi88 New Member in Splunk Search 07-11-2019 0 6	0	6
MLTK Forecast time series assistant Hi, I am using the MLTK and tried to use Forecast time series assistant. I have logs on splunk shows the free space ... by sachinbansal New Member in Splunk Search 07-11-2019 0 0	0	0