Splunk Search

Community Activity

Unable to see correct result after running splunk query issue : Unable to see correct result after running query. I have lookup file .CSV which consists some field (AD group... by su_kumar New Member in Splunk Search 07-14-2019 0 1	0	1
Predict error in time chart I'm working on a query that predicts GB growth, I keep getting "command="predict", Unknown field after eval". Here i... by codedtech Path Finder in Splunk Search 07-14-2019 0 1	0	1
Populating dashboard panel with data from drilldown or multiselect token In my dashboard, I have the user select a server and then a line chart displays of application crashes on the selecte... by TylerJVitale Explorer in Splunk Search 07-14-2019 0 2	0	2
Value that may or may not be there in field extraction I am attempting to setup an exctraction for the following; 2 hrs 2 mins 36 secs 312 ms; extracting it as the time val... by aohls Contributor in Splunk Search 07-14-2019 0 5	0	5
Extract key-value pairs I'm trying to extract the key-value pairs from an Untangle firewall log ( syslog ), but the Regex example I found on ... by scottkoontz57 New Member in Splunk Search 07-13-2019 0 8	0	8
Timespan single value by day excluding yesterday, but maintaining the entire 24 hour count of yesterday and the previous days All I want to do is display a single value of yesterdays entire 24 hour count compared to that of the previous day/ye... by clozach Path Finder in Splunk Search 07-13-2019 0 3	0	3
display count of hostnames in first day of week have last_seen>30 days for 08.07.19 count number of hostnames that have last_seen > 30 days for 01.07.19 count number of hostnames that have... by cipi23 New Member in Splunk Search 07-13-2019 0 1	0	1
How to create a rate on a timechart with two measures? Works just fine \| timechart count by orderLineState \| eval cancelRate=round((cancelled/(cancelled+released))*100,2... by taynord Engager in Splunk Search 07-13-2019 0 2	0	2
How to indicate different period of search date after eval command ? I have different case: \| eval this_week = case(last_seen < strftime(relative_time(now(), "-mon"), "%Y-%m-%dT%H:%M:%S... by malear_ion New Member in Splunk Search 07-13-2019 0 1	0	1
How can I tally a value that represents usage in 3 letters and get the number of events that have each? I have a field lets call it usage that can up to 3 of these letters (b, n, e) i.e. all possible logged permutations w... by tirams New Member in Splunk Search 07-13-2019 0 5	0	5
How to extract the single field with the multiple values? Hiiii How to extract the single field with multiple values? Like status is active, failed, cancelled, deactivated, fo... by marisstella Explorer in Splunk Search 07-13-2019 0 6	0	6
Rex for cef event and create field alias accordingly sample CEF: May 20 20:44:51 10.XX.XX.XX May 20 2019 20:44:51 avcm02.com CEF:0\|AV\|Control Manager\|7.0\|BM:1000\|Behavi... by ritikaviavi Observer in Splunk Search 07-13-2019 0 2	0	2
converting an triming field values I need to to convert this field in to a number and remove the $ capacity_gb = $8,191.75, I've tried eval to num and c... by codedtech Path Finder in Splunk Search 07-13-2019 0 4	0	4
How to use tstats to show unique list of hosts for a specified index? Hi, I'm using this search: \| tstats count by host where index="wineventlog" to attempt to show a unique list of hosts... by russell120 Communicator in Splunk Search 07-12-2019 0 3	0	3
Stuck on Merge splunk.com accounts page I must have two accounts associated with my e-mail address. I am stuck on the page stating that I should merge them. ... by jchrysler Engager in Splunk Search 07-12-2019 1 0	1	0
Top 10 per group Is there a way to get the top 10 count for a number of groupings eg: Col1 Col2 Count G1 SG1 10 G1 ... by alucarddjin Path Finder in Splunk Search 07-12-2019 0 1	0	1
Combining details from two log entries into one table under common ID Hello Comminity, Here goes the more detailed descrition 2019-07-12 11:19:55.519 [VDI111][Process1][Info] msg=report... by pitaszek New Member in Splunk Search 07-12-2019 0 1	0	1
LDAP server warning: Insufficient access Hello , I have a connexion problem between Splunk and the LDAP. Please find below the log that i have continuously ... by mkamal18 New Member in Splunk Search 07-12-2019 0 0	0	0
Is there any option in Splunk to run a search in a loop? Hi All, Good morning, Is there any option in Splunk to run a search in a loop? Basically what I want to say is I hav... by sunnyb147 Path Finder in Splunk Search 07-12-2019 0 6	0	6
help on where command which returns wrong results hello I have an issue with the the tonumber command When I execute the query below and even if I specify that I wan... by jip31 Motivator in Splunk Search 07-12-2019 0 11	0	11
I have a seach command but i need to remove the percent column I have a command that gives me the correct info what i want which is (eventtype="wineventlog_system") source="inEven... by pboon New Member in Splunk Search 07-12-2019 0 4	0	4
Lookup more than one column in Lookup Table I want to return descriptions I have in a lookup table. The description corresponds to a code in my Events list. Howe... by sarahaydenvi New Member in Splunk Search 07-12-2019 0 1	0	1
How do you use rex's max_match option? At search time, I want to extract multivalued fields. The docs for rex say to use the max_match option. Example: ... by cfergus Path Finder in Splunk Search 07-12-2019 2 4	2	4
Field Extraction matching not working but works only with wildcard Strange problem but couldn't find the root cause. Just checking if anyone of you have come across similar? Sample da... by koshyk Super Champion in Splunk Search 07-12-2019 0 5	0	5
modify date of search how to modify time after a search, for example i search something on thirst day of week (08 date) and after i would l... by cipi23 New Member in Splunk Search 07-12-2019 0 6	0	6