Splunk Search

Community Activity

How to include "-" in between a field value? I have a field lastrundate which has values 20190623 , 20190624 , 20190626. I want to include an "-" in between the... by vrmandadi Builder in Splunk Search 06-25-2019 0 2	0	2
eventstats into multi-value list limit of max values Is there a limit of max values in a multi-value field listSummary for \| eventstats list(variable) as listSummary b... by wfskmoney Path Finder in Splunk Search 06-25-2019 0 6	0	6
How to recreate a bar chart using values over a time period showing duration, start times, and stop times using the chart command? I am attempting to recreate a bar chart based on a start and stop time by workloads. Can anyone help me with the \| ... by thefakemike New Member in Splunk Search 06-25-2019 0 0	0	0
Test props and transforms from Splunk UI In Splunk when we add data via uploading file it gives UI to add and verify props.conf properties there, like timesta... by VatsalJagani SplunkTrust in Splunk Search 06-25-2019 0 5	0	5
How to use multiple saved searches for a single table Hi, We are using a table in our dashboard and its output is based on multiple saved search. How can I run multiple s... by AKG1_old1 Builder in Splunk Search 06-25-2019 0 2	0	2
Sample command limitations I noticed sample command in Splunk is limited in how many parameters can be used at the same time: https://docs.splun... by cosminstefanmar Explorer in Splunk Search 06-25-2019 2 9	2	9
How to group two field values into separate fields? I am working with data that is shared/backed up by two separate hosts. Each userID is linked to two hosts. When there... by bofasplunkguy Explorer in Splunk Search 06-25-2019 0 0	0	0
Two searches using three indexes with different fields I have this search below: index=BI_1 sourcetype=jobs_info fieldJ IN (Flamengo) \| search index=BI_2 sourcetype=tel_d... by nsantiago17 Explorer in Splunk Search 06-25-2019 0 4	0	4
Testing mmdb file in Splunk is there a command recommendation for risk scoring? I am currently attempting to test the GeoIP2-Anonymous-IP.mmdb file out in Splunk. I know we can either place it in ... by jjoh277 Engager in Splunk Search 06-25-2019 0 0	0	0
Using field option in join command If I get a search like below: index="main" ~~~~~ \| table _time value code \| join type=outer [search index="main" ~~~... by tkdguq0110 Path Finder in Splunk Search 06-25-2019 0 3	0	3
Is there a way to group apps in Splunk deployment? We have started to use the Splunk Deployment within in our infrastructure and I was wondering if there's a way (inclu... by d3ag0s Engager in Splunk Search 06-25-2019 0 2	0	2
Why is "�" character found in field values after uploading CSV file and indexing? Hi, After uploading csv file and indexing, I found out that most, if not all of my special characters becomes "�" wh... by dojiepreji Path Finder in Splunk Search 06-25-2019 0 3	0	3
How to save bracket syntax in a report Hi In my XML file, I use the syntax below which works perfectly \| search SITE=$tok_filtersite\|s$ But I need to... by jip31 Motivator in Splunk Search 06-25-2019 0 5	0	5
Help understanding real time searches Hello everyone, I think I don't fully understand the concept of real-time searches. If I configure a search as a rea... by astatrial Contributor in Splunk Search 06-25-2019 0 6	0	6
How to search for duration between events? Hello, Splunkers friends, I need your support; I have a script running on Splunk once at a day, it brings me passwor... by julian0125 Explorer in Splunk Search 06-25-2019 0 6	0	6
How to add custom start date and end date in splunk query (without the using splunk default date picker) ? Hi, I have to pass a custom 'startdate' and 'enddate' in Splunk query in the search tab (without the help of Splunk d... by sajithpm101 New Member in Splunk Search 06-24-2019 0 11	0	11
How to pass 0 to variable if no search result is found? I have scenario where I want variable (Loss) to be 0 if no result found of below search: \| dbxquery query="SELECT *... by ahmadsaadwarrai Explorer in Splunk Search 06-24-2019 0 1	0	1
How to create a conditional stats search based on a field value? Hi, I am trying to write a conditional stats command based on a field value. So for example: I have a field called ... by ronny_wang Explorer in Splunk Search 06-24-2019 0 4	0	4
Running jQuery on search results Hi, Hoping someone here can help because I've been running into walls on it. I'm trying to insert a link on every tr... by big_nuggets Explorer in Splunk Search 06-24-2019 0 1	0	1
Splunk alert to be triggered based on time of the day My search condition is checking for results less than 10 every 45 minutes. The problem is we don't have that much tra... by anweshar New Member in Splunk Search 06-24-2019 0 3	0	3
How to disable one search peer in cluster? Hello, Splunkers: I have a Cluster that contains 3 indexers and one search head. I want the search head to communic... by TISKAR Builder in Splunk Search 06-24-2019 0 3	0	3
How to sum same field twice I want to be able to sum the same field in order to create 2 different fields so that I can compare the Volume by app... by TylerJVitale Explorer in Splunk Search 06-24-2019 0 1	0	1
Using lookup tables to evaluate multiple conditions We're evaluating using Splunk to identify changes to a system's state (like installed apps, listening ports, ACLs, et... by BHumphrey_Tep New Member in Splunk Search 06-24-2019 0 3	0	3
Unable to nullqueue unnecessary lines without a date I have two lines of events that are unnecessary because there is no date and would like to null queue these out. I h... by babcolee Path Finder in Splunk Search 06-24-2019 0 7	0	7
How to calculate duration difference between events considering regex? Hello, I have the following logs: 2019-05-30 14:39:00,115 traceId=AAAAAA msg=Incoming with body {"parameters":[{"da... by amunag439 Explorer in Splunk Search 06-24-2019 1 3	1	3