Splunk Search

Community Activity

How to get the latest entry from a lookup table? I'm creating a chart which includes the use of a lookup table file, but I only want it to pull up the latest entry fo... by mcram52 New Member in Splunk Search 06-20-2019 0 1	0	1
blacklist file form inputs.conf Here is my input.conf. [monitor:///tcom/servers/.../logs/*] blacklist = this_log.log-12345678 sourcetype = app ind... by smudge797 Path Finder in Splunk Search 06-20-2019 0 8	0	8
How to find the values of a field? I am trying to find the total count of nodes in a pool, the total count of bad nodes in the pool AND, that part I am ... by mtrochym Observer in Splunk Search 06-20-2019 0 3	0	3
How to lookup values that have spacing between words Hi, I am trying to make the lookup work where the values have space in it, for example, when the value is "I am confu... by anilpinnamaneni New Member in Splunk Search 06-20-2019 0 1	0	1
Extract via rex a list of hostnames from a block of text I am trying to get a list of hostnames from a block of text via rex. I know I want the first string of every newline ... by swangertyler Path Finder in Splunk Search 06-20-2019 0 3	0	3
Where do search time extractions happen? I'm wondering where do search time extractions happen on search head or on indexer as we keep props and transforms on... by atulpatel Explorer in Splunk Search 06-20-2019 1 4	1	4
how to calculate days between two dates and also how to calculate only business date? \| eval duedate1 = strftime(strptime(duedate,"%Y-%m-%d"),"%Y-%m-%d %H:%M:%S") \| eval current = strftime(now(),"%Y-%m-%... by chandanimishra New Member in Splunk Search 06-20-2019 0 1	0	1
How to create a regex field extraction for the last occurence for a specific text? Hi, We have attached log file.link text The whole log file contains in one single event in splunk. Now, I need to ex... by dhirendra761 Contributor in Splunk Search 06-20-2019 0 10	0	10
Issue with time format calculation Hi The request below is working but I have an issue on the NbDaysLogon and NbDaysReboot calculation. As you can see, ... by jip31 Motivator in Splunk Search 06-20-2019 0 5	0	5
stats command not working as expected hello i have this query that calculated gaps between events. im trying to get the source file of the events that was ... by sarit_s Communicator in Splunk Search 06-19-2019 0 8	0	8
How to use timepicker from a CSV lookup? I found the similar post here, but the solution doesn't seem to be working. I have a CSV file with a timestamp field... by splunkrocks2014 Communicator in Splunk Search 06-19-2019 1 6	1	6
How to match events from 3 different sources? I have one index with events from 3 different sources. I want to match one field of 1st source with other 2 source's ... by spnewashik New Member in Splunk Search 06-19-2019 0 11	0	11
Table fields as variable Is there anyway to pass a variable to the table command? Basically, I have field1, field2 and field3 from my search.... by amiragha New Member in Splunk Search 06-19-2019 0 6	0	6
Question on left join I'm not sure why is my left join not working. I'm sure that my results will be than 50000 records. kindly assist me!... by Deepz2612 Explorer in Splunk Search 06-19-2019 0 4	0	4
Why dont some panels in Splunk give the default zoom in and reset zoom behavior while others can? I have a dashboard panel with volume(count) along the y axis and application name along the y axis. I try to zoom i n... by neelufar New Member in Splunk Search 06-19-2019 0 0	0	0
How to display a Total Users label within Title of Pie Chart? I have a Panel on my Dashboard with a Chart showing the users who use the system. The Chart shows the first 11 Users... by justdan23 Path Finder in Splunk Search 06-19-2019 0 1	0	1
How to filter a JSON data log when one of the fields in that JSON is empty? Hi, I am trying to filter the log event based on a json field which is empty. I have 3 million records and out of whi... by mayurk90 Engager in Splunk Search 06-19-2019 0 9	0	9
Splunk for desktop environment Can splunk be used to collect and manage win10 event traces / performance data ? Are there any use cases where splunk... by felixstephen New Member in Splunk Search 06-19-2019 0 2	0	2
Reduce SPL OR operator redundancy I have a query with a bunch of ORs and I want to do something similar to the SQL IN operator, using a list instead or... by torirgee New Member in Splunk Search 06-19-2019 0 1	0	1
Generate a dynamic multi-value field based on a specific field in a search Hi there, I'm fairly new to Splunk searches. I have a search in a log : index=tutti sourcetype=toto status!=4 Wher... by elaoumam Engager in Splunk Search 06-19-2019 0 3	0	3
How to create a search box that when text is entered it appends what is searched into each panel on the dashboard? So I am trying to create a searchbox that when text is entered it appends what is searched into each panel on the das... by bryceweb22 Path Finder in Splunk Search 06-19-2019 0 9	0	9
How to re-add a clustered bucket as standalone? I went in to try and rename the db buckets to the longer name for instance db_1560844064_1560747689_41 to db_15608... by nls7010 Path Finder in Splunk Search 06-19-2019 0 0	0	0
How to relocate Splunk bar chart value placement I have a bar chart and the value in the horizontal bars comes at the top of the bar. What XML changes should be made... by RishiMandal Explorer in Splunk Search 06-19-2019 0 0	0	0
trigger second search/dbxquery based on the result of the first search Hello, I would like to trigger the second search/dbxquery based on the results of the first one. I test it with the ... by damucka Builder in Splunk Search 06-19-2019 0 6	0	6
How to exclude a specific value from a column? Hi I have a table with 2 columns: "_time" and "isOutlier". I want to remove all the fields with the value = 1 from ... by rosho Communicator in Splunk Search 06-19-2019 0 5	0	5