Splunk Search

Community Activity

How to disable Splunk app using deployment server? Hi all, I have deployed an app using a deployment server in Splunk. Suppose I got a new update for that app and I n... by tbavarva Path Finder in Splunk Search 06-21-2019 0 5	0	5
Error in 'eval' command: The expression is malformed. An unexpected character is reached at '0)'. Hi guys, Pulled this search off gosplunk's website and tried to run it in my test environment, and received the error... by dharveynswccd Path Finder in Splunk Search 06-21-2019 0 3	0	3
How do I sort this stats count? This is my search below. It shows Country and count. How do I sort the count field for largest to smallest? index="c... by bayman Path Finder in Splunk Search 06-21-2019 1 5	1	5
Is it possible to define tags using regex? I would like to define a tag in splunk using a regex. Example: host=st1231, host=1232, host=1233 --> the name of the... by tgdvopab Path Finder in Splunk Search 06-21-2019 0 10	0	10
How to set up radio button or checkbox to alter text search? I'd like to use a radio button or checkbox to alter a search i.e. toggle between either Index=$index$ host=$host$ s... by raborder New Member in Splunk Search 06-20-2019 0 2	0	2
How to get the latest entry from a lookup table? I'm creating a chart which includes the use of a lookup table file, but I only want it to pull up the latest entry fo... by mcram52 New Member in Splunk Search 06-20-2019 0 1	0	1
blacklist file form inputs.conf Here is my input.conf. [monitor:///tcom/servers/.../logs/*] blacklist = this_log.log-12345678 sourcetype = app ind... by smudge797 Path Finder in Splunk Search 06-20-2019 0 8	0	8
How to find the values of a field? I am trying to find the total count of nodes in a pool, the total count of bad nodes in the pool AND, that part I am ... by mtrochym Observer in Splunk Search 06-20-2019 0 3	0	3
How to lookup values that have spacing between words Hi, I am trying to make the lookup work where the values have space in it, for example, when the value is "I am confu... by anilpinnamaneni New Member in Splunk Search 06-20-2019 0 1	0	1
Extract via rex a list of hostnames from a block of text I am trying to get a list of hostnames from a block of text via rex. I know I want the first string of every newline ... by swangertyler Path Finder in Splunk Search 06-20-2019 0 3	0	3
Where do search time extractions happen? I'm wondering where do search time extractions happen on search head or on indexer as we keep props and transforms on... by atulpatel Explorer in Splunk Search 06-20-2019 1 4	1	4
how to calculate days between two dates and also how to calculate only business date? \| eval duedate1 = strftime(strptime(duedate,"%Y-%m-%d"),"%Y-%m-%d %H:%M:%S") \| eval current = strftime(now(),"%Y-%m-%... by chandanimishra New Member in Splunk Search 06-20-2019 0 1	0	1
How to create a regex field extraction for the last occurence for a specific text? Hi, We have attached log file.link text The whole log file contains in one single event in splunk. Now, I need to ex... by dhirendra761 Contributor in Splunk Search 06-20-2019 0 10	0	10
Issue with time format calculation Hi The request below is working but I have an issue on the NbDaysLogon and NbDaysReboot calculation. As you can see, ... by jip31 Motivator in Splunk Search 06-20-2019 0 5	0	5
stats command not working as expected hello i have this query that calculated gaps between events. im trying to get the source file of the events that was ... by sarit_s Communicator in Splunk Search 06-19-2019 0 8	0	8
How to use timepicker from a CSV lookup? I found the similar post here, but the solution doesn't seem to be working. I have a CSV file with a timestamp field... by splunkrocks2014 Communicator in Splunk Search 06-19-2019 1 6	1	6
How to match events from 3 different sources? I have one index with events from 3 different sources. I want to match one field of 1st source with other 2 source's ... by spnewashik New Member in Splunk Search 06-19-2019 0 11	0	11
Table fields as variable Is there anyway to pass a variable to the table command? Basically, I have field1, field2 and field3 from my search.... by amiragha New Member in Splunk Search 06-19-2019 0 6	0	6
Question on left join I'm not sure why is my left join not working. I'm sure that my results will be than 50000 records. kindly assist me!... by Deepz2612 Explorer in Splunk Search 06-19-2019 0 4	0	4
Why dont some panels in Splunk give the default zoom in and reset zoom behavior while others can? I have a dashboard panel with volume(count) along the y axis and application name along the y axis. I try to zoom i n... by neelufar New Member in Splunk Search 06-19-2019 0 0	0	0
How to display a Total Users label within Title of Pie Chart? I have a Panel on my Dashboard with a Chart showing the users who use the system. The Chart shows the first 11 Users... by justdan23 Path Finder in Splunk Search 06-19-2019 0 1	0	1
How to filter a JSON data log when one of the fields in that JSON is empty? Hi, I am trying to filter the log event based on a json field which is empty. I have 3 million records and out of whi... by mayurk90 Engager in Splunk Search 06-19-2019 0 9	0	9
Splunk for desktop environment Can splunk be used to collect and manage win10 event traces / performance data ? Are there any use cases where splunk... by felixstephen New Member in Splunk Search 06-19-2019 0 2	0	2
Reduce SPL OR operator redundancy I have a query with a bunch of ORs and I want to do something similar to the SQL IN operator, using a list instead or... by torirgee New Member in Splunk Search 06-19-2019 0 1	0	1
Generate a dynamic multi-value field based on a specific field in a search Hi there, I'm fairly new to Splunk searches. I have a search in a log : index=tutti sourcetype=toto status!=4 Wher... by elaoumam Engager in Splunk Search 06-19-2019 0 3	0	3