Splunk Search

Community Activity

How to re-add a clustered bucket as standalone? I went in to try and rename the db buckets to the longer name for instance db_1560844064_1560747689_41 to db_15608... by nls7010 Path Finder in Splunk Search 06-19-2019 0 0	0	0
How to relocate Splunk bar chart value placement I have a bar chart and the value in the horizontal bars comes at the top of the bar. What XML changes should be made... by RishiMandal Explorer in Splunk Search 06-19-2019 0 0	0	0
trigger second search/dbxquery based on the result of the first search Hello, I would like to trigger the second search/dbxquery based on the results of the first one. I test it with the ... by damucka Builder in Splunk Search 06-19-2019 0 6	0	6
How to exclude a specific value from a column? Hi I have a table with 2 columns: "_time" and "isOutlier". I want to remove all the fields with the value = 1 from ... by rosho Communicator in Splunk Search 06-19-2019 0 5	0	5
Use of fillnull displays wrong color in 'single value' I am using \| fillnull totalCount in my search so I get an 0 when there is no result. The color range I use is from ... by Mike6960 Path Finder in Splunk Search 06-19-2019 0 30	0	30
Remove extension from filepath in field value dynamically. I have a field in my Splunk search name filepath which contains the base path of file like below repository/2650/docu... by paragvidhi Engager in Splunk Search 06-19-2019 0 2	0	2
How to adjust label position in a column chart? Here is my chart - there is any way to set the position of column labels above the column, not in the middle? by dreadangel Path Finder in Splunk Search 06-19-2019 0 5	0	5
Replace command -Ignore case How can we use case insensitive value in Replace command- \| replace "name" with "entity" in description will it rep... by shugup2923 Path Finder in Splunk Search 06-19-2019 0 1	0	1
How to extract filename from fields? I am trying to extract a filename Nsences_2016_10_10_12_50.csv from below field value. D:\Program Files\X620\ABC\TGF... by dhirendra761 Contributor in Splunk Search 06-19-2019 0 5	0	5
Why does the search works in Monitoring Console but not in other Apps? I'm trying to convert the Health Check queries into a dashboard, I already change neccesary permissions in some macro... by jorcabro Explorer in Splunk Search 06-19-2019 0 4	0	4
Question on include/exclude events In the logs I wanted to include events that has the string "uri=https://www.bikerace.com" and if it is not present I ... by Deepz2612 Explorer in Splunk Search 06-19-2019 0 1	0	1
Match timestamp when it is between timestamp from lookup Hi all, I want to merge the following sets based on their timestamp. index=bus sourcetype=bus \| table timestamp type... by basvanderbijl New Member in Splunk Search 06-19-2019 0 0	0	0
How to display dashboard when all searches done loading? I have a base query in my dashboard with multiple other queries that make use of the base query. In my base query, I... by denzelchung Path Finder in Splunk Search 06-19-2019 0 3	0	3
Finding the latest source file per day My script runs every 2 hrs per day .But i need the latest file per day for a timerange to do some calculation. by Nadhiyaa Path Finder in Splunk Search 06-18-2019 0 3	0	3
How do I divide data in a column based on their values? I have two fields in my data. Below is an example.The actual data contains 100 rows. Store Minutes 81145 33 81234 42... by nikita012 New Member in Splunk Search 06-18-2019 0 3	0	3
No of Businessdays between two dates Hi , The below give me the no of days between two dates but i want to calculate only no of business days between two ... by snehalatha Engager in Splunk Search 06-18-2019 2 4	2	4
No value coming from OUTPUT during a look up I am trying to match a field across two inputs if the field matches then I compare the dates and table them. When I c... by sowmya120 New Member in Splunk Search 06-18-2019 0 3	0	3
Automatically Viewing Visualization in Search I'm linking a click value token in a dashboard to a search. Is there a way to format the drilldown search string so ... by TylerJVitale Explorer in Splunk Search 06-18-2019 0 2	0	2
How to search based on the the time field from the event? Hi Team, I am having field called expirationdatetime in my event and its format is 2019-06-21T06:08:40.220082Z. My r... by bhuvanabala New Member in Splunk Search 06-18-2019 0 2	0	2
Search to show zero when no results I have the following search: earliest=@d+11h latest=@d+22h index="daluat" Action="DAL*" \| timechart span=30m count ... by matthewcanty Communicator in Splunk Search 06-18-2019 0 9	0	9
How to write a real-time search to alert if daily license usage reaches 70 GB or more? Hi Team I need your help to write the search on the licence usage. Suppose I have a 100 GB license. My daily licence... by sumit29 Path Finder in Splunk Search 06-18-2019 1 3	1	3
How to create a regex to extract fields between two hyphens? Hi,help me in writing regex to extract field between two hyhpens. Eg: S-STRA-32 F-FIDR-67 Thanks! by Deepz2612 Explorer in Splunk Search 06-18-2019 0 5	0	5
How to write a search where if a certain string is found in a log, set Status=1, otherwise Status=0? I need to find a string in a log and set/unset a field depending on this.Ex: field Status = 1 or 0.I should say if(a_... by svivekananda007 Engager in Splunk Search 06-18-2019 4 9	4	9
How to search for an event from last week based on time value field? Hi - I am searching for events based on time field Last_Login_Time (sample value: 2019-06-13T20:26:12.000Z) which hap... by vnguyen46 Contributor in Splunk Search 06-18-2019 0 3	0	3
Can we retrieve data using DBConnect for rows which got modified? Is it possible to retrieve data using DBConnect for rows which got modified? And not included via the rising column? by ddrillic Ultra Champion in Splunk Search 06-18-2019 0 1	0	1