Splunk Search

Community Activity

Timechart not working after multikv Hi, I am not sure why timechart does not work for me. I would like a timechart for avg memory used. I tried the belo... by johnsasikumar Path Finder in Splunk Search 06-10-2019 0 1	0	1
Can the default be a new search in multiselect? Hi Everyone! Like you, I have a text box (Splunk Field) that can get the value as a token by clicking from the tab... by hketer Path Finder in Splunk Search 06-10-2019 0 3	0	3
split columns based on delimeter Hi, I have a field called categories. And the values look like below. Please help me with regex or a way to split th... by surekhasplunk Communicator in Splunk Search 06-10-2019 0 3	0	3
How to add two field values count to another field value? I would like to add splunkd count and splunkd_access count as splunkd_total. Remaining table should look like this ... by pranay_adla Explorer in Splunk Search 06-10-2019 0 8	0	8
Using a token to define a lookup name. I have defined a token "$command$, this happens to be a command name. The command is currently the curl command. I wi... by pbryant_splunk Splunk Employee in Splunk Search 06-10-2019 0 4	0	4
Extract the values from an array of objects Using rex a field has been extracted which has a format of an array with multiple elements of the type, [{"name":"pl... by AshimaE Explorer in Splunk Search 06-10-2019 0 1	0	1
Predict with wildcard How can I use predict command with wildcard, as I have timechart with group by field. See below example query. Query... by VatsalJagani SplunkTrust in Splunk Search 06-10-2019 0 8	0	8
How to create a regex to extract values from an event? Hi everyone, I'm struggling to find a REGEX to extract 2 value from my events. I got events like this : 2019-05-... by le_barbucheron Path Finder in Splunk Search 06-09-2019 0 17	0	17
Lookup/Inputlookup I have run a search query in Splunk which return all the events contained "API call" initiated from some "IP_address"... by rajuljain2605 Explorer in Splunk Search 06-09-2019 0 4	0	4
Search receiving error: The XYZ query has exceeded configured match_limit, consider raising the value in limits.conf I looked through some of the answers above, but I'm not certain they fit. My clients search is: index="websphere" ... by nls7010 Path Finder in Splunk Search 06-08-2019 0 2	0	2
Got any tips on how I can shorten my search? Hi, I have the following search: \| inputlookup work_locations \| fields work_location \| join type=left work_locatio... by dojiepreji Path Finder in Splunk Search 06-08-2019 0 4	0	4
How to update lookup tables conditionally I have a large lookup table which is periodically generated from indexed data by a saved search. The saved search ta... by hmallett Path Finder in Splunk Search 06-07-2019 0 2	0	2
Valid use for datasets Just now getting into datasets & when I create one.. 5 columns of very useful data & it sure looks like a lookup tabl... by clintla Contributor in Splunk Search 06-07-2019 0 1	0	1
How to get all fields of event with 'sid' via REST endpoint ? /servicesNS/nobody/search/search/jobs/sid/results -- this endpoint is not giving all fields of events for the search... by shravankumarkus New Member in Splunk Search 06-07-2019 0 1	0	1
How can one combine two fields with the same values- but different field names- to aggregate data from multiple sourcetypes? I have two fields with the same values but different field names. index= network sourcetype= firewall The source IP ... by amcb90 Engager in Splunk Search 06-07-2019 0 3	0	3
Join two "stats values" columns by similar field I am trying to join two searches with a common TrapID field. The OIDValue column corresponds with the OID Column The... by evan_roggenkamp Path Finder in Splunk Search 06-07-2019 0 6	0	6
Splunk Non Clustered buckets Hi , we migrated an indexer from non clustered to a clustered environment , i know the naming convention for clustere... by ram254481493 Explorer in Splunk Search 06-07-2019 0 3	0	3
How to create a multi-line field extraction I am using splunk free -- and have data in format of: 2019-06-06 11:10:10,029 "somedata" # - Start of event TransId=... by dowdag Engager in Splunk Search 06-07-2019 0 1	0	1
How to format table for resolved record after comparing two timestamp Hi Friends, My data set as below ID Date 1 01/01/2010 1 01/02/2010 2 01/01/2010 3 01/01/2010... by ninadbhaskarwar Path Finder in Splunk Search 06-07-2019 0 4	0	4
Generating an alert for a process running on two hosts at the same time We have a service (process) that should only ever be running on one server at a time. We have MS failover clustering ... by justincoon New Member in Splunk Search 06-07-2019 0 2	0	2
How to create a condition statement Is there a possibility in Splunk to get data like below : If a condition is true then that data is to be printed in ... by dkdeepshikhaa Explorer in Splunk Search 06-07-2019 0 2	0	2
Splunk 6.6.2: Why is inputting the token portion of the search and adjusting the source code within the dashboard, does not display the same data? Hello I am wondering why when I search with the original query it pulls all of the data I want and displays it the ... by Hegemon76 Communicator in Splunk Search 06-07-2019 0 4	0	4
CardRecon false positives? We use CardRecon to search our servers for credit card numbers. CardRecon came back with a large number of credit ca... by Meterman New Member in Splunk Search 06-07-2019 0 3	0	3
Is there a way to remove the digits from columns in Splunk Dashboard? Hello, I am currently working is on one use case where i have to display store number on the basis of avg cpu, avg r... by niks987 Explorer in Splunk Search 06-07-2019 0 1	0	1
if else with where clause required if (a $lt; b) eval c=round(((b-a)/b)*100),0) print c else print "no change" How to get this through splu... by dkdeepshikhaa Explorer in Splunk Search 06-07-2019 1 3	1	3