Splunk Search

Community Activity

How to troubleshoot eval expressions? I'm new to Splunk, and I am trying to figure out how the eval command works in searches. Sometimes I don't get any r... by fabriziorti New Member in Splunk Search 05-23-2019 0 6	0	6
How to add a new column after lookup match? Hi all, I'm stuck with this i hope somebody can helps me. I have a csv lookup with following data for search matche... by cpm003 Path Finder in Splunk Search 05-23-2019 0 2	0	2
Trying to get stats output for 2 fields after the "by" I have data that looks like this: event,myField,myHost,myCategory yes,a,host1,category1 yes,b,host1,category1 yes,c,... by dsong555 Engager in Splunk Search 05-23-2019 0 4	0	4
How to compare an empty field with epoch time? Hello, I have two fields: dateTimeA and dateTimeB. When dateTimeA is empty, I add "NULL" string. Then I use strptim... by jam00 Explorer in Splunk Search 05-23-2019 0 3	0	3
renaming fields in search I have a query like this sourcetype="beta" index="alpha" \| table fieldA, fieldB, fieldC how do I rename fields fiel... by asarolkar Builder in Splunk Search 05-23-2019 4 8	4	8
Linux mounting/unmounting I am attempting to create a search string for a Linux box which involves mounting/unmounting removable media devices ... by mvitullo New Member in Splunk Search 05-23-2019 0 4	0	4
Lookup file : add a rule Hello, Got a lookup file looking like this : USER,GROUP Peter,group1 Parker,group1 John,group2 Kevin,group2 I'd l... by Zakary_n Path Finder in Splunk Search 05-23-2019 0 3	0	3
Can I divide by zero in splunk? I was having trouble evaluating a field and I think it was because I was dividing by zero. This is my solution. Ho... by HattrickNZ Motivator in Splunk Search 05-23-2019 0 3	0	3
How to count with inputlookup? Hi, I have a search that I have been struggle for a few days. I have an index that contains two fields: type and Tot... by thanhnv244 New Member in Splunk Search 05-23-2019 0 3	0	3
Help with transforms regex needed Hello, I need help with the proper hashing of the user IDs and IP addresses using the transforms.conf I have the fol... by damucka Builder in Splunk Search 05-23-2019 0 3	0	3
How to select a time range in a timechart? Hello Is it possible to use a select time range directly in a timechart? it means that I would like to use the selec... by jip31 Motivator in Splunk Search 05-22-2019 0 5	0	5
Regex for F5 BIG IP ASM logs There is a field - req_status - for F5 Big IP ASM logs and right now when I view the values, I expect to see three: ... by jwalzerpitt Influencer in Splunk Search 05-22-2019 0 7	0	7
dropdown case to populate token Hi, I have a dropdown with 5 values. But in the following panel query the table and index which i am using has no r... by surekhasplunk Communicator in Splunk Search 05-22-2019 0 1	0	1
How to search for a missing word from an indexed log and alert if the word is not found in the last 15 minutes? I will like to search for a missing word like "main" on an indexed log and alert if that word is not found in the las... by iggydolby2 Loves-to-Learn Lots in Splunk Search 05-22-2019 0 10	0	10
need a graph of total calls per day for 7 days or 30 days Hi all, need help in getting graph for "total_calls" per day for 7 days or 30 days tried using timechart dosnt work. ... by splunkuseradmin Path Finder in Splunk Search 05-22-2019 0 1	0	1
Start external process and retrieve results later So I don't even know where to start researching on how I would setup what I want to do. I'm looking to query a numbe... by bmorgenthaler Path Finder in Splunk Search 05-22-2019 0 1	0	1
Graph weekly average but only show graph for last 24 hours I currently have a graph that shows the number of events over the last 24 hours by host. I've also included streamst... by AlexMcDuffMille Communicator in Splunk Search 05-22-2019 0 2	0	2
Field Aliases and Extractions -- overlap or order of operations causing issue So I have an event: <164>2019-05-14T22:04:15.161Z hostname Hostd: Rejected password for user myuser from 192.168.1.1... by oliverj Communicator in Splunk Search 05-22-2019 0 2	0	2
need value by time hello I have a command which gives the value ex., "172" it is basically change when no. of ldap users added and remo... by splunkuseradmin Path Finder in Splunk Search 05-22-2019 0 3	0	3
Splunk replaces zero with null values. Chart Avg(value) omits all those null values, with this avg result is not correct. How to fix this? Hi Everyone, I am a newbie to splunk. We are using splunk to monitor our custom perfmon counters. see the below sear... by dayananda7449 New Member in Splunk Search 05-22-2019 0 3	0	3
Connection timed out when using Splunk Java SDK to make search query I am seeing this error: java.lang.RuntimeException: Operation timed out (Connection timed out) when I try to creat... by vickie123 New Member in Splunk Search 05-22-2019 0 0	0	0
How do I transpose a table grouped by the values in the first column? I have a search that produces the following sample data: ValueA ValueB A 1 A 2 A 3 B ... by andweng New Member in Splunk Search 05-22-2019 0 2	0	2
How to use field transformations in a splunk search instead of transforms.conf ? I have the following stanza on the transforms.conf which actually splits commands separated by characters like \|, &, ... by pavanae Builder in Splunk Search 05-22-2019 0 4	0	4
Rex for drive letters I only want to look at built in shares like A$-Z$, but not ADMIN$ or IPC$. Is there a rex expression that will allow ... by nashia New Member in Splunk Search 05-22-2019 0 6	0	6
Extract JSON fields in mixed data structure with props I have an event with a mix of JSON and non-JSON data. I have successfully extracted a Payload field with props whose ... by _smp_ Builder in Splunk Search 05-22-2019 2 5	2	5