Splunk Search

Community Activity

How to extract multivalue fields in Splunk and the events in tabular format? Hi, I have one OS index in Splunk where i get the raw data in a tabular format like below. Now I need to extract thes... by Shashank_87 Explorer in Splunk Search 05-08-2019 0 7	0	7
How to find a value from index1/table1 in index2/table2? I have made two indexes and set the values into a table. How can i find a value from table1 in table2 and present de ... by sjansma Explorer in Splunk Search 05-08-2019 0 7	0	7
How to unite different fields into one field? I'm about to unite product codes from 2 different sourcetypes with different names, but with the same value. Here's ... by marxsabandana Path Finder in Splunk Search 05-08-2019 1 1	1	1
how to assign an eval statement to matches on a subsearch? I have a main search and a lookup table I want to assign field called isCorrect to values from the main search that m... by virex Engager in Splunk Search 05-07-2019 0 2	0	2
Cisco ASA VPN logs regex? Hey guys, I am ingesting VPN logs and would like to parse them out. Does anyone have regexes to use? by nick405060 Motivator in Splunk Search 05-07-2019 0 1	0	1
Search for limit violations in subsearches of saved searches Dear fellow Splunkers, I'm running a saved search containing multiple sub searches and writing the results to a sum... by bramkostermans Engager in Splunk Search 05-07-2019 1 0	1	0
How do I sort a timechart legend by count in decreasing order, not alphabetically? Let's say I've got a timechart of URLs I'm serving. Over an hour, let's say I served this: server.com/MYcats.html -... by jofish Engager in Splunk Search 05-07-2019 1 2	1	2
Trimmed Average Calculation host = Mayhem sourcetype="phutans:servo" host=R00878 \| eval headers=split(_raw," ") \| eval plant_length=mvindex(heade... by zacksoft Contributor in Splunk Search 05-07-2019 0 9	0	9
Server Availability query from Incident data I have a lookup table with fields Application name and host, and i have a realtime Incident data with index, sourcety... by samn123 New Member in Splunk Search 05-07-2019 0 3	0	3
Can you reference a token value inside a token eval tag? Hello, I have a token called range (assume it has a value of "123-456"), and I am trying to use it inside a token eva... by johnraftery Communicator in Splunk Search 05-07-2019 1 6	1	6
Multi Valued Field Help I have looked at a ton of posts about breaking a multivalued field but having zero luck effecting a solution. I have... by ghostdog920 Path Finder in Splunk Search 05-07-2019 0 23	0	23
CPU Usage Prediction of later 15 days... of a month Hi, I am trying to create a dashboard that shows % CPU Processor time avg (Value)..but the query i used to only givin... by singh3and12 Path Finder in Splunk Search 05-07-2019 0 4	0	4
extract part of path that may or may not contain space Hello i have source path that looks like : s3://splunk/OTHER/1/OTHER/Star J750/pjserialnumber/2019-05-06T13:40:37.... by sarit_s Communicator in Splunk Search 05-07-2019 0 5	0	5
Replace every 2nd pattern with carriage. i have a field with dates in single line ( could be many dates ) ex: 2019-04-11 23:15:58.547 2019-05-02 10:11:22.833... by jiaqya Builder in Splunk Search 05-07-2019 0 4	0	4
count number of serialnumber with dc takes lots of time hello i have this query : index = amer_pj \| SerialNumber \| Region \| stats dc(SerialNumber) as Serial... by sarit_s Communicator in Splunk Search 05-06-2019 0 11	0	11
クロス集計表でパーセント表記をさせたい contingencyコマンドを使えばクロス集計表(左図)が得られますが、これをパーセント表記させる(右図)方法はありますでしょうか？ by taroito1q75 New Member in Splunk Search 05-06-2019 0 1	0	1
"As" command modifier not working New to Splunk. Trying to use the "as" command modifier to change the name of a column. However, the modifier is not b... by grook New Member in Splunk Search 05-06-2019 0 4	0	4
Line graph incorrectly shows a flat line Hi I have the following search query which shows the output as shown below,as you can see the issue is the linegraph... by isplunk2999 Path Finder in Splunk Search 05-06-2019 0 6	0	6
Why is search command TERM not working in one system but does in another? We just found out that the search command TERM does NOT work when used on extracted fields in one of our Splunk Enter... by sansay Contributor in Splunk Search 05-06-2019 0 5	0	5
Search command for different PC's Hy, i have create a Dashboard with Error Logs. 1 for all pc's: Computername="*", it works, i see all PC's but which ... by Rhuen New Member in Splunk Search 05-06-2019 0 3	0	3
Matching log events with dynamic context information (e.g which version of package X was installed?) Hi everyone, I am using Splunk Enterprise 7.0.8.5 with the Universal Forwarder 6.5.2/6.5.3 on multiple hosts runnin... by almin Engager in Splunk Search 05-06-2019 0 3	0	3
Display only values found in two searches index=rap sourcetype="joyner lucas" \| dedup albums\| table albums \|append [search index=country sourcetype="lil Nas" \|... by atl215 New Member in Splunk Search 05-06-2019 0 3	0	3
Send logs from Splunk Enterprise to Elastic Search Hi, i hope someone can help us, please. We have to send our logs that we receive from Firewall's, Sysmon, etc from ... by Said7 Explorer in Splunk Search 05-06-2019 0 4	0	4
Cannot reproduce Predict command confidence interval Dear Team, I understand we are using Kalman filters in predict command. I am comparing our existing Kalman implement... by jaideeplamba Explorer in Splunk Search 05-06-2019 1 14	1	14
Does anyone know how query for non alpha numeric characters? Is there a way to search for non-alphanumeric characters? We have an index that sometimes generates data that contain... by reneedeleon Engager in Splunk Search 05-06-2019 0 7	0	7