Splunk Search

Community Activity

Error 'Could not find all of the specified lookup fields in the lookup table.' I'm having problems when doing splunk searches, always returning the error [sp1p-splidx-sec-90] Error 'Could not fin... by LeandroKopke Explorer in Splunk Search 05-01-2019 2 7	2	7
Splunk HTTP event collector ingesting the data multiple times I'm trying to ingest data using Http Event Collector, HEC. wired that, sometime the data is getting ingested multiple... by sathiyaraj1983 Explorer in Splunk Search 05-01-2019 0 0	0	0
outputlookup limitiations?? Hello Gurus, I'm trying to generate a lookup from a search using the outputlookup option but running into some issue... by MKozanic Path Finder in Splunk Search 04-30-2019 0 5	0	5
How to trim each event and create a field to extract only particular words? Hi Experts, I have few logs as below, i want to capture all unregistered uri (from unregistered uri text to end of t... by Allampally Path Finder in Splunk Search 04-30-2019 0 1	0	1
How to use the Where clause in my search? I have index A with fields: username, field1, field2 I have main:sourcetype B with fields: userid, fullname Trying t... by vnguyen46 Contributor in Splunk Search 04-30-2019 0 4	0	4
How to combine 2 field searches with multiple values? I want to search the logs that have a combination of source and destination IP's. For e.g, I want to search the logs... by praveenmathew27 Engager in Splunk Search 04-30-2019 0 2	0	2
tstats returns no results: inconsistencies when searching datamodels via tstats compared to from and datamodel While working on writing a new correlation search, I wasn't getting any results from tstats; since I was pretty sure ... by triest Communicator in Splunk Search 04-30-2019 0 2	0	2
Is it possible to search and identify the top users of each index? Wondering if there is a way to identify top user of each index. Basically I am tasked with going back and identifying... by paimonsoror Builder in Splunk Search 04-30-2019 0 6	0	6
Host field without wildcards returns no results If I run a search that says * host=somehost, I get results back. If I remove the wildcards around the host field ... by cdoebert Path Finder in Splunk Search 04-30-2019 0 2	0	2
Transaction command: How to get the pair up multiple "startswith", but single "endswith" events? hi We have events something like below 2019-04-30 11:00:01 page=Login.jsp action=login userid=1234 comment="User op... by koshyk Super Champion in Splunk Search 04-30-2019 0 0	0	0
Delta Conditional Statement? Good Morning Everyone, Is it possible to use delta with a conditional statement? As in: Only give me the delta p=... by ryhluc01 Communicator in Splunk Search 04-30-2019 0 8	0	8
Need help deleting a saved search from a search query. Hello, I am trying to create a search that I can use to delete a saved search. Looking at https://docs.splunk.com/D... by cgif_ctac New Member in Splunk Search 04-30-2019 0 4	0	4
Creating buckets based a percentage of occurrence. BASE_SEARCH \| stats count(web-calls) as web-call-count by server_response \| eventstats sum(web-call-count) as total \|... by zacksoft Contributor in Splunk Search 04-30-2019 0 3	0	3
Is there a way I can send multiple csv reports from mulitple saved searches in a single mail. I have a requirement to send output from multiple saved searches as seperate CSV reports in a single mail. Any pointe... by prammod123 Explorer in Splunk Search 04-30-2019 0 0	0	0
Displaying peak count/hr of each uri The problem statement consists of 2 parts capture all the URIs hit in a specific month with specific conditions as b... by harpan New Member in Splunk Search 04-30-2019 0 0	0	0
How to get percentage in stats instead of count? I am calculating number of web-calls that were served in certain seconds. \| stats count(web-calls) as web-call-count ... by zacksoft Contributor in Splunk Search 04-30-2019 0 4	0	4
Problem with (automatic or not) field extraction Hi guys, I have this case. Structured (more or less) data, KV pairs with '=' and divided with tabs. Case 1 (automa... by a_naoum Path Finder in Splunk Search 04-30-2019 0 0	0	0
Search Returning some empty cells Hi, I'm pretty new to splunk searches and i am trying to report on successful logins for login types 7, 8, 10 and 11,... by evanbonner New Member in Splunk Search 04-30-2019 0 2	0	2
How to get transaction count between 5-10 10-15? How to get transaction count between 5-10sec 10-15sec as table ? Expected : Total Success Failure 0-5 Secs 5-... by karthi2809 Builder in Splunk Search 04-30-2019 0 1	0	1
I tried uploading a file into Splunk and created a new index for the same,but unable to view the file count it shows zero I tried uploading a file into Splunk and created a new index for the same,but unable to view the file count it shows ... by sathyarajmuruga New Member in Splunk Search 04-29-2019 0 0	0	0
appbrowser error ssl after installation Hello everybody, After the installation of Splunk, I can't to do a search on app. The error message is : Error conne... by ndarracq New Member in Splunk Search 04-29-2019 0 0	0	0
Getting the counts by day but keeping the timestamp Hi, Messing with dns logs im trying to get the domain that was only queried afew times per day. However i would also ... by totaro Explorer in Splunk Search 04-29-2019 0 2	0	2
Splunk cloud - AWS - COncurrent searches say, I have a splunk cloud,, Splunk as a service running in AWS with a daily index volume of 10 GB data per day. what... by dhivyam New Member in Splunk Search 04-29-2019 0 3	0	3
Why i am getting Error in 'eval' command: The expression is malformed. An unexpected character is reached at '\"1\", \"icon-check\", \"icon-alert\")'. Hi all , I am trying to configure alert for data replication in cluster manger. Using below query , getting "Error i... by vasanthi77 Explorer in Splunk Search 04-29-2019 0 1	0	1
How to filter the log using REGEX? I have logs which contains 'LogonType=Owner' and some logs which contains 'InternalLogonType=Owner'. I want to send... by sarwshai Communicator in Splunk Search 04-29-2019 0 17	0	17