Splunk Search

Community Activity

How to use multiple base searches in one search? I have to base searches defined in my dashboard: <search id="num1"> <query>....</query> </search> <search id="nu... by olejor Engager in Splunk Search 05-01-2019 2 9	2	9
How to pass token during check and uncheck of the checkbox? How to pass token during check and uncheck of the checkbox in splunk? For ex- if I check the box then it will pass t... by vivek_manoj Explorer in Splunk Search 05-01-2019 0 10	0	10
Timestamp Optimization Tools All, Any cool tools out there for optimization and tuning of time stamps? Like a regex101.com style site but like f... by daniel333 Builder in Splunk Search 05-01-2019 0 1	0	1
How to apply anomaly command on timechart query? I am trying to apply anomaly detection on count field. Base query: index=test sourcetype=web source="test.log" WEB_... by PRIYANKA_1993 New Member in Splunk Search 05-01-2019 0 2	0	2
stats not pulling through after a certain date I have a search that looks at 2 indexes so it can pull 3 lots of separate data back so i can show data over a period ... by Sfry1981 Communicator in Splunk Search 05-01-2019 0 4	0	4
Custome Time picker in below query its showing time picker data or time as per time picker. but i want if i select last 30 days in time p... by abhishekdubey00 Engager in Splunk Search 05-01-2019 0 4	0	4
Error 'Could not find all of the specified lookup fields in the lookup table.' I'm having problems when doing splunk searches, always returning the error [sp1p-splidx-sec-90] Error 'Could not fin... by LeandroKopke Explorer in Splunk Search 05-01-2019 2 7	2	7
Splunk HTTP event collector ingesting the data multiple times I'm trying to ingest data using Http Event Collector, HEC. wired that, sometime the data is getting ingested multiple... by sathiyaraj1983 Explorer in Splunk Search 05-01-2019 0 0	0	0
outputlookup limitiations?? Hello Gurus, I'm trying to generate a lookup from a search using the outputlookup option but running into some issue... by MKozanic Path Finder in Splunk Search 04-30-2019 0 5	0	5
How to trim each event and create a field to extract only particular words? Hi Experts, I have few logs as below, i want to capture all unregistered uri (from unregistered uri text to end of t... by Allampally Path Finder in Splunk Search 04-30-2019 0 1	0	1
How to use the Where clause in my search? I have index A with fields: username, field1, field2 I have main:sourcetype B with fields: userid, fullname Trying t... by vnguyen46 Contributor in Splunk Search 04-30-2019 0 4	0	4
How to combine 2 field searches with multiple values? I want to search the logs that have a combination of source and destination IP's. For e.g, I want to search the logs... by praveenmathew27 Engager in Splunk Search 04-30-2019 0 2	0	2
tstats returns no results: inconsistencies when searching datamodels via tstats compared to from and datamodel While working on writing a new correlation search, I wasn't getting any results from tstats; since I was pretty sure ... by triest Communicator in Splunk Search 04-30-2019 0 2	0	2
Is it possible to search and identify the top users of each index? Wondering if there is a way to identify top user of each index. Basically I am tasked with going back and identifying... by paimonsoror Builder in Splunk Search 04-30-2019 0 6	0	6
Host field without wildcards returns no results If I run a search that says * host=somehost, I get results back. If I remove the wildcards around the host field ... by cdoebert Path Finder in Splunk Search 04-30-2019 0 2	0	2
Transaction command: How to get the pair up multiple "startswith", but single "endswith" events? hi We have events something like below 2019-04-30 11:00:01 page=Login.jsp action=login userid=1234 comment="User op... by koshyk Super Champion in Splunk Search 04-30-2019 0 0	0	0
Delta Conditional Statement? Good Morning Everyone, Is it possible to use delta with a conditional statement? As in: Only give me the delta p=... by ryhluc01 Communicator in Splunk Search 04-30-2019 0 8	0	8
Need help deleting a saved search from a search query. Hello, I am trying to create a search that I can use to delete a saved search. Looking at https://docs.splunk.com/D... by cgif_ctac New Member in Splunk Search 04-30-2019 0 4	0	4
Creating buckets based a percentage of occurrence. BASE_SEARCH \| stats count(web-calls) as web-call-count by server_response \| eventstats sum(web-call-count) as total \|... by zacksoft Contributor in Splunk Search 04-30-2019 0 3	0	3
Is there a way I can send multiple csv reports from mulitple saved searches in a single mail. I have a requirement to send output from multiple saved searches as seperate CSV reports in a single mail. Any pointe... by prammod123 Explorer in Splunk Search 04-30-2019 0 0	0	0
Displaying peak count/hr of each uri The problem statement consists of 2 parts capture all the URIs hit in a specific month with specific conditions as b... by harpan New Member in Splunk Search 04-30-2019 0 0	0	0
How to get percentage in stats instead of count? I am calculating number of web-calls that were served in certain seconds. \| stats count(web-calls) as web-call-count ... by zacksoft Contributor in Splunk Search 04-30-2019 0 4	0	4
Problem with (automatic or not) field extraction Hi guys, I have this case. Structured (more or less) data, KV pairs with '=' and divided with tabs. Case 1 (automa... by a_naoum Path Finder in Splunk Search 04-30-2019 0 0	0	0
Search Returning some empty cells Hi, I'm pretty new to splunk searches and i am trying to report on successful logins for login types 7, 8, 10 and 11,... by evanbonner New Member in Splunk Search 04-30-2019 0 2	0	2
How to get transaction count between 5-10 10-15? How to get transaction count between 5-10sec 10-15sec as table ? Expected : Total Success Failure 0-5 Secs 5-... by karthi2809 Builder in Splunk Search 04-30-2019 0 1	0	1