Splunk Search

Community Activity

How can I use a variable as parameter for a custom command? This is not working: Is there a special syntax to use the content of a variable an not its name? sourcetype="test" \|... by HustenHelmut334 New Member in Splunk Search 04-18-2019 0 2	0	2
Sub a string until a specific character Hello, I Need to know how can I trim a string from the begining until a specific character. For example, I have the t... by anasshsa Engager in Splunk Search 04-17-2019 0 2	0	2
Manipulating data in a Values() output Is there any sort of syntax for me to be able to manipulate or get data on data that exists in the Values() field. S... by chandlercr New Member in Splunk Search 04-17-2019 0 1	0	1
Trying to use collectd to trend process utilization by name I've got a test set of hosts using collectd to gather process information, and I'm struggling how to get mstats to gi... by mjones414 Contributor in Splunk Search 04-17-2019 0 0	0	0
SPL Can't do conditional statements after dealing with multi value fields My goals is to grab the computer name from the multi-value field: identities. I then want to take that new attribute ... by clozach Path Finder in Splunk Search 04-17-2019 0 1	0	1
Limited output for multivalue field Hi Splunkers, we have JSON logs with multiple values for a single field - list of identities - up to 1000. I need ... by evelenke Contributor in Splunk Search 04-17-2019 0 0	0	0
How do you average count values in certain timeslots? Dear Community, I got a use case I seem to be too inexperienced with to complete on my own. Since I just started del... by VanyBerg Engager in Splunk Search 04-17-2019 0 1	0	1
help on stats(dc) command hello I use the search below in order to display cpu using is > to 80% by host and by process-name So a same host ca... by jip31 Motivator in Splunk Search 04-17-2019 0 4	0	4
How do I find the difference in time between two fields in the same event? I am fairly new to Splunk so bear with me. I have extracted two fields and they are ConnectTime and DisconnectTime a... by LHisham Engager in Splunk Search 04-17-2019 1 3	1	3
baic question on inputlookup hi I have diffuclties to understand how inputlookup works I use the search below index="x" sourcetype=y source="... by jip31 Motivator in Splunk Search 04-17-2019 0 10	0	10
Is it possible to change an index name? One of our customers wonders whether it's possible to change an index name. Is it possible? by ddrillic Ultra Champion in Splunk Search 04-17-2019 0 2	0	2
How to search an event ID for password expiration enabled I am trying to search event logs for an event when a user password is set to not expire. But the alert I have setu... by wingstopdgon New Member in Splunk Search 04-17-2019 0 1	0	1
How to subtract a string from value field I Need to know to subtract a string from the begining of a value until a specific character in Spl. For example, if I... by anasshsa Engager in Splunk Search 04-17-2019 0 1	0	1
Combining Search Results By Passing Subsearch Values Hi, Essentially, I am trying to join 2 or 3 log entries together linking them by a yet to be determined value (sessi... by adamcoquim Explorer in Splunk Search 04-17-2019 0 2	0	2
Encryption on the port 9997 Hello, I have the following inputs.conf on my indexer: [default] host = mo-7ee963859.zone1.mo.sap.corp [monitor://... by damucka Builder in Splunk Search 04-17-2019 0 2	0	2
Need count for fields value Hi Friends, I have two field component and eventtype, need count of component=root and component=Metrics and ventt... by rakesh44 Communicator in Splunk Search 04-17-2019 0 9	0	9
Why does the regex work in search but not in props.conf? I have a file that I am monitoring on a Heavy Forwarder(HF). The file is JSON logs. On the HF I have the following pr... by reswob4 Builder in Splunk Search 04-17-2019 0 8	0	8
Is it possible to append/concatenate regexes for one field check? Currently I have a search as follows: myFieldName="mySearchValue" \| where match(path,`startOfPath`) `startOfPath` ex... by hexerino Explorer in Splunk Search 04-17-2019 0 2	0	2
Multiple queries scheduled to update in table Is there a way in splunk to have a table updated only when the query returns results. For Instance if there 50 index... by johnsasikumar Path Finder in Splunk Search 04-16-2019 0 0	0	0
error regex (PCRE2_DUPNAMES not set) when I start splunk it shows me his " Checking conf files for problems... Bad regex value: '(... by daluoc New Member in Splunk Search 04-16-2019 0 2	0	2
How to calculate percentage from 2 different searches? hello I try to calculate a percentage from 2 searches results I know how to count results from my first search : in... by jip31 Motivator in Splunk Search 04-16-2019 0 2	0	2
mvexpand multiple fields Is there a way to use mvexpand on multitple values? This is the result of my current search and I want it to look li... by michaelrosello Path Finder in Splunk Search 04-16-2019 1 5	1	5
How to preserve leading whitespace in a statistcs table? Hello! Take for example the following query: \| makeresults \| eval somevalue=" Hello World!" \| table someval... by BearMormont Path Finder in Splunk Search 04-16-2019 0 3	0	3
xyseries in full mesh: How to have it fill values A to Z with Z to A or vice versa? I have a search that calculates latency in a full-mesh network, where each router has a direct connection to all of t... by christopheryu Communicator in Splunk Search 04-16-2019 1 6	1	6
What is a good query to monitor for someone sending too many alerts? I received an email from ES techs that someone had sent over 128k alerts to the same address in a 24 hour period. I t... by MikeBertelsen Communicator in Splunk Search 04-16-2019 0 1	0	1