Splunk Search

Community Activity

Error in 'fields' command: Invalid argument: 'Account_Name=HELP' How to correct this SPL to avoid this error index=win EventCode=528 OR EventCode=4624 LogonType=2 \| fields Account_... by splunk_zen Builder in Splunk Search 04-19-2019 0 4	0	4
Question on comparing 2 columns i have 2 columns as below. Please see if you have a way to do this .. thanks.. Requirement is if col1 = col2 , co... by jiaqya Builder in Splunk Search 04-19-2019 0 6	0	6
rounding function round(x,y) returns 100 instead of 99,99 Hi Lets say I have value of 99.99875547590601 and I want to get only 99,99 so I use the function round(99.998755475... by net1993 Path Finder in Splunk Search 04-19-2019 0 1	0	1
Add Percentage Column next to the Count Please help me to add percentage column SourceName, Count, % ABC , 20, 5% XYZ, 10, 2% index=prod_sum \| dedup Sour... by rakeshkumar19 New Member in Splunk Search 04-18-2019 0 7	0	7
search use case help with common field hi all, have some query on search use case. 1) My requirement is to extract a hpotter from a log - ex: log looks... by venkasplunk New Member in Splunk Search 04-18-2019 0 6	0	6
How to trim a string to a new field Hello, I cannot figure out the syntax of the rex function. I have a field called data multiple email addresses: eampl... by anasshsa Engager in Splunk Search 04-18-2019 0 2	0	2
Is it possible restrict a user search by data values? Hey! For example, if I have events contain different countries. Is it possible to restrict users by specific values... by hketer Path Finder in Splunk Search 04-18-2019 0 2	0	2
Remove null values from evaluated field in the search results Hello, I have this query: index=main \| table sourcetype, data, context, local_endpoint, remote_endpoint \| eval Ergebn... by anasshsa Engager in Splunk Search 04-18-2019 0 2	0	2
How to convert date string to date format in string and extract all the dates which are 60 and 90 days earlier than the current day? Hi All, I am unable to convert date string to date format using below SPL query. eval "-Last Logon Date" = strptime... by vineeth_jain Explorer in Splunk Search 04-18-2019 0 3	0	3
Migrate data from standalone to indexer cluster Hello splunkers! We have lost indexed data of some days in clustered indexer. However, data exists in standalone spl... by rjfv8205 Path Finder in Splunk Search 04-18-2019 0 6	0	6
How can I use a variable as parameter for a custom command? This is not working: Is there a special syntax to use the content of a variable an not its name? sourcetype="test" \|... by HustenHelmut334 New Member in Splunk Search 04-18-2019 0 2	0	2
Sub a string until a specific character Hello, I Need to know how can I trim a string from the begining until a specific character. For example, I have the t... by anasshsa Engager in Splunk Search 04-17-2019 0 2	0	2
Manipulating data in a Values() output Is there any sort of syntax for me to be able to manipulate or get data on data that exists in the Values() field. S... by chandlercr New Member in Splunk Search 04-17-2019 0 1	0	1
Trying to use collectd to trend process utilization by name I've got a test set of hosts using collectd to gather process information, and I'm struggling how to get mstats to gi... by mjones414 Contributor in Splunk Search 04-17-2019 0 0	0	0
SPL Can't do conditional statements after dealing with multi value fields My goals is to grab the computer name from the multi-value field: identities. I then want to take that new attribute ... by clozach Path Finder in Splunk Search 04-17-2019 0 1	0	1
Limited output for multivalue field Hi Splunkers, we have JSON logs with multiple values for a single field - list of identities - up to 1000. I need ... by evelenke Contributor in Splunk Search 04-17-2019 0 0	0	0
How do you average count values in certain timeslots? Dear Community, I got a use case I seem to be too inexperienced with to complete on my own. Since I just started del... by VanyBerg Engager in Splunk Search 04-17-2019 0 1	0	1
help on stats(dc) command hello I use the search below in order to display cpu using is > to 80% by host and by process-name So a same host ca... by jip31 Motivator in Splunk Search 04-17-2019 0 4	0	4
How do I find the difference in time between two fields in the same event? I am fairly new to Splunk so bear with me. I have extracted two fields and they are ConnectTime and DisconnectTime a... by LHisham Engager in Splunk Search 04-17-2019 1 3	1	3
baic question on inputlookup hi I have diffuclties to understand how inputlookup works I use the search below index="x" sourcetype=y source="... by jip31 Motivator in Splunk Search 04-17-2019 0 10	0	10
Is it possible to change an index name? One of our customers wonders whether it's possible to change an index name. Is it possible? by ddrillic Ultra Champion in Splunk Search 04-17-2019 0 2	0	2
How to search an event ID for password expiration enabled I am trying to search event logs for an event when a user password is set to not expire. But the alert I have setu... by wingstopdgon New Member in Splunk Search 04-17-2019 0 1	0	1
How to subtract a string from value field I Need to know to subtract a string from the begining of a value until a specific character in Spl. For example, if I... by anasshsa Engager in Splunk Search 04-17-2019 0 1	0	1
Combining Search Results By Passing Subsearch Values Hi, Essentially, I am trying to join 2 or 3 log entries together linking them by a yet to be determined value (sessi... by adamcoquim Explorer in Splunk Search 04-17-2019 0 2	0	2
Encryption on the port 9997 Hello, I have the following inputs.conf on my indexer: [default] host = mo-7ee963859.zone1.mo.sap.corp [monitor://... by damucka Builder in Splunk Search 04-17-2019 0 2	0	2