Splunk Search

Community Activity

Why wasn't the lookup csv file replicated? We created a lookup via the outputlookup command and we can see the file under $SPLUNK_HOME/etc/apps/<app name>/looku... by ddrillic Ultra Champion in Splunk Search 04-15-2019 0 1	0	1
How to extract sourcetype using rex? Hi everyone, I have 40 source type with different names so I was wondering if i can extract sourcetype using rex. a... by splunkuseradmin Path Finder in Splunk Search 04-15-2019 1 1	1	1
Can regex remove spaces inside a capture group? I am using regex slot and port information. Here is an example of the syslog output: Slot1 : OLTPort2 Is it possib... by donemery Explorer in Splunk Search 04-15-2019 0 7	0	7
How to create a search to get count total with percentage against total count? Hi there, I have below result with this query. index="abc" Properties.CorrelationId != XYZ \| stats count by Prope... by sudheeraha Engager in Splunk Search 04-15-2019 0 3	0	3
Is it possible to sort or reorder a multivalue field? Anyone have any thoughts as to how to reorder a multi-valued field? Ideally I'd like to be able to do a "sort" or in... by Lowell Super Champion in Splunk Search 04-15-2019 4 5	4	5
How to extract particular string in the data? Hi Team, I m planning to collect the highlited text from the raw data as below info : Detailed logging to /apps/dat... by pench2k19 Explorer in Splunk Search 04-15-2019 0 10	0	10
How do i get the count of Java Threads on a particular server using Splunk? Hi, I want to calculate the Java threads on my 4 application servers. I have one query but i believe that gives all t... by Shashank_87 Explorer in Splunk Search 04-15-2019 0 2	0	2
Using MVZip and MVExpand on MultiValue fields where array sometimes doesnt exists {<!-- --> "timestamp": "2019-04-11T16:44:45.497462", "payload": {<!-- --> "KEY_CHK_DCN_NBR": "19054", "recommendations": ... by rajkumarsowmy New Member in Splunk Search 04-15-2019 0 2	0	2
How to build a chronological event list I have an index that lists (among other things) a device, event date, and level (1-4). Devices change levels at rando... by cpressl New Member in Splunk Search 04-15-2019 0 0	0	0
Eval statement not working... For some reason the following isn't working: index="sandbox" sourcetype="as-cdr" \|stats count AS numCalls \|append [s... by msarro Builder in Splunk Search 04-15-2019 0 5	0	5
How do I alert when a host stops sending data? What's the best way to create a search to identify which hosts have not sent a syslog message to Splunk in the last 2... by matt Splunk Employee in Splunk Search 04-15-2019 2 10	2	10
Combine different searches into a single table or report Hi I have 10 different Splunk queries that return results only when there is an issue or a flag of 1. All the queries... by johnsasikumar Path Finder in Splunk Search 04-15-2019 0 1	0	1
How to customize and sort columns with specific conditions? Hi, I am looking to sort column with specific condition. Condition: if column Context_Command contains * it should... by AKG1_old1 Builder in Splunk Search 04-15-2019 1 2	1	2
combine two search results tables by matching fields value Hello Guys , I am having results from two different query 1> index=_internal ("version" AND source="/opt/splunk/va... by kannu Communicator in Splunk Search 04-15-2019 0 10	0	10
Filter search string to field with only 1 specific value I want to output computers who only has started 1 specific application Field values: Application + Computers There i... by lbkAconectodk New Member in Splunk Search 04-15-2019 0 7	0	7
Help on subsearch Hello I use the search below it works fine..... BUT for some host, I cant catch the fields there is in the subsearch... by jip31 Motivator in Splunk Search 04-14-2019 0 7	0	7
How to group results that has 5 or more distinct values in list(repo_name) ? Hi, I have a search query as below. query \| stats list(repo_name) by user_login This returns username with their ... by wailoont Engager in Splunk Search 04-14-2019 0 2	0	2
How do I disable drill down (completely) for certain columns in a table? Hi there, I need to disable drilldown on certain columns. Unlike the answer given here... https://answers.splunk.co... by nick405060 Motivator in Splunk Search 04-14-2019 1 8	1	8
How to display a linechart that uses the same field for different devices? So I have HomeAssistant installed and I'm sending all of the events off to my splunk server. I recently had my attic... by thefuzz4 Path Finder in Splunk Search 04-13-2019 0 2	0	2
Find the "No events" Given the search stats count by Name, Fruit results in: Name, Fruit, count Mike, Bananas, 10 Mike, Apples, 10 Sus... by fred1455 New Member in Splunk Search 04-13-2019 0 4	0	4
How to populate a lookup file with eval? Hi, I would like to update a lookup file with, for an example 10 new information, through Splunk Search only. The ... by vbantug New Member in Splunk Search 04-13-2019 0 2	0	2
how to compare characters in two fields and return number of matches? I have two fields se_split and re_split which are lined up like so re_split se_split a ... by brienhawker Explorer in Splunk Search 04-13-2019 1 10	1	10
adding another field after using set diff Hi Splunkers I have a set of results from using set diff which is all good. I am now wanting to output another field... by proylea Contributor in Splunk Search 04-13-2019 0 20	0	20
How to compare the same search from the previous day to current day using set diff? Hi guys, I am very new to Splunk (about 1 month or so) and I am having some trouble incorporating "set diff" into my... by darrenaefc Engager in Splunk Search 04-13-2019 0 8	0	8
How can I normalize timechart with field values having wide variation Have a log file that has http response codes in a particular field. I am doing timechart on it but as the 200 respons... by smiththebest New Member in Splunk Search 04-13-2019 0 2	0	2