Splunk Search

Community Activity

Group data 'n' rows at a time I have 40 rows in my data with fields Date, Total. I want to add the values of Total for each 5 days. How can I group... by nikita012 New Member in Splunk Search 04-04-2019 0 1	0	1
Issue of lookup csv file and output multiple values Hi, When I lookup a csv file, and match multiple values, it will output as a multi-value fields . Like that : But,... by leo_wang Path Finder in Splunk Search 04-04-2019 0 3	0	3
Lookup several times in a KVstore? I'm working on a kvstore that has multiple interesting columns with which i might determine to enrich an event. For ... by christoffertoft Communicator in Splunk Search 04-04-2019 0 0	0	0
field::value vs field=value when doing search I have a UF, Indexer, Search Head. My UF accepts UDP packets. I created a field in the UF so that I can identify that... by htidore Path Finder in Splunk Search 04-04-2019 0 1	0	1
Issue with performance on join command? Hello there, Sorry for asking a noob question! But I'm struggling to determine why my join isn't working across all ... by jsoohoo New Member in Splunk Search 04-04-2019 0 2	0	2
Create a single PEM file - ssl Hello #splunkers I had to create my first self-signed ssl for splunk web and data and I followed splunks guides but I... by net1993 Path Finder in Splunk Search 04-04-2019 0 0	0	0
How can I convert week number to starting date of that week? I have a week_number field in my data. I want to display each week_number with the date of 1st day in that week. Ex- ... by nikita012 New Member in Splunk Search 04-04-2019 0 5	0	5
Can you help me with a search query using the table command? Hi Team, I have a query to segregate and provide the data in a table format in Splunk Enterprise. index=xxx sourcet... by anandhalagarasa Path Finder in Splunk Search 04-04-2019 0 2	0	2
how to search on multiple key/value "Log was backed up. Database: <abc>" host=<xyz> I currently have multiple alerts - one for each database / server. ... by splunkhan New Member in Splunk Search 04-03-2019 0 2	0	2
How do you use an aggregated value as a filter? Hello, I need to use an aggregated value as a filter. The search returns multiple rows, and I need only those with ... by ygaluzo New Member in Splunk Search 04-03-2019 0 1	0	1
Got a search which is very slow. How can I save all the related information for further analysis if needed. Got a search which is slow. When I click the job inspector, see all the time spend on different components. Is it p... by daniel_splunk Splunk Employee in Splunk Search 04-03-2019 0 1	0	1
Splunk failed to index log file from starting of the month I've Splunk monitor a directory which contain multiple files and each for 1 day. Indexing those files work perfectly ... by daniel_splunk Splunk Employee in Splunk Search 04-03-2019 0 1	0	1
How to filter input log for certain record only I've lot of udp log and only a small portion of them contain error and need to investigate. I don't want to index all... by daniel_splunk Splunk Employee in Splunk Search 04-03-2019 0 1	0	1
How can I handle a time stamp with flexible spaces? We have a syslog data that was written to disk via the FULLDATE macro. For today, it looks like — 2019 Apr 3 19:30:... by ddrillic Ultra Champion in Splunk Search 04-03-2019 0 2	0	2
Convert Index time I am trying to change Event time Apr 02, 2019 3:15:34 AM to YYYY-MM-DD HH:MM:SS,sss format. by RASHO New Member in Splunk Search 04-03-2019 0 5	0	5
How do you combine similar Items in a search? I have a scenario where I have a data set that contains user ids, among other things, but there are two possible vers... by balcv Contributor in Splunk Search 04-03-2019 0 5	0	5
Dashboard Update Monthly Scans Hello, I created a series of dashboards that will automatically update when data from a monthly scan is ingested. In ... by DBattisto Communicator in Splunk Search 04-03-2019 0 3	0	3
Can you help me make a regular expression to extract a field? Hello, I have these events where I want to extract a filename. Right now, none of the fields capture the Filename("... by x213217 Explorer in Splunk Search 04-03-2019 0 2	0	2
How come my rex command doesn't give results as expected? I have the following log statement and I would like to retrieve the mac address which is a 12 digit string from it. ... by ananth402 Explorer in Splunk Search 04-03-2019 0 4	0	4
How do you pull and match data? Hey, So the data I am pulling from is from two source types. I indexed bigfix and tried to pull the software informa... by laquantat Engager in Splunk Search 04-03-2019 0 4	0	4
Field extraction from source field I have my Splunk source in the format below : source=/default/folder/20190403/file_PARADOX_7747_txt I am trying to ... by ppatkar Path Finder in Splunk Search 04-03-2019 0 7	0	7
How do you create new fields from the current field values? Hi, I wonder whether someone can help me please. I'm using the following query to extract data from the raw JSON fi... by IRHM73 Motivator in Splunk Search 04-03-2019 0 7	0	7
field extractions on indexer Is it possible to define field extractions on the indexer and allowing the search head to use the extractions? Or can... by aaronkorn Splunk Employee in Splunk Search 04-03-2019 1 2	1	2
round fuction usage for avg command output Hi , I have been using the stats avg(duration) as Avg_Duration in my query.But while displayin the Avg_Duration i am... by rakesh_498115 Motivator in Splunk Search 04-03-2019 1 3	1	3
How to control search duration of users Hello Splunkers, I want to put restrictions on the seach time period , right now one user can search for as long as ... by ramprakash Explorer in Splunk Search 04-03-2019 0 10	0	10