Splunk Search

Community Activity

Splunk regex field I am trying to regex correlation Id's, that will be having a different unique number in every transaction. I am using... by amandahaydaw199 New Member in Splunk Search 03-31-2019 0 2	0	2
Can you help me figure out why my query is not working? index=* \|stats count by sourcetype \|table index sourcetype count The above query displays the sourcetype and count ... by VijaySrrie Builder in Splunk Search 03-30-2019 0 4	0	4
Why are my logs not available in Hadoop? We were able to see the logs in Hadoop from Splunk, but now, those logs are not available. What would be the issue? O... by VijaySrrie Builder in Splunk Search 03-29-2019 0 1	0	1
Splunk volume exceeding maxVolumeDataSizeMb setting The /volumes/summaries directory is the location of data model acceleration summaries: /opt/splunk/etc/slave-apps/clu... by rsantoso_splunk Splunk Employee in Splunk Search 03-29-2019 0 1	0	1
Can you help me mask some data during search time? Hi Splunkers, I want to mask the PII data during the search time for specific users. I checked all the existing que... by impurush Contributor in Splunk Search 03-29-2019 0 6	0	6
combine 2 queried and combine results I have 2 good searches. One outputs: Date Agent Answered Calls Average Talk Time Longest Talk Time Total Ta... by fmatera Explorer in Splunk Search 03-29-2019 0 3	0	3
aggregation over _time Hello, I have the following search: index=mlbso sourcetype=BWP_hanatraces "long running cursor detected" \| sort - ... by damucka Builder in Splunk Search 03-29-2019 0 1	0	1
How do you lookup matching numbers by values regardless of formats? I have a lookup table, mylookup.csv, such as: Key, Value 3, 30 4, 45 5, 52 I have a CSV source mysource.csv, as: ... by xshen_anji New Member in Splunk Search 03-29-2019 0 7	0	7
How do you use regex to remove duplicate characters? I have a report that requires several fields to be concatenated, each separated by a semicolon. Because some of the f... by mistydennis Communicator in Splunk Search 03-29-2019 1 2	1	2
How do you remove the first row and get same table as it is when used transpose? My query is index=_internal source=metrics.log \| search series!=_ group="per_index_thruput" \| eval GB=kb/(10... by snallam123 Path Finder in Splunk Search 03-29-2019 0 2	0	2
Can you help me convert a timestamp to another timestamp? Hi all, I need to convert this timestamp 2019-03-13T00:35:10+0100 to this 13-03-2019 00:35:10 How can I do thi... by ElBorni96 Engager in Splunk Search 03-29-2019 0 3	0	3
What is a shorthand way to reference a fixed list of host names in a search? We're using Spunk in a Windows domain that has hundreds of computers. There is a fixed subset of computers that I wan... by williamcharlton Path Finder in Splunk Search 03-29-2019 0 2	0	2
How do you display AVG, MIN, and MAX as row headers by Service? I have several services that I need to calculate Avg/min/max for. {basesearch} \| stats avg(transTime) as "Avg", mi... by cmcdole Path Finder in Splunk Search 03-29-2019 0 4	0	4
Group data, but keeping data to be grouped. Hi all, I got some data structured next: url user event ------------------------------------- Url1, user1, ... by dreadangel Path Finder in Splunk Search 03-29-2019 0 4	0	4
How do you compare 2 fields from 2 sourcetypes? Hello, I have a source with proxy log sent by syslog and another with hostname blacklisted get by a text file get ev... by dleveque New Member in Splunk Search 03-29-2019 0 2	0	2
How do you combine two searches? I have two searches that work fine, but I want to show them in one dashboard. I have these two 1-....search....: \|... by Mike6960 Path Finder in Splunk Search 03-28-2019 0 4	0	4
Multiselect field with Duplicate Field Values by different labels Hi All, I have a multiselected field allowing my users to select from a list of potential hosts. However we have some... by Melstrathdee Path Finder in Splunk Search 03-28-2019 0 3	0	3
How do you exclude files in a directory? I've been struggling with this for several days now and cannot find a solution that works for me so I am turning to y... by balcv Contributor in Splunk Search 03-28-2019 0 3	0	3
How do I email customized stats tables to individual employees? I want to send an alert to each Employee once a day with a stats table customized to that employee: for instance the ... by matthewg Explorer in Splunk Search 03-28-2019 0 0	0	0
club 3 search queries into 1 I have given the query below. I am trying to display all 3 RERs- RERa, RERb, RERc. But this is displaying just RERb a... by BMUDGAL1190 New Member in Splunk Search 03-28-2019 0 2	0	2
Is there a possibility to write an event to splunk index source type through SPL? I have an requirement where the user would like to store the data to a source type of an index. and would be modifyin... by shahid285 Path Finder in Splunk Search 03-28-2019 0 5	0	5
How to delete a lookup table file and definition? I am testing some lookup files in a dev environment. I would like to clear out the first few tries and work with only... by feickertmd Communicator in Splunk Search 03-28-2019 2 5	2	5
How do you separate fields into different variables based on the beginning letter of field? So I'm sure I'm missing something obvious, but I cannot for the life of me find something similar to what I'm looking... by ibdubs Explorer in Splunk Search 03-28-2019 0 8	0	8
Splunk Subsearch / Join / Combine event query assistance I have a very large dataset of events (millions of events per hour of various event types) which are all part of the ... by gjcwilliams New Member in Splunk Search 03-28-2019 0 2	0	2
Help on SystemTime format and SystemTime stats Hi I use the search below but SystemTime doesnt return results SystemTime format is like this : '2019-03-25T03:49:42... by jip31 Motivator in Splunk Search 03-28-2019 0 6	0	6