Splunk Search

Community Activity

Field extraction from source field I have my Splunk source in the format below : source=/default/folder/20190403/file_PARADOX_7747_txt I am trying to ... by ppatkar Path Finder in Splunk Search 04-03-2019 0 7	0	7
How do you create new fields from the current field values? Hi, I wonder whether someone can help me please. I'm using the following query to extract data from the raw JSON fi... by IRHM73 Motivator in Splunk Search 04-03-2019 0 7	0	7
field extractions on indexer Is it possible to define field extractions on the indexer and allowing the search head to use the extractions? Or can... by aaronkorn Splunk Employee in Splunk Search 04-03-2019 1 2	1	2
round fuction usage for avg command output Hi , I have been using the stats avg(duration) as Avg_Duration in my query.But while displayin the Avg_Duration i am... by rakesh_498115 Motivator in Splunk Search 04-03-2019 1 3	1	3
How to control search duration of users Hello Splunkers, I want to put restrictions on the seach time period , right now one user can search for as long as ... by ramprakash Explorer in Splunk Search 04-03-2019 0 10	0	10
Can you help me figure out if I should use a condition statement OR an If statement? Hi all I am new to Splunk please help me on this. I am trying to check a condition that if Coin Acceptor, Receipt... by jayachandrank Explorer in Splunk Search 04-03-2019 0 7	0	7
How to get the non reporting device list?? How to get the non reporting device list?? Any way to compare the lookup and the stored data so i can get the non r... by raja8220 New Member in Splunk Search 04-03-2019 0 8	0	8
help with timechart / count needed Hello, I would like to track the license consumption as from time to time it is 4 times higher (per day) than expect... by damucka Builder in Splunk Search 04-03-2019 0 1	0	1
Checking the events from a transaction for a range of time say +/-5min. transaction id startswith="sourcetype=1" endswith="sourcetype=2" maxspan= in place of time range we want to have the ... by veerendra_modi Loves-to-Learn in Splunk Search 04-03-2019 0 0	0	0
Can we remove lookup names from dataset page? Can we remove lookup names from dataset page? I just want to show data model on this page: by vishaltaneja070 Motivator in Splunk Search 04-03-2019 0 0	0	0
How to get the required text from rex? Hello, I want to extract only the required text from Logs using rex. for instance, consider in logs there is some da... by saitejagayala New Member in Splunk Search 04-03-2019 0 6	0	6
Splunk logs dedup/consolidation Hi Splunkers! Do any of you know if there is a built-in feature or mechanism in Splunk that aggregates similar logs... by astatrial Contributor in Splunk Search 04-03-2019 0 7	0	7
(While) Loop function in search I'm currently facing an issue where I would solve it with a loop function in any programming language. But I'm now ... by dvbeekcinq New Member in Splunk Search 04-03-2019 0 3	0	3
query help with chart Hi, I have a csv file with inputs like this : Time,Device,Interface,Duration,Bits In/sec,Bits Out/sec,BW 3/22/2019 ... by surekhasplunk Communicator in Splunk Search 04-02-2019 0 7	0	7
Join command not matching on username properly I'm trying to join the two queries together one which queries the total number of accesses by a student and then the ... by jsoohoo New Member in Splunk Search 04-02-2019 0 0	0	0
Help me to Format date Hi I want to format the date field with the following format Ex: 20190401 Expected: 01 Apr 2019 Mon Thanks by rockts89 Engager in Splunk Search 04-02-2019 0 2	0	2
How to check the gradual increase of the value of a field which crosses 3 time increment I have a requirement, where I need to display name of an queue, for which the size of the queue is keep on increasing... by akarivaratharaj Communicator in Splunk Search 04-02-2019 0 3	0	3
How do you remove remote data with configure file? Hi, Splunkers: Recently, I've migrated my indexer to search head, but I'm not very familiar with configure files. Th... by aojie654 Path Finder in Splunk Search 04-02-2019 0 3	0	3
How do you create a timestamp field? I'm inputing a txt file into Splunk, and I need assistance with timestamp format and prefix. Example event: 05:12:2... by clarkedayne New Member in Splunk Search 04-02-2019 0 2	0	2
How can I run the extract command on field extracted by the rex command Cog in a larger machine, I have asked my Splunk team to improve the parsing on some of our logs, but it hasn't happen... by seomaniv Explorer in Splunk Search 04-02-2019 0 4	0	4
Scheduled search in a dashboard Hello Everyone, I have created a dashboard and wants the result for last 7 days; and want to schedule it and run e... by bagarwal Path Finder in Splunk Search 04-02-2019 0 3	0	3
How do you perform a mathematical calculation on the results of two queries? Hello, I have two queries: 1. index=abc slice_played slicer=Latency externalUserID="$ext$" assetID="806d682119ac46d1... by moizmmz Path Finder in Splunk Search 04-02-2019 0 2	0	2
Why is my lookup with a single column not working? I have a CSV of filenames. The column header name in the CSV is indicator_F. Index=main has a field = file, which a... by Log_wrangler Builder in Splunk Search 04-02-2019 0 1	0	1
How do you group by substring of URI? I have raw data like below: /?AID=10654946&PID= 40 /test_main.jsp 232 /topic1.jsp?redirectPage=/main/word/unde... by vas123 Explorer in Splunk Search 04-02-2019 0 3	0	3
Can you help me chart a statistics table on a month by month basis? Hello, I have a search that generates a statistics table based on the timerange I select. How can I select, lets sa... by x213217 Explorer in Splunk Search 04-02-2019 0 1	0	1