Splunk Search

Community Activity

Can you help me use a macro in an eval statement and IN operator? We're trying to use a single macro in two different contexts — an "eval" command and "IN()" operator. We can't seem t... by lospinoj2 New Member in Splunk Search 03-31-2019 0 2	0	2
How do you extract a field between 2 fixed words? Need help extracting\creating a new field between 2 fixed words. Example: !CASH OUT $100.00! ... by clarkedayne New Member in Splunk Search 03-31-2019 0 3	0	3
How do I compare search results from two different time periods? Good day! Could you help me, please? I need to compare the number of unique user connections in two time intervals:... by stevesmith08 Explorer in Splunk Search 03-31-2019 0 2	0	2
Ulimit for open files did not match Hi, I have increased our ulimit for open file in our indexer to 65536 as recommended by splunk support. After the c... by khusain_splunk Splunk Employee in Splunk Search 03-31-2019 0 2	0	2
How can I transpose/transform data in multiple rows? Hi all, I was preparing my data to be visualised. However, I met with a challenge. The below is an extract of my dat... by quahfamili Path Finder in Splunk Search 03-31-2019 0 2	0	2
Can you share some search commands related to application monitoring? Hi, I have a few access logs. Please share a few search commands related to application monitoring that will create... by asm_coe Explorer in Splunk Search 03-31-2019 0 5	0	5
how to compare two different length string until the length of the shorter one. Hi I've faced some problem about string comparing I have a value, value_1 = "abcdefg" and a lookup file, "abc.c... by apple143 Engager in Splunk Search 03-31-2019 0 2	0	2
Can you help me figure out why our semi-dynamic lookup is not working? Hi Splunk Users, My main search to find DHCP Discover logs is as below: index=bluecat (Mac_Address) "DHCPDISCOVER... by goken New Member in Splunk Search 03-31-2019 0 1	0	1
Splunk regex field I am trying to regex correlation Id's, that will be having a different unique number in every transaction. I am using... by amandahaydaw199 New Member in Splunk Search 03-31-2019 0 2	0	2
Can you help me figure out why my query is not working? index=* \|stats count by sourcetype \|table index sourcetype count The above query displays the sourcetype and count ... by VijaySrrie Builder in Splunk Search 03-30-2019 0 4	0	4
Why are my logs not available in Hadoop? We were able to see the logs in Hadoop from Splunk, but now, those logs are not available. What would be the issue? O... by VijaySrrie Builder in Splunk Search 03-29-2019 0 1	0	1
Splunk volume exceeding maxVolumeDataSizeMb setting The /volumes/summaries directory is the location of data model acceleration summaries: /opt/splunk/etc/slave-apps/clu... by rsantoso_splunk Splunk Employee in Splunk Search 03-29-2019 0 1	0	1
Can you help me mask some data during search time? Hi Splunkers, I want to mask the PII data during the search time for specific users. I checked all the existing que... by impurush Contributor in Splunk Search 03-29-2019 0 6	0	6
combine 2 queried and combine results I have 2 good searches. One outputs: Date Agent Answered Calls Average Talk Time Longest Talk Time Total Ta... by fmatera Explorer in Splunk Search 03-29-2019 0 3	0	3
aggregation over _time Hello, I have the following search: index=mlbso sourcetype=BWP_hanatraces "long running cursor detected" \| sort - ... by damucka Builder in Splunk Search 03-29-2019 0 1	0	1
How do you lookup matching numbers by values regardless of formats? I have a lookup table, mylookup.csv, such as: Key, Value 3, 30 4, 45 5, 52 I have a CSV source mysource.csv, as: ... by xshen_anji New Member in Splunk Search 03-29-2019 0 7	0	7
How do you use regex to remove duplicate characters? I have a report that requires several fields to be concatenated, each separated by a semicolon. Because some of the f... by mistydennis Communicator in Splunk Search 03-29-2019 1 2	1	2
How do you remove the first row and get same table as it is when used transpose? My query is index=_internal source=metrics.log \| search series!=_ group="per_index_thruput" \| eval GB=kb/(10... by snallam123 Path Finder in Splunk Search 03-29-2019 0 2	0	2
Can you help me convert a timestamp to another timestamp? Hi all, I need to convert this timestamp 2019-03-13T00:35:10+0100 to this 13-03-2019 00:35:10 How can I do thi... by ElBorni96 Engager in Splunk Search 03-29-2019 0 3	0	3
What is a shorthand way to reference a fixed list of host names in a search? We're using Spunk in a Windows domain that has hundreds of computers. There is a fixed subset of computers that I wan... by williamcharlton Path Finder in Splunk Search 03-29-2019 0 2	0	2
How do you display AVG, MIN, and MAX as row headers by Service? I have several services that I need to calculate Avg/min/max for. {basesearch} \| stats avg(transTime) as "Avg", mi... by cmcdole Path Finder in Splunk Search 03-29-2019 0 4	0	4
Group data, but keeping data to be grouped. Hi all, I got some data structured next: url user event ------------------------------------- Url1, user1, ... by dreadangel Path Finder in Splunk Search 03-29-2019 0 4	0	4
How do you compare 2 fields from 2 sourcetypes? Hello, I have a source with proxy log sent by syslog and another with hostname blacklisted get by a text file get ev... by dleveque New Member in Splunk Search 03-29-2019 0 2	0	2
How do you combine two searches? I have two searches that work fine, but I want to show them in one dashboard. I have these two 1-....search....: \|... by Mike6960 Path Finder in Splunk Search 03-28-2019 0 4	0	4
Multiselect field with Duplicate Field Values by different labels Hi All, I have a multiselected field allowing my users to select from a list of potential hosts. However we have some... by Melstrathdee Path Finder in Splunk Search 03-28-2019 0 3	0	3