Splunk Search

Community Activity

Create a baseline for each day of the week Hi guys, I have query regarding how i can break my search for one month into weekly searches. I have been given an ... by vpurushottam Explorer in Splunk Search 03-16-2019 0 5	0	5
Multiple search values pass to another search I have a query which returns 100 ids(ids are dynamic). I have to search for these 100 ids in another log and see if t... by Prasenjit1508 New Member in Splunk Search 03-15-2019 0 1	0	1
Smart-mode search emits only one row of stats but gets auto-finalized for disk usage I have a user whose monthly report search is being auto-finalized due to disk usage. I've ensured there are no other ... by jspears Communicator in Splunk Search 03-15-2019 0 2	0	2
I want to pick up values from different columns from lookup files according to the sourcetype. I want to pick up values from different lookup files according to the sourcetype. \| lookup error_rules.csv EventSubTy... by veerendra_modi Loves-to-Learn in Splunk Search 03-15-2019 0 3	0	3
Why are my timechart results getting skewed? I have come across an issue with my timecharts. When I do a search for all day on Feb 26th and check 9AM, I see 127... by bstreber Path Finder in Splunk Search 03-15-2019 0 15	0	15
How to calculate request arrival rate only for weekdays and exclude weekends for PST time? Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time) by rajhemant26 New Member in Splunk Search 03-15-2019 0 2	0	2
How to setup a query to search and find file names with the current time value? Hi, I have a query that searches a field i.e. filenames with a value in this format >> filename = folder_name/sub_f... by Log_wrangler Builder in Splunk Search 03-15-2019 0 1	0	1
Why is the description field not functioning when using eval? Below is the search string I am using. Everything works like perfect except for the description field. The field rema... by mtupper New Member in Splunk Search 03-15-2019 0 1	0	1
Join or Subsearch performance Hi all, I have a performance question about "join" and "subsearch". Even join is a ressource-guzzler command I saw t... by MaryvonneMB Path Finder in Splunk Search 03-15-2019 0 1	0	1
Relative Time Value to Timepicker Latest Hey, I got a dashboard with different panels. They are all controlled by a single timepicker. Usually the timeranges... by hypePG Path Finder in Splunk Search 03-15-2019 0 5	0	5
How to list user accounts with domain? Hi, Splunk Enterprise. I am trying to get the list of all user accounts using below code, but the result showing o... by brpsingara Explorer in Splunk Search 03-15-2019 0 21	0	21
Why is time chart with span of 1w always Thursday to Thursday? Title pretty much says it all. Every time I go to run a time chart with a span of 1 week it runs from Thursday to Thu... by mumblingsages Path Finder in Splunk Search 03-15-2019 0 5	0	5
How to join 2 events and retrieve the status? Hi, I have a scenario where I need to check if a customer has placed an order when he has been offered an offer. So... by Shashank_87 Explorer in Splunk Search 03-15-2019 0 1	0	1
Field Extraction recommendations for Avaya call log I'm trying to do a field extraction for an Avaya call log. With this particular log event, every character, includin... by dahlberg New Member in Splunk Search 03-15-2019 0 5	0	5
Why are the columns reordered when implementing reporting command? Hi forum, I'm trying to implement a custom reporting command. Here is the smallest implementation which does nothing... by schose Builder in Splunk Search 03-15-2019 0 2	0	2
How to break a single event into multiple? Hi team, I have the following as a single event in splunk. )V 2019-03-11 msp raw utility_extract13L hdfs:/datalake... by pench2k19 Explorer in Splunk Search 03-15-2019 0 5	0	5
kvstore with custom key fields Can I define a custom key field in a kvstore? I've created the kvstore with following configuration: _key, targetUse... by hoytn Explorer in Splunk Search 03-15-2019 1 1	1	1
How to create a single value timechart after stats? Hi, I'm doing a device count based on device latest time event registration. I'm getting the correct device registr... by alc2019 New Member in Splunk Search 03-14-2019 0 4	0	4
Extract Hostname, Date and time from the log Hi all I want to extract Hostname, date and time from the log, Kindly help sample log: Mar 12 09:13:46 hostname1 <... by paullt12345 Explorer in Splunk Search 03-14-2019 0 2	0	2
multiple joins and subsearch question I have got 3 queries that I need to join together. First query has a subsearch. I used a subsearch because I need to... by mmdacutanan Explorer in Splunk Search 03-14-2019 0 3	0	3
Where to find unmatched regex events? I know this is a silly question but for some cases I need to know where the unmatched events go because my regex is t... by ejmin Path Finder in Splunk Search 03-14-2019 0 20	0	20
Need to dedup results based on id only if the field is not empty Hi, I need help deduplicating in a search where only half the data contains an id. Basically, the old data has a fie... by anthonycopus Path Finder in Splunk Search 03-14-2019 2 4	2	4
How to get a field extraction match up till the first time a string is found? This is the regex I've come up with so far. Unfortunately, it's either matching too much or not enough. I want it to ... by jeck11 Path Finder in Splunk Search 03-14-2019 0 4	0	4
How to lookup and match fields across sources? Hello, I have two sources: 1: Device, SiteName, Long, Lat 2: Device, Clients (Number of current clients) I wish to... by krisalexroberts New Member in Splunk Search 03-14-2019 0 1	0	1
Show IP address while using Geostats and iplocation I created a map showing connections outside the US but when I hover over the markers it only shows the lon and lat. I... by aking76 Path Finder in Splunk Search 03-14-2019 0 0	0	0