Splunk Search

Community Activity

Field Extraction recommendations for Avaya call log I'm trying to do a field extraction for an Avaya call log. With this particular log event, every character, includin... by dahlberg New Member in Splunk Search 03-15-2019 0 5	0	5
Why are the columns reordered when implementing reporting command? Hi forum, I'm trying to implement a custom reporting command. Here is the smallest implementation which does nothing... by schose Builder in Splunk Search 03-15-2019 0 2	0	2
How to break a single event into multiple? Hi team, I have the following as a single event in splunk. )V 2019-03-11 msp raw utility_extract13L hdfs:/datalake... by pench2k19 Explorer in Splunk Search 03-15-2019 0 5	0	5
kvstore with custom key fields Can I define a custom key field in a kvstore? I've created the kvstore with following configuration: _key, targetUse... by hoytn Explorer in Splunk Search 03-15-2019 1 1	1	1
How to create a single value timechart after stats? Hi, I'm doing a device count based on device latest time event registration. I'm getting the correct device registr... by alc2019 New Member in Splunk Search 03-14-2019 0 4	0	4
Extract Hostname, Date and time from the log Hi all I want to extract Hostname, date and time from the log, Kindly help sample log: Mar 12 09:13:46 hostname1 <... by paullt12345 Explorer in Splunk Search 03-14-2019 0 2	0	2
multiple joins and subsearch question I have got 3 queries that I need to join together. First query has a subsearch. I used a subsearch because I need to... by mmdacutanan Explorer in Splunk Search 03-14-2019 0 3	0	3
Where to find unmatched regex events? I know this is a silly question but for some cases I need to know where the unmatched events go because my regex is t... by ejmin Path Finder in Splunk Search 03-14-2019 0 20	0	20
Need to dedup results based on id only if the field is not empty Hi, I need help deduplicating in a search where only half the data contains an id. Basically, the old data has a fie... by anthonycopus Path Finder in Splunk Search 03-14-2019 2 4	2	4
How to get a field extraction match up till the first time a string is found? This is the regex I've come up with so far. Unfortunately, it's either matching too much or not enough. I want it to ... by jeck11 Path Finder in Splunk Search 03-14-2019 0 4	0	4
How to lookup and match fields across sources? Hello, I have two sources: 1: Device, SiteName, Long, Lat 2: Device, Clients (Number of current clients) I wish to... by krisalexroberts New Member in Splunk Search 03-14-2019 0 1	0	1
Show IP address while using Geostats and iplocation I created a map showing connections outside the US but when I hover over the markers it only shows the lon and lat. I... by aking76 Path Finder in Splunk Search 03-14-2019 0 0	0	0
How to extract date of the latest event after group by? Hi Team, I am facing issue after using group by clause. (Need date of the grouped event in DD-MM-YYYY ) The search ... by sagar1992 Explorer in Splunk Search 03-14-2019 0 3	0	3
How to merge rows with a common field? Hello, I have 1 single table that comes from two different searches/indexes/sourcetypes using append. I need to join... by ndaniel88 Explorer in Splunk Search 03-14-2019 0 6	0	6
Javascript tooltip showing results of a CSV lookup Hi all, we do have a table showing (besides other information) HTTP status codes. I'm trying to implement a tooltip ... by alai Explorer in Splunk Search 03-14-2019 0 7	0	7
Regex, and extracting the IP + hostname from _internal One of my ongoing gripes with splunk is that there is no way to see the IP and the hostname -- either my forwarder se... by oliverj Communicator in Splunk Search 03-14-2019 0 4	0	4
How to use round function in appendpipe? This search works well and gives me the results I want as shown below: index="index1" sourcetype="source_type1" resp... by JarrettM Path Finder in Splunk Search 03-14-2019 0 2	0	2
Why is basic eval not returning results? Hello I dont understand why: index="x" sourcetype="wmi:BatteryFull" OR sourcetype="wmi:BatteryStatic" \| dedu... by jip31 Motivator in Splunk Search 03-14-2019 0 11	0	11
Why are user details missing in the splunk logs? Hello All, I have an ongoing issue with my Splunk environment. Actually an user "Alex" have added remote desktop use... by mailmetoramu Explorer in Splunk Search 03-14-2019 0 8	0	8
How to find common errors in different log files? In my environment I got one scenario like have to find common errors in iis log, applog,apache log and db log. How to... by Reddi694325 Path Finder in Splunk Search 03-14-2019 0 3	0	3
Why is the search bringing "-" account results for event 4625? Hi, This is the search that we are using for the dashboard and it brings all events with value "-". index=wineventl... by sjimenezp New Member in Splunk Search 03-14-2019 0 2	0	2
How to create a search for the fields using regex? Hello, I have the following string pattern (source): /trace/DB_BWP/xsengine_ls5925.30246.crashdump.20190312-213001.... by damucka Builder in Splunk Search 03-14-2019 0 2	0	2
How to match search with KV lookup files? Hello, I have a KV file that is auto generated with username using a script running every hour. I want to match the u... by kiranpatil1985 New Member in Splunk Search 03-13-2019 0 2	0	2
How to update lookup using macro? When I want to update lookup using search like below, it updates lookup table even if there is no results, but I want... by yutaka1005 Builder in Splunk Search 03-13-2019 0 4	0	4
Alter the width of single value panel How to resize the width of single value dashboard panels in case if I have only one column in a row, instead of makin... by gokool2u Explorer in Splunk Search 03-13-2019 0 7	0	7