Splunk Search

Community Activity

Can we search in different time ranges between multiple indexes? Hi, Can I run a search with two or more indexes and specify a different time range in each one? For example, would ... by russell120 Communicator in Splunk Search 03-08-2019 1 11	1	11
List of computers extracted from the computer Scenario: In a way, the local admin user can be retrieved, the computer to remove the domain, and without the domain ... by magun New Member in Splunk Search 03-08-2019 0 7	0	7
How can I group the query? Hi all, I am new to splunk Following is the information: Column1 Column2 column3 f... by uppukumar Explorer in Splunk Search 03-08-2019 0 2	0	2
How eliminate records from a search that appear twice only? Hi, I have a search which returns a list of records, some of them have a duplicate Value. Here's an example of the ou... by emipintus Explorer in Splunk Search 03-08-2019 0 7	0	7
Why is join slow? I've seen a lot about not using join subsearches, how it's slow, etc etc. Which proves to be true in practice. What ... by chirsf Explorer in Splunk Search 03-08-2019 0 2	0	2
Temenos T24 Monitoring whit Splunk Hi team i have been working a new project with banking sector where they are using the Core Banking T24. Does anyon... by evinasco Communicator in Splunk Search 03-08-2019 1 3	1	3
stacked bar chart in timeline series hi! I want to create a stacked bar chart like in a timline series like this \|[----RUN TIME----]\|[----IDLE TIME----]\|... by mdmaala Communicator in Splunk Search 03-07-2019 0 2	0	2
How do I schedule a recurring search that would alert if an index is missing data feeds from hosts? Hi. I need to schedule a recurring search that would alert/email me if an index, say "web", is missing data feeds ... by jasonlow Loves-to-Learn in Splunk Search 03-07-2019 0 3	0	3
List Comparison I'm wanting to find out if it's possible to take a list of items in a text file, conduct a search against that list a... by balcv Contributor in Splunk Search 03-07-2019 0 6	0	6
How do you use fillnull to return a count of 0? I have events that have a value called "Date First Found" that is of the format: "%m/%d/%Y". I calculate the number o... by michael_ermino_ New Member in Splunk Search 03-07-2019 0 2	0	2
With regex, can you help me with a matching issue for a blank space? Hello, I am having an issue with some regex that I wrote. it is working fine except for this blank space. Regex : ... by su_kumar New Member in Splunk Search 03-07-2019 0 7	0	7
Why does my real time search job keeps getting killed? Hi I have a real time search over the past 5 minutes, however it works for 30 seconds an then it dies. any ideas? I... by robertlynch2020 Influencer in Splunk Search 03-07-2019 1 6	1	6
How do you correlate events from two different indexes by date? Hi folks, I have 2 indexes containing information as below: index ABC _time sessionkey ... by ADRIANODL Explorer in Splunk Search 03-07-2019 0 4	0	4
Replication and search factors "not met" We have: - Index Cluster Master - Search head cluster (3 nodes) - Index Cluster (3 nodes) - Heavy forwarder (1 node) ... by davidmills Explorer in Splunk Search 03-07-2019 0 2	0	2
Added _meta to default result in double counts. unable to search data using SPL index=test ssp=3538 following search does return the result index=test ssp=*3538 ... by rbal_splunk Splunk Employee in Splunk Search 03-07-2019 0 1	0	1
What's wrong with my eval case statement? What is wrong with this? \| eval Count=case((sourcetype="input1" OR sourcetype="input2") AND index="foo1", "NA" (sou... by ryhluc01 Communicator in Splunk Search 03-07-2019 0 15	0	15
Field extractions aren’t working as expected since upgraded to 7.2.3 Since upgraded to Splunk version 7.2.3, some fields extractions aren’t showing on the searches properly. In particula... by rsantoso_splunk Splunk Employee in Splunk Search 03-07-2019 0 2	0	2
How to merge remaining fields into a multivalue field after dedup'ing one field? Hi, Just as the question says. My current search results in something similar to this: ip device ----------... by russell120 Communicator in Splunk Search 03-07-2019 0 3	0	3
How to plot a timechart from summary index? Hi, I have a summery index with events like this :- 3/06/2019 00:00:00 +0000, search_name=ABCD , search_now=15519168... by splbsm Explorer in Splunk Search 03-07-2019 1 3	1	3
REST Search API with WHERE condition I'm using Splunks REST API to post a search job and then get the results. Ideally I would like to use a where conditi... by someone4321 Explorer in Splunk Search 03-07-2019 0 6	0	6
Query for eventcount I have a lookup file with indexes in it, I want a query i need the eventcount of the indexes mentioned in the lookup ... by VijaySrrie Builder in Splunk Search 03-07-2019 0 2	0	2
Multiple WHERE's in Query I'm trying to write an ANTLR grammar for Splunk queries and an example of the queries that my system receives is as f... by inovexsean Explorer in Splunk Search 03-07-2019 0 4	0	4
Can you help me create a graph for average calculation of execution time field? Hi all, I would like to create a dashboard displaying average transaction time / day / test type. Tests are running... by htomi New Member in Splunk Search 03-07-2019 0 3	0	3
Cisco Config Regex Before I begin work on what is likely to be a multi-day excursion, I wanted to see if this has already been done. I ... by DBattisto Communicator in Splunk Search 03-07-2019 0 6	0	6
Why does dedup command with sortby parameter in base searches produce duplicate results in Splunk 7.1.4? Good morning, I've noticed a strange phenomenon with Splunk Enterprise 7.1.4 base searches and I wanted to see wheth... by andrewtrobec Motivator in Splunk Search 03-07-2019 0 4	0	4