Splunk Search

Community Activity

How to dynamic assign variable to maxspan and span Hi, I want to create a dynamic variable containing the span value on my index search. I have a lookup file that has ... by mpaw Explorer in Splunk Search 03-01-2019 0 4	0	4
How do you exclude an item from a lookup table and an additional condition? I have a lookup table that I'm using to exclude some devices from search results. index = my_index \| lookup m... by yemyslf Path Finder in Splunk Search 03-01-2019 0 2	0	2
Can you help me with DB/Index app monitoring? Hello community, My first and probably not the last comment here...as it seems the community is quite active. I am ... by benji00 New Member in Splunk Search 03-01-2019 0 6	0	6
How can I find events having NULL value related to a field? Hi, I am trying to find all the events related to a field where value is NULL. For E.g., say a field has multiple v... by sbhatnagar88 Path Finder in Splunk Search 03-01-2019 0 10	0	10
Can we automatically delete searches? A Splunk user told us that after every search they run, they go and delete it, and by doing that, they avoid the quot... by ddrillic Ultra Champion in Splunk Search 03-01-2019 0 2	0	2
"License Usage - Previous 30 Days" dashboard broken? In a distributed environment the master "License Usage - Previous 30 Days" and "License Usage - Today", and the searc... by girtsgr Explorer in Splunk Search 03-01-2019 0 4	0	4
How can I change the date format of search results? All of my devices send logs to Splunk with date format set at yyyy-mm-dd, as they should, and Splunk reads them fine ... by cmartell Explorer in Splunk Search 03-01-2019 2 10	2	10
How to extract only date from the mentioned string Below is the kind of string i have and I want to extract only date from it. Available string: 2019-02-24T16:05:37.00... by sbhatnagar88 Path Finder in Splunk Search 03-01-2019 0 5	0	5
How do I find the top 3 fields per dimension (for all dimensions) grouped by platform? Let's say I have dimensions like country, content, subscriptionType, and I'd like to get the 3 most common fields gro... by ausche New Member in Splunk Search 02-28-2019 0 3	0	3
Extracting JSON/XML from string entry and dispalying in table Hi I am trying to extract various fields from below entry in splunk. I executed the below splunk query : index=test... by amith7 New Member in Splunk Search 02-28-2019 0 0	0	0
How do you extract fields that end with a question? I wanted to extract a field to capture the data before the question mark as below. api_call "Get \search\ip\6789\?=n... by Deepz2612 Explorer in Splunk Search 02-28-2019 0 6	0	6
How do you get events where the phone number field only begins with specific digits? Hi Experts, How can I get events on a numeric field where a 7 digit number begins with 11? I tried with ...my searc... by alc2019 New Member in Splunk Search 02-28-2019 0 6	0	6
How do you use the join command in an LDAP search? I am trying to create a search against our LDAP strategy to show the capabilities, indexes, and users assigned to eac... by solarboyz1 Builder in Splunk Search 02-28-2019 0 0	0	0
Can you help me monitor httpd process through Splunk on a Linux Machine? Greetings all, I want to monitor an "httpd" process for a Linux Machine, and if the process is down or not running, ... by ssatti New Member in Splunk Search 02-28-2019 0 4	0	4
How do you CIDR Match a subnet in a list of subnets? So IP to a subnet CIDR match has always worked in Splunk. No issues there. BUT a request came where we need to do a s... by theouhuios Motivator in Splunk Search 02-28-2019 1 0	1	0
How do I calculate application availability based on status code? How do you calculate application availability in minutes based on a status code? I want to determine the outage if 50... by mahenders New Member in Splunk Search 02-28-2019 0 0	0	0
What is a good approach to run a search multiple times in time batches? Hi all, I am trying to run a search that returns one row of results over a long historical time window on a per hour... by stanwin Contributor in Splunk Search 02-28-2019 0 7	0	7
How do you make a query to see logs not sent by a forwarder? Guys, I need to see which forwarders do not send events in a period of 3 hours. For example: if a forwarder does no... by wvalente Explorer in Splunk Search 02-28-2019 0 5	0	5
How to apply colors of a choropleth map on a field other than count? Choropleth map applies different colors depending on the range of the "count" field. How can I use another field? If ... by hylam Contributor in Splunk Search 02-28-2019 1 5	1	5
How do you use the rex command to parse out the IP between fix characters? Hi all, I was wondering how can i write a Splunk rex to parse out the IP between two words. for example <IpAd... by AbubakarShahid New Member in Splunk Search 02-28-2019 0 2	0	2
How do you retrieve date from the following string using regex? Hi, Test-20190212-0912 from this string. I want to retrieve date like this 2019-02-12 How do I write this in regex? by ramesh12345 Explorer in Splunk Search 02-28-2019 0 21	0	21
Splunk search does not return event data when there is multiple json in same event I have a created a splunk alert when there is a failure occurs. I have query as follows: index=* source=*** \|spath p... by karthi25 Path Finder in Splunk Search 02-28-2019 0 7	0	7
How to change the default color formatting on a table header? I just want to color the column headers and not the cells of my dashboard tables by surekhasplunk Communicator in Splunk Search 02-28-2019 1 14	1	14
Populate field based on subsearch I have a Splunk query that parses out some Windows event log data. One of the things that I examine is the user name... by evetsleep New Member in Splunk Search 02-28-2019 0 4	0	4
How do you match on multiple fields in a lookup table? Hi all, I've been banging my head against the wall trying to get this to work. What I'm trying to do is to use a lo... by tljohnson Engager in Splunk Search 02-28-2019 2 2	2	2