Splunk Search

Community Activity

How to edit my SEDCMD-mask regex on a heavy forwarder to mask a string in my sample data? Having issues using SEDCMD on Heavy forwarder layer. I have a complex REGEX with multiple pipes \|\|\|\| But it is not wo... by ssyed2009 New Member in Splunk Search 03-04-2019 0 1	0	1
Eval Equals Another Field Greetings, I have a query that ends with a timechart command \| timechart span=1h eval(round(avg(FIELD),0)) as "Resp... by cquinney Communicator in Splunk Search 03-04-2019 0 3	0	3
the way fields are arranged in a timechart / join combination particularily the 2nd search being joined I basically have 3 KPIs that I want to do a search on search1 will be for yesterday and search 2 will be for some p... by HattrickNZ Motivator in Splunk Search 03-04-2019 0 5	0	5
How do you compare dynamic field values created after xyseries? I have the below output after my xyseries comp, Field1,Field2,Field3 A,a1,a1,a1 B,b1,b2,b3 C,c1,c2,c2 I want to ad... by bapunpatel New Member in Splunk Search 03-04-2019 0 4	0	4
Match condition to unset a token based on value in input field I am trying to clear a input field based on user's input. I am able to clear input field by using unset form.token I... by praphulla1 Path Finder in Splunk Search 03-04-2019 0 2	0	2
Event Timechart with event duration Hello, I need help making a graphical presentation of the event happening over time. The X-axis will represent the t... by lain179 Communicator in Splunk Search 03-04-2019 0 5	0	5
How do you return multiple fields from a subsearch to a main search? I'm 99% there guys. The query works fine. Soliciting assistance getting me to the end zone. Would like to also includ... by yepyepyayyooo New Member in Splunk Search 03-04-2019 0 4	0	4
How do you Identify and replace a CSV field name by WildCard or Regex Pattern? I need to replace some CSV field Names with standard names for further easier processing. I tried to rename with a ... by xshen_anji New Member in Splunk Search 03-04-2019 0 7	0	7
How do you use the Join command even if the substring of a particular column matches? Hi, I want to join two searches based on a column, even if the substring of the two column matches . Below is my sa... by Nadhiyaa Path Finder in Splunk Search 03-04-2019 0 1	0	1
maxsearches limit reached Hi , I have configured 20 Alerts with below run every - "5 min" and Alert mode "Once Per Result". Each... by kamlesh_vaghela SplunkTrust in Splunk Search 03-04-2019 1 3	1	3
How can we administer the lookups better? We would like to administer the lookups in bulk, meaning, to upload them in bulk, to change permissions in bulk, etc.... by ddrillic Ultra Champion in Splunk Search 03-04-2019 0 7	0	7
Can you help me find details of event that happens at 25% point of a search (or the nth record of a search)? Good afternoon. I have a search that has approximately 2 million results$. I am trying to find out which record woul... by ChrisCLewis Communicator in Splunk Search 03-04-2019 0 4	0	4
In a table powered by a stats count search, can you help me display status codes as column headings? Hi, I wonder whether someone can help me please. I've put together the following query... w2_wmf(RequestCompleted... by IRHM73 Motivator in Splunk Search 03-04-2019 0 24	0	24
Search a word not indexed Suppose i search for a word that is not indexed by splunk, whether those logs which contain that word will be returne... by simisreedharan Engager in Splunk Search 03-03-2019 0 5	0	5
Find when three events do not occur within a specified amount of time. Hello all, as the title indicates I'm looking for a way to identify when three events do not occur within a specified... by kahless1985 Explorer in Splunk Search 03-03-2019 0 6	0	6
How do I rename column name with javascript? I have a search with generate dynamic the column name with pattern "Month - Year" eg. "October - 2018" "November - 20... by karn Path Finder in Splunk Search 03-03-2019 0 2	0	2
When using "stats max ()", why is the result truncated? My environment: Splunk 7.2.3 When I do the following search, the result is truncated. search-1 \| makeresults count... by yutaka1005 Builder in Splunk Search 03-03-2019 0 4	0	4
Why am I seeing _indextime (_index_earliest & _index_latest) inconsistencies? Based on THIS old blog post and THIS Answers post, I have tried to utilize index-time modifiers as a way to obtain a ... by Lucas_K Motivator in Splunk Search 03-03-2019 1 10	1	10
Possible losing field values when using "stats...by field_name" I thought the result of using "...\| dedup src_ip \| table src_ip \| sort str(src_ip)" should be the same with the resul... by PeterZhang New Member in Splunk Search 03-03-2019 0 12	0	12
Unable to get value on x-axis I have a tabular data like below. **EventTime SQL CPU Utilization Other Process CPU Utilization Total CPU Utilizat... by twh1 Communicator in Splunk Search 03-02-2019 0 8	0	8
Why is time value being reversed? When I run the following search, the time is being show as the oldest first, but SysLog being shown as newest first ... by manic3773 Engager in Splunk Search 03-02-2019 0 1	0	1
Lookups slow performance Background We are a new SplunkCloud customer and are building out our instance, setting up our indexes, field extrac... by cwinkler109 New Member in Splunk Search 03-02-2019 0 2	0	2
help on append command hi The request below count a number of error events by host index="x" sourcetype="x" ConfigManagerErrorCode=28 \| d... by jip31 Motivator in Splunk Search 03-02-2019 0 6	0	6
Merge two line chart with different query in to single line chart I have two line chart with different queries as follows: <chart> <search> <query>index=*... by karthi25 Path Finder in Splunk Search 03-02-2019 0 1	0	1
Searching a port range How can i search for matches using a port range on an extracted field? for example: if i want all events in port ra... by EricPartington Communicator in Splunk Search 03-02-2019 1 3	1	3