Splunk Search

Community Activity

Foreach in Multisearch Hi, I wonder whether someone can help me please. I've put together the query below using the foreach command, which,... by IRHM73 Motivator in Splunk Search 03-01-2019 0 5	0	5
Where and eval weirdness? I have a multi-value field called TotalRows (which is in contains a list of values in time order) and I'm trying to d... by Lowell Super Champion in Splunk Search 03-01-2019 0 2	0	2
Append static data to a field for charting Hello, I am trying to append static data to a chart that splunk generates and i'm not sure how to do this with a lo... by zhatsispgx Path Finder in Splunk Search 03-01-2019 0 4	0	4
Nested eval command in search Hi, I have to use nested eval command in my search query. Requirement: if isnotnull(GC_TIMESTAMP) then set _time ... by AKG1_old1 Builder in Splunk Search 03-01-2019 1 9	1	9
How do I edit my eval syntax with multiple if conditions to produce a certain field? Hi all. I have a ruleset like this: MODEL_NUMBER1 AND BTT = SUBTYPE1 MODEL_NUMBER2 AND CTT = SUBTYPE2 MODEL_NUMBER3... by changux Builder in Splunk Search 03-01-2019 0 7	0	7
Follow-Up: Appendcols or other options for searching a sub-search on port ranges In my previous question I didn't think a join would work, but somesoni2, proved that it would work. The only problem... by jlundtristate Engager in Splunk Search 03-01-2019 0 3	0	3
chart for startup time Hello, I would like to monitor my TomEE restart occurences and time execution, so I am looking for the expression: "... by benji00 New Member in Splunk Search 03-01-2019 0 4	0	4
Calculate daily and monthly average Hi Consider following data . Date Country IP_Prefix 01/01/2018 UK 123.123 01/01/2018 UK 123.123 01/01/2018 UK 123.1... by majeedk Engager in Splunk Search 03-01-2019 0 2	0	2
How to dynamic assign variable to maxspan and span Hi, I want to create a dynamic variable containing the span value on my index search. I have a lookup file that has ... by mpaw Explorer in Splunk Search 03-01-2019 0 4	0	4
How do you exclude an item from a lookup table and an additional condition? I have a lookup table that I'm using to exclude some devices from search results. index = my_index \| lookup m... by yemyslf Path Finder in Splunk Search 03-01-2019 0 2	0	2
Can you help me with DB/Index app monitoring? Hello community, My first and probably not the last comment here...as it seems the community is quite active. I am ... by benji00 New Member in Splunk Search 03-01-2019 0 6	0	6
How can I find events having NULL value related to a field? Hi, I am trying to find all the events related to a field where value is NULL. For E.g., say a field has multiple v... by sbhatnagar88 Path Finder in Splunk Search 03-01-2019 0 10	0	10
Can we automatically delete searches? A Splunk user told us that after every search they run, they go and delete it, and by doing that, they avoid the quot... by ddrillic Ultra Champion in Splunk Search 03-01-2019 0 2	0	2
"License Usage - Previous 30 Days" dashboard broken? In a distributed environment the master "License Usage - Previous 30 Days" and "License Usage - Today", and the searc... by girtsgr Explorer in Splunk Search 03-01-2019 0 4	0	4
How can I change the date format of search results? All of my devices send logs to Splunk with date format set at yyyy-mm-dd, as they should, and Splunk reads them fine ... by cmartell Explorer in Splunk Search 03-01-2019 2 10	2	10
How to extract only date from the mentioned string Below is the kind of string i have and I want to extract only date from it. Available string: 2019-02-24T16:05:37.00... by sbhatnagar88 Path Finder in Splunk Search 03-01-2019 0 5	0	5
How do I find the top 3 fields per dimension (for all dimensions) grouped by platform? Let's say I have dimensions like country, content, subscriptionType, and I'd like to get the 3 most common fields gro... by ausche New Member in Splunk Search 02-28-2019 0 3	0	3
Extracting JSON/XML from string entry and dispalying in table Hi I am trying to extract various fields from below entry in splunk. I executed the below splunk query : index=test... by amith7 New Member in Splunk Search 02-28-2019 0 0	0	0
How do you extract fields that end with a question? I wanted to extract a field to capture the data before the question mark as below. api_call "Get \search\ip\6789\?=n... by Deepz2612 Explorer in Splunk Search 02-28-2019 0 6	0	6
How do you get events where the phone number field only begins with specific digits? Hi Experts, How can I get events on a numeric field where a 7 digit number begins with 11? I tried with ...my searc... by alc2019 New Member in Splunk Search 02-28-2019 0 6	0	6
How do you use the join command in an LDAP search? I am trying to create a search against our LDAP strategy to show the capabilities, indexes, and users assigned to eac... by solarboyz1 Builder in Splunk Search 02-28-2019 0 0	0	0
Can you help me monitor httpd process through Splunk on a Linux Machine? Greetings all, I want to monitor an "httpd" process for a Linux Machine, and if the process is down or not running, ... by ssatti New Member in Splunk Search 02-28-2019 0 4	0	4
How do you CIDR Match a subnet in a list of subnets? So IP to a subnet CIDR match has always worked in Splunk. No issues there. BUT a request came where we need to do a s... by theouhuios Motivator in Splunk Search 02-28-2019 1 0	1	0
How do I calculate application availability based on status code? How do you calculate application availability in minutes based on a status code? I want to determine the outage if 50... by mahenders New Member in Splunk Search 02-28-2019 0 0	0	0
What is a good approach to run a search multiple times in time batches? Hi all, I am trying to run a search that returns one row of results over a long historical time window on a per hour... by stanwin Contributor in Splunk Search 02-28-2019 0 7	0	7