Splunk Search

Community Activity

How do I search from 2 different indexes? Hi, How do I search in two indexes? I am looking for the IP address in both the indexes at that same point of time a... by ajayrejin Explorer in Splunk Search 02-24-2019 1 6	1	6
Search for POST params Hi- I am pretty new to Splunk. Can we search for a specific (form) parameter against a POST REST call ? by ashishgarwal New Member in Splunk Search 02-24-2019 0 1	0	1
Splunk extraction of fields for email texts I have the infra as shown below: Splunk Log Forwarder-> Splunk Indexer The Log forwarder defines which data goes int... by tan_junyuan Engager in Splunk Search 02-23-2019 0 1	0	1
How to calculate no of opened ticket in past in splunk Hi , i want to calculate total no . of opened incidents by a user over a time interval in dynamic environment in spl... by himanshu_b_shek New Member in Splunk Search 02-23-2019 0 4	0	4
help on rangemap command with loadjob Hi I use the search below in order to display GOOD or BAD in a panel When I execute the query i have a result But I... by jip31 Motivator in Splunk Search 02-23-2019 0 8	0	8
Can you help me with a subsearch? Hi, I use the search below in order to display the model of a host for only the host which has a Wear_Rate>0 But th... by jip31 Motivator in Splunk Search 02-23-2019 0 2	0	2
How to capture 2nd max value of a field and compare with 1st max value of the same field I have data in json format as following:- {Run=1 , Average=2.1, Max=3, Min=1.4, Transaction=Sample1} {Run=1 , Average... by pratyushak New Member in Splunk Search 02-22-2019 0 2	0	2
Difference in result with timechart span=1d dc(ip) vs timechart span=1h dc(ip) I am using distinct count with time chart for the whole day (yesterday). The result is varying if the span is change... by aa274t New Member in Splunk Search 02-22-2019 0 5	0	5
Reference Time on Dashboard Load (and adjust to time change) Hi, I was wondering how I can reference the time picker on load for a dashboard and make sure that it's the right fo... by mrstrozy Path Finder in Splunk Search 02-22-2019 0 1	0	1
Two searches but only need to return results of the second search that match the first ok so...I have been banging my head against the wall on this one for a bit. I have tried using join (which I don't an... by RickerNJ New Member in Splunk Search 02-22-2019 0 5	0	5
Dedup search results not showing for a user I have a user that is a doing a search that has \| dedup in it. While I can see the results when I run the search (I'm... by toddhawkins New Member in Splunk Search 02-22-2019 0 4	0	4
help on join command please hi I use the search below index =* sourcetype=* \| dedup host \| stats count This search returns 87 events I try t... by jip31 Motivator in Splunk Search 02-22-2019 0 5	0	5
how to display a 0 result instead an empty result hi I use the search below and I would like to have a 0 results displayed when there is no events corresponding could... by jip31 Motivator in Splunk Search 02-22-2019 0 14	0	14
After integrating Splunk with JIRA, How can I see the list/count of defects created in last 7 days? I have integrated Splunk with JIRA. I want to see the list/count of defects created in last 7 days. I'm picking the c... by cadrija Path Finder in Splunk Search 02-22-2019 0 1	0	1
Search to find indexes with events and display index size, total events , earliest and latest events per index Hi, what would be the best way to find indexes with events and display its size, total events , earliest and latest ... by mlevsh Builder in Splunk Search 02-22-2019 0 4	0	4
Compare current and last one hour event value in same search. Hi All, I have to monitor the queues. And for that I have made the basic dashboard where it shows the details. Detai... by vaibhavvijay9 New Member in Splunk Search 02-22-2019 0 1	0	1
Can you help me create the regex for an Index time field extraction? Hi, We are trying to create an index time field extraction. I tried following the docs, but I am making a mistake so... by MattibergB Path Finder in Splunk Search 02-22-2019 0 3	0	3
Subsearch returns empty value, main search also returns no results , so the returned value from subsearch is not creating eval error index=app_core sourcetype=app_log cluster_name=app1_cluster is_scheduled=1 \| eval [ search index=app_core sourc... by nomadichunters Explorer in Splunk Search 02-21-2019 0 13	0	13
Is Splunk 7.x Fundamentals Part 1 (eLearning) free? I just finished all the modules and the final quiz, my question is Do I have to pay for the certification of "Splunk ... by dunix New Member in Splunk Search 02-21-2019 0 2	0	2
How do you search logs for a letter at a specific position? I'm very new to Splunk and need help with a search. I want to perform a search to show me the results where the 5th... by arthurva Explorer in Splunk Search 02-21-2019 0 3	0	3
Simple Regex in search I have a string of data that includes a field named user that has a value made up of domain\userid (eg prod\3245762 o... by balcv Contributor in Splunk Search 02-21-2019 0 9	0	9
lookup a csv if a field has certain value Good day, I have a lookup file "Mainlookup.csv" that contains an IP address, Mac address and Host name of Clients ma... by mpasha Path Finder in Splunk Search 02-21-2019 0 2	0	2
Replace Null values in xyseries chart Hello, Splunkers I have a search of index=sql \| bucket span=1h _time \| stats count by _time source \| xyseries _time... by essklau Path Finder in Splunk Search 02-21-2019 1 9	1	9
Find who all ran that query during a particular timeframe? I have a query, I want to know who all ran that query during a particular timeframe? Is it possible to know? Can some... by Harishma Communicator in Splunk Search 02-21-2019 0 1	0	1
List of event codes that found in another search Hi, I'm trying to create a query to provide a list of event codes that are found in one period time that is NOT found... by dyeo Engager in Splunk Search 02-21-2019 0 2	0	2