Splunk Search

Community Activity

How can I append different fields from a subsearch? Hello, I'm trying to search within another sourcetype and append fields oxygen, and rock to a CSV base search. I'm ... by russell120 Communicator in Splunk Search 02-13-2019 0 8	0	8
How do you enforce a lookup match for all values of a multivalue field? I have a multivalue field in my events and I want to do a lookup against a multivalue field in kvstore field. Event f... by Murali2888 Communicator in Splunk Search 02-13-2019 0 1	0	1
Drilldown from lookup populated dropdown I have a dashboard dropdown that I'm populating with "groups" from a lookup "group_ip_host". The idea is to have the ... by richkappler Path Finder in Splunk Search 02-13-2019 0 11	0	11
How do you chart two unrelated numbers? I am completely stumped as to how to chart two numbers. I have two counts from two searches. I simply want to chart ... by tmaurst Engager in Splunk Search 02-13-2019 0 8	0	8
For drilldown, can I use an extracted field as a token value? My token: <drilldown> $row.lobName$ </drilldown> lobName is a field that I extracted using Rex statement... by blindfire_bandi Explorer in Splunk Search 02-13-2019 0 5	0	5
How can I retrieve data for between dates? Hi, I have a field called "Created_date". My requirement is to get a monthly count of created and closed tickets. Ho... by udaypulipaka Observer in Splunk Search 02-13-2019 0 1	0	1
COALESCE command hi when I execute the query below index="x" sourcetype="WinEventLog:Microsoft-Windows-Diagnostics-Performance/Operat... by jip31 Motivator in Splunk Search 02-13-2019 0 2	0	2
Can you give me some help with the coalesce command? hi, When I execute the query below index="x" sourcetype="WinEventLog:Microsoft-Windows-Diagnostics-Performance/Oper... by jip31 Motivator in Splunk Search 02-13-2019 0 3	0	3
How do you exclude and format unique specific fields from multivalued fields to be used in a subsearch? Hello all, I'm having some trouble formatting and dealing with multivalued fields. My use case is as follows: I ... by nickcardenas Path Finder in Splunk Search 02-13-2019 0 2	0	2
Extract field till nth repetition of a string I have following sample event jaskdjkasdkjas CR akjhdjhdjsdhCR 1231jljk23klj3 CR sagdiugsds 7126372 nklsdlkCR i ... by gowtham495 Path Finder in Splunk Search 02-13-2019 0 8	0	8
Support ticket raised outside of business hours I have a support ticket system where people can submit their support tickets. The system is running 24 hours but the ... by louisawang New Member in Splunk Search 02-13-2019 0 2	0	2
Value list Hi Everyone, I'm sure there are similar queries out there and I have searched however I am still struggling to find a... by montydo Explorer in Splunk Search 02-13-2019 0 3	0	3
not sendemail if "Results not found" Hi. I'm trying to selectively send emails (using sendemail); if the output of the query is "No results found" or "No ... by retesi Engager in Splunk Search 02-13-2019 2 6	2	6
parameterize search from various source types simultaneously in a fixed time frame. I have multiple sourcetypes in my index. Lets call them st1, st2, st3, st4 & st5. I have a query that end with \| tab... by zacksoft Contributor in Splunk Search 02-13-2019 0 15	0	15
Pass the output of one query to another query Hi, My 1st query returns 3 fields output.Out of which one filed has to be given as input to the second query which fe... by Deepz2612 Explorer in Splunk Search 02-12-2019 0 6	0	6
Splunk Enterprise can use Open JDK instead of Orace Java Hi, Splunk Enterprise can use Open JDK instead of Orace Java. Splunk can run OpenJDK? by Mayanakhan Explorer in Splunk Search 02-12-2019 0 0	0	0
How to use a part of a string in an event as a value and make it as an interesting field "2018-10-30 05:11:35,659 AM\|ERROR\|(null)\|(null)\|(null)\|System.Data.SqlClient.SqlException (0x80131904): Invalid colum... by ragow New Member in Splunk Search 02-12-2019 0 3	0	3
Windows 2000 > Splunk 7.x OK so its not supported - but have a handfull of servers that i'd like to get a fwd on .. installed the latest versi... by Skins Path Finder in Splunk Search 02-12-2019 0 0	0	0
ingest-time eval (creating new field dynamically on index time) not working Hi. I tried the ingest-time eval documentation at (single enterprise instance): https://docs.splunk.com/Documentation... by agro1986001 Engager in Splunk Search 02-12-2019 0 6	0	6
How do you add a custom eval function or a macro to a custom app search? Hi, I am currently struggling with a problem. I am implementing custom views within a custom app that has one input... by christophercorb New Member in Splunk Search 02-12-2019 0 3	0	3
can i use "like" in search criteria if one of my fields is host, I want to do host like "startswith*" what is the syntax to do that? thanks, by alexl1 Path Finder in Splunk Search 02-12-2019 6 9	6	9
How do you use a lookup file to restrict unwanted IP addresses? Use case description: I have a set of IP address that I would like to restrict across all requires, saved searches/al... by as0813 New Member in Splunk Search 02-12-2019 0 3	0	3
Combine the count from 1 search to the result of another search Hello everyone, I have one search that is showing me a list of IP addresses of addresses. Lets call the field of IP ... by agolkar Explorer in Splunk Search 02-12-2019 0 5	0	5
In a search head cluster, how to find what host sent email? All, I have production environment with Alarm email notification. Sometimes it works, sometime it does not. Since I ... by GersonGarcia Path Finder in Splunk Search 02-12-2019 0 0	0	0
How do I match values with different file extensions in a lookup? I have a lookup table, but the match is not exact to the relevant indexed field. The field that is indexed has strin... by user93 Communicator in Splunk Search 02-12-2019 0 6	0	6