Splunk Search

Community Activity

How do I group two fields (multivalued)? Hello, I have the following table: User Group ------------- ------------- User_A Group_A -------... by philippbloch Loves-to-Learn Lots in Splunk Search 02-14-2019 0 5	0	5
Weird behaviour with searching the 'user' field in Security WinEventLogs Hi all, I'm trying to do a search over some CIM fields in the WinEventLog:Security source (both XML and normal), but... by althomas Communicator in Splunk Search 02-14-2019 0 5	0	5
How do you filter data for just one index when index=? Guys, I have the query with index=te. I need this search in this form. I cannot change for separated index. my sea... by wvalente Explorer in Splunk Search 02-14-2019 0 2	0	2
How to execute a Splunk search in a dashboard on click of a button using JavaScript? Hi, This is with regards to this link : https://answers.splunk.com/answers/378289/calling-java-script-from-dashboar... by abhayneilam Contributor in Splunk Search 02-14-2019 1 16	1	16
How to use a search (which is running from a paid app) in my own app? Hi, I want to use a search which is running in paid app called "pinger" to my own app called "XYZ" Is there any wa... by sathiyasun Explorer in Splunk Search 02-14-2019 0 1	0	1
have to less 10 minutes from a timestamp when another field value is null Hi Team, I have two fields named as file arrival time , Sla time . I have to list the no files that are going to vio... by pench2k19 Explorer in Splunk Search 02-14-2019 0 1	0	1
Can anyone help me to match a value into lookup.csv if condition I have a lookup.csv with all the public holidays in Singapore. I am trying to query if _time=datefield(meaning if ... by louisawang New Member in Splunk Search 02-14-2019 0 6	0	6
Can you help me compare two fields with numeric values? I have a query where I do a bunch of computations, and then at the end of it, I want to add a new field based on the ... by mmdacutanan Explorer in Splunk Search 02-14-2019 0 3	0	3
Can you help me with a stats count with different field names? hello, I use the two query below index="x" sourcetype="WinEventLog:Microsoft-Windows-Diagnostics-Performance/Operat... by jip31 Motivator in Splunk Search 02-14-2019 0 4	0	4
Fields extraction in file with single and multiline logs Hi, I'm new in splunk. I currently want to analyse a log file. I'm facing issues to extract informations because ea... by clementros Path Finder in Splunk Search 02-14-2019 0 3	0	3
Want to extract FOID= into two field, Pls help 05:45:25.985 [http-nio-8080-exec-137] INFO c.b.h.i.s.i.OrderDecompositionServiceImpl - POID=20275475 FOID=TRAFFIC_MG... by jayavasge New Member in Splunk Search 02-13-2019 0 4	0	4
Why is the relative_time not converting +24y? Is there a limitation in the function? Hi Splunkers, Why the relative_time function is not converting +24y? any reason? Any way to achieve this? \|stats co... by vasanthmss Motivator in Splunk Search 02-13-2019 3 4	3	4
How do I make a column chart that compares the result from last year with this year by month? Hi everyone, I would like to make a chart that compares the result from last year with this year by month. This i... by MCH2018 Explorer in Splunk Search 02-13-2019 0 4	0	4
Smtp email to send alerts Hi, Can you please how to to create a alert and send email using smtp server. We have two seperate host s for indexer... by manekar New Member in Splunk Search 02-13-2019 0 4	0	4
How do you merge multisearch results? Hi, I tried many alternatives but no good results. Please help if possible. I have a multi search with two sets of... by gmasca Explorer in Splunk Search 02-13-2019 0 5	0	5
How do you combine two different values from a single field in a chart? Suppose I have a chart that counts the number of tickets done by a particular branch and displays them by priority. ... by dojiepreji Path Finder in Splunk Search 02-13-2019 0 2	0	2
How do you get the raw fields ERROR and SUCCESS from log transactions into a same field TYPE using a regex command? Hi Everybody! I am fairly new to Splunk, and I am trying to Create a dashboard where I need to get the Total number... by vmandad1 New Member in Splunk Search 02-13-2019 0 2	0	2
How to access field displayName when searching a dataset? I have a data model called DM1 with a data set called DM1. There are evaluated fields in this data set with different... by matstap Communicator in Splunk Search 02-13-2019 0 1	0	1
What field name should I use for privileged users on change datamodel? Hello, Right now i'm developing some compliance app. All my panel searches are with \| tstats, so my fields are limit... by 3DGjos Communicator in Splunk Search 02-13-2019 0 1	0	1
How could I chart ratio of counts of field values? Hi, suppose my events contain this field with two possible values: Ok=True or Ok=False Every hour, I'll have a cert... by jchowdown New Member in Splunk Search 02-13-2019 0 5	0	5
How can I append different fields from a subsearch? Hello, I'm trying to search within another sourcetype and append fields oxygen, and rock to a CSV base search. I'm ... by russell120 Communicator in Splunk Search 02-13-2019 0 8	0	8
How do you enforce a lookup match for all values of a multivalue field? I have a multivalue field in my events and I want to do a lookup against a multivalue field in kvstore field. Event f... by Murali2888 Communicator in Splunk Search 02-13-2019 0 1	0	1
Drilldown from lookup populated dropdown I have a dashboard dropdown that I'm populating with "groups" from a lookup "group_ip_host". The idea is to have the ... by richkappler Path Finder in Splunk Search 02-13-2019 0 11	0	11
How do you chart two unrelated numbers? I am completely stumped as to how to chart two numbers. I have two counts from two searches. I simply want to chart ... by tmaurst Engager in Splunk Search 02-13-2019 0 8	0	8
For drilldown, can I use an extracted field as a token value? My token: <drilldown> $row.lobName$ </drilldown> lobName is a field that I extracted using Rex statement... by blindfire_bandi Explorer in Splunk Search 02-13-2019 0 5	0	5