Splunk Search

Community Activity

Value list Hi Everyone, I'm sure there are similar queries out there and I have searched however I am still struggling to find a... by montydo Explorer in Splunk Search 02-13-2019 0 3	0	3
not sendemail if "Results not found" Hi. I'm trying to selectively send emails (using sendemail); if the output of the query is "No results found" or "No ... by retesi Engager in Splunk Search 02-13-2019 2 6	2	6
parameterize search from various source types simultaneously in a fixed time frame. I have multiple sourcetypes in my index. Lets call them st1, st2, st3, st4 & st5. I have a query that end with \| tab... by zacksoft Contributor in Splunk Search 02-13-2019 0 15	0	15
Pass the output of one query to another query Hi, My 1st query returns 3 fields output.Out of which one filed has to be given as input to the second query which fe... by Deepz2612 Explorer in Splunk Search 02-12-2019 0 6	0	6
Splunk Enterprise can use Open JDK instead of Orace Java Hi, Splunk Enterprise can use Open JDK instead of Orace Java. Splunk can run OpenJDK? by Mayanakhan Explorer in Splunk Search 02-12-2019 0 0	0	0
How to use a part of a string in an event as a value and make it as an interesting field "2018-10-30 05:11:35,659 AM\|ERROR\|(null)\|(null)\|(null)\|System.Data.SqlClient.SqlException (0x80131904): Invalid colum... by ragow New Member in Splunk Search 02-12-2019 0 3	0	3
Windows 2000 > Splunk 7.x OK so its not supported - but have a handfull of servers that i'd like to get a fwd on .. installed the latest versi... by Skins Path Finder in Splunk Search 02-12-2019 0 0	0	0
ingest-time eval (creating new field dynamically on index time) not working Hi. I tried the ingest-time eval documentation at (single enterprise instance): https://docs.splunk.com/Documentation... by agro1986001 Engager in Splunk Search 02-12-2019 0 6	0	6
How do you add a custom eval function or a macro to a custom app search? Hi, I am currently struggling with a problem. I am implementing custom views within a custom app that has one input... by christophercorb New Member in Splunk Search 02-12-2019 0 3	0	3
can i use "like" in search criteria if one of my fields is host, I want to do host like "startswith*" what is the syntax to do that? thanks, by alexl1 Path Finder in Splunk Search 02-12-2019 6 9	6	9
How do you use a lookup file to restrict unwanted IP addresses? Use case description: I have a set of IP address that I would like to restrict across all requires, saved searches/al... by as0813 New Member in Splunk Search 02-12-2019 0 3	0	3
Combine the count from 1 search to the result of another search Hello everyone, I have one search that is showing me a list of IP addresses of addresses. Lets call the field of IP ... by agolkar Explorer in Splunk Search 02-12-2019 0 5	0	5
In a search head cluster, how to find what host sent email? All, I have production environment with Alarm email notification. Sometimes it works, sometime it does not. Since I ... by GersonGarcia Path Finder in Splunk Search 02-12-2019 0 0	0	0
How do I match values with different file extensions in a lookup? I have a lookup table, but the match is not exact to the relevant indexed field. The field that is indexed has strin... by user93 Communicator in Splunk Search 02-12-2019 0 6	0	6
How do I get specific words within a text? The below table is what I get from a search on Splunk" ActiveLoadId Jabber_for_iOS-12.1.2.270036 Jabber_for_iOS-12.0... by shtom New Member in Splunk Search 02-12-2019 0 2	0	2
Fast searches for a count of events in various ways I've been looking for ways to get fast results for inquiries about the number of events for: All indexesOne indexOne... by wrangler2x Motivator in Splunk Search 02-12-2019 3 8	3	8
What reasons could cause a user to lose their Splunk search history? I have a user that lost his search history in Splunk search. Any ideas why? I did not lose mine but he did?!?! by brent_weaver Builder in Splunk Search 02-12-2019 0 2	0	2
What is better, MV search time extraction or split? My data in Splunk looks like so: geo { id: 0 internal_name: "TEST" type: LIST zip: 1 zip:... by tb5821 Communicator in Splunk Search 02-12-2019 0 8	0	8
How do you find details about results using the set command with a diff argument? I am using two searches Search1 search 2 1 1 2 2 3 3 5 ... by aa274t New Member in Splunk Search 02-12-2019 0 3	0	3
_meta not getting expected logs to splunk Hello, we have index "text-index" and region is passed as meta _meta = region::east sourcetype = testlogs when i q... by rajpalyalla Engager in Splunk Search 02-12-2019 0 3	0	3
Double spaces are suppressed in search results \|makeresults\| eval owner_realname="Andrew Gerber" \| where match (owner_realname,"\s{2}") Search above generates ou... by andygerberkp Explorer in Splunk Search 02-12-2019 0 5	0	5
How to make use of makeresults statement based on conditions ? If in case there are no results then dummy data should be added and returned from the subsearch ortherwise the actual... by nomadichunters Explorer in Splunk Search 02-12-2019 1 3	1	3
How do you Calculate _time difference between subsearch and main search? I'm trying to calculate the _time difference between the subsearch and main search; but if I try and pass the time th... by gregorymountfor Explorer in Splunk Search 02-12-2019 0 10	0	10
How do you pass a search result from one panel to a different panel? If I get a search result as like flag="AAA" in a Panel, how can I pass AAA to another Panel as a search variable lik... by olivier797 Loves-to-Learn in Splunk Search 02-12-2019 0 3	0	3
Correlating transaction results I have a dataset with timestamp, model, and ID. I am trying to correlate the events so that I can see all of the IDs ... by ellothere Explorer in Splunk Search 02-12-2019 0 1	0	1