Splunk Search

Community Activity

How can I retrieve data for between dates? Hi, I have a field called "Created_date". My requirement is to get a monthly count of created and closed tickets. Ho... by udaypulipaka Observer in Splunk Search 02-13-2019 0 1	0	1
COALESCE command hi when I execute the query below index="x" sourcetype="WinEventLog:Microsoft-Windows-Diagnostics-Performance/Operat... by jip31 Motivator in Splunk Search 02-13-2019 0 2	0	2
Can you give me some help with the coalesce command? hi, When I execute the query below index="x" sourcetype="WinEventLog:Microsoft-Windows-Diagnostics-Performance/Oper... by jip31 Motivator in Splunk Search 02-13-2019 0 3	0	3
How do you exclude and format unique specific fields from multivalued fields to be used in a subsearch? Hello all, I'm having some trouble formatting and dealing with multivalued fields. My use case is as follows: I ... by nickcardenas Path Finder in Splunk Search 02-13-2019 0 2	0	2
Extract field till nth repetition of a string I have following sample event jaskdjkasdkjas CR akjhdjhdjsdhCR 1231jljk23klj3 CR sagdiugsds 7126372 nklsdlkCR i ... by gowtham495 Path Finder in Splunk Search 02-13-2019 0 8	0	8
Support ticket raised outside of business hours I have a support ticket system where people can submit their support tickets. The system is running 24 hours but the ... by louisawang New Member in Splunk Search 02-13-2019 0 2	0	2
Value list Hi Everyone, I'm sure there are similar queries out there and I have searched however I am still struggling to find a... by montydo Explorer in Splunk Search 02-13-2019 0 3	0	3
not sendemail if "Results not found" Hi. I'm trying to selectively send emails (using sendemail); if the output of the query is "No results found" or "No ... by retesi Engager in Splunk Search 02-13-2019 2 6	2	6
parameterize search from various source types simultaneously in a fixed time frame. I have multiple sourcetypes in my index. Lets call them st1, st2, st3, st4 & st5. I have a query that end with \| tab... by zacksoft Contributor in Splunk Search 02-13-2019 0 15	0	15
Pass the output of one query to another query Hi, My 1st query returns 3 fields output.Out of which one filed has to be given as input to the second query which fe... by Deepz2612 Explorer in Splunk Search 02-12-2019 0 6	0	6
Splunk Enterprise can use Open JDK instead of Orace Java Hi, Splunk Enterprise can use Open JDK instead of Orace Java. Splunk can run OpenJDK? by Mayanakhan Explorer in Splunk Search 02-12-2019 0 0	0	0
How to use a part of a string in an event as a value and make it as an interesting field "2018-10-30 05:11:35,659 AM\|ERROR\|(null)\|(null)\|(null)\|System.Data.SqlClient.SqlException (0x80131904): Invalid colum... by ragow New Member in Splunk Search 02-12-2019 0 3	0	3
Windows 2000 > Splunk 7.x OK so its not supported - but have a handfull of servers that i'd like to get a fwd on .. installed the latest versi... by Skins Path Finder in Splunk Search 02-12-2019 0 0	0	0
ingest-time eval (creating new field dynamically on index time) not working Hi. I tried the ingest-time eval documentation at (single enterprise instance): https://docs.splunk.com/Documentation... by agro1986001 Engager in Splunk Search 02-12-2019 0 6	0	6
How do you add a custom eval function or a macro to a custom app search? Hi, I am currently struggling with a problem. I am implementing custom views within a custom app that has one input... by christophercorb New Member in Splunk Search 02-12-2019 0 3	0	3
can i use "like" in search criteria if one of my fields is host, I want to do host like "startswith*" what is the syntax to do that? thanks, by alexl1 Path Finder in Splunk Search 02-12-2019 6 9	6	9
How do you use a lookup file to restrict unwanted IP addresses? Use case description: I have a set of IP address that I would like to restrict across all requires, saved searches/al... by as0813 New Member in Splunk Search 02-12-2019 0 3	0	3
Combine the count from 1 search to the result of another search Hello everyone, I have one search that is showing me a list of IP addresses of addresses. Lets call the field of IP ... by agolkar Explorer in Splunk Search 02-12-2019 0 5	0	5
In a search head cluster, how to find what host sent email? All, I have production environment with Alarm email notification. Sometimes it works, sometime it does not. Since I ... by GersonGarcia Path Finder in Splunk Search 02-12-2019 0 0	0	0
How do I match values with different file extensions in a lookup? I have a lookup table, but the match is not exact to the relevant indexed field. The field that is indexed has strin... by user93 Communicator in Splunk Search 02-12-2019 0 6	0	6
How do I get specific words within a text? The below table is what I get from a search on Splunk" ActiveLoadId Jabber_for_iOS-12.1.2.270036 Jabber_for_iOS-12.0... by shtom New Member in Splunk Search 02-12-2019 0 2	0	2
Fast searches for a count of events in various ways I've been looking for ways to get fast results for inquiries about the number of events for: All indexesOne indexOne... by wrangler2x Motivator in Splunk Search 02-12-2019 3 8	3	8
What reasons could cause a user to lose their Splunk search history? I have a user that lost his search history in Splunk search. Any ideas why? I did not lose mine but he did?!?! by brent_weaver Builder in Splunk Search 02-12-2019 0 2	0	2
What is better, MV search time extraction or split? My data in Splunk looks like so: geo { id: 0 internal_name: "TEST" type: LIST zip: 1 zip:... by tb5821 Communicator in Splunk Search 02-12-2019 0 8	0	8
How do you find details about results using the set command with a diff argument? I am using two searches Search1 search 2 1 1 2 2 3 3 5 ... by aa274t New Member in Splunk Search 02-12-2019 0 3	0	3