Splunk Search

Community Activity

Can you help me update some field values from a lookup table? Hi Team, I have the following field values in a look up file BUS_DT+1,11:00 BUS_DT+0,12:00 i want to update the f... by pench2k19 Explorer in Splunk Search 02-04-2019 0 8	0	8
How to search for all devices in my environment that are sending logs to Splunk? Morning Guys I'm mid plan for ripping out our Splunk environment and starting again. As some of you may be aware fro... by AaronMoorcroft Communicator in Splunk Search 02-04-2019 0 3	0	3
chart stacking i have a single column with different values. i would like to show them as a stacked bar chart.. but when i chart th... by jiaqya Builder in Splunk Search 02-04-2019 0 2	0	2
newline in Splunk query Hi, Please help me with a newline command in Splunk query by v709587 Explorer in Splunk Search 02-04-2019 0 8	0	8
Combining fields from 2 sourcetypes in a stats block All, my query below just returns the values from the first sourcetype (first 3 lines in \|stats). The fields from the ... by akelbr Explorer in Splunk Search 02-04-2019 0 8	0	8
Extracting text from fields Question How would you create a new field for example, color, by extracting the text from the value to an existing field, for ... by hredd New Member in Splunk Search 02-04-2019 0 6	0	6
Is it possible to kill or disable long running searches?? Hi, is it possible to kill or disable long running searches automatically. For example whenever we hit performance is... by dbashyam Explorer in Splunk Search 02-03-2019 0 6	0	6
Excluding a list of IP's from the results I have a list of IP's in a CSV that I need to exclude from the results of a query. Below is a my query. How can I app... by samble Path Finder in Splunk Search 02-03-2019 0 2	0	2
Splunk aggregation due to the splunk couldn't aggregate logs I want to use arcsight smart connector, I think I should use splunk app fo... by sabaKhadivi Path Finder in Splunk Search 02-02-2019 0 1	0	1
How to get calling report/alert name/title from called saved-macro? I'm using a search-macro in alet(s), the search-macro is writing search (alert) results to file, I would like to crea... by bhupalbobbadi Path Finder in Splunk Search 02-02-2019 1 1	1	1
Splunk eval if with wildcard Im trying to set a boolean based on a match in a string. I want to set a value to 1 if it does not match ingestion* a... by sboogaar Path Finder in Splunk Search 02-02-2019 1 4	1	4
How to use jquery confirms and alerts in splunk. How to use jquery confirms and alerts in Splunk by abdullawells89 New Member in Splunk Search 02-02-2019 0 2	0	2
How do you make it so an event field name doesn't overlap with Splunk default fields? Hi there, I have a dataset that writes a logfile that has a field named host in it by default. Is there a way to ma... by zhatsispgx Path Finder in Splunk Search 02-01-2019 0 2	0	2
Why would the rex command ignore special characters in a search? I have my log like params=All Items \| ABC \| 2019-01-29 \| \| \| \| \| \| \| = \| \| = \| \| \| \| \| \| ,uri=/api/items... by skhprabu New Member in Splunk Search 02-01-2019 0 2	0	2
regex field extraction - match field in double quotes after sting match I'm attempting to build a regex that will extract a field enclosed in double-quotes, after a string match. Basically ... by rotundwizard Explorer in Splunk Search 02-01-2019 0 8	0	8
Can you help me build a search that finds scheduled reports that are running? Hi! I need help with a search to find scheduled reports that are running. I want to know what are exactly running ri... by amirarsalan Explorer in Splunk Search 02-01-2019 0 4	0	4
search to find total amount in a particular index Im looking to find the total amount of data that was ingested for a particular index. We usually use out deployment s... by vonsolo29 Explorer in Splunk Search 02-01-2019 0 4	0	4
How do you do a conditional Eval? The scenario is this. I have a two field name name joe and bob. if bob help a job it indicate yes as its field value... by marjonhtuazon Explorer in Splunk Search 02-01-2019 1 4	1	4
Percentage not showing on Timechart correctly Hi Splunk Experts, I'm doing a calculation and adding to timechart like so eval ... by luckyman80 Path Finder in Splunk Search 02-01-2019 0 3	0	3
How do you edit props.conf to correctly parse data from a PowerShell script? I have a powershell script which feeds data into Splunk via a UDP port. The output of the script is as follows: Abat... by ckeller2791 Explorer in Splunk Search 02-01-2019 0 3	0	3
How to match the values from different rows on a table and compare result. I have 2 tables contains random msisdn which can be repeated in one another as follows: Table1 \| Table2 msisdn1 ... by mandarpim New Member in Splunk Search 02-01-2019 0 5	0	5
Can someone explain concurrent historical searches to me? I do not understand what is meant by concurrent historical searches. Can someone else explain what it means to me? ... by sboogaar Path Finder in Splunk Search 02-01-2019 0 7	0	7
In a table output that uses the stats command, how do you convert a row to a header? How do I convert the output of a table from stats command that looks like this: TIME VALUE METRIC time1 ... by dtakacssplunk Explorer in Splunk Search 02-01-2019 0 3	0	3
How to set height for bar chart Bars? I have created a few bar charts. In that few of the charts have 10 bars,5 bars, and 1 bar. All of these charts bars s... by sajithpm101 New Member in Splunk Search 02-01-2019 0 1	0	1
How do I extract a field between two strings using a regular expression? I have logs having string like: 127.0.0.1\|> GET /alldata 127.0.0.1\|> GET /somedata 127.0.0.1\|> GET /nodata 127.0.0.1... by rohanmiskin Explorer in Splunk Search 02-01-2019 0 2	0	2