Splunk Search

Community Activity

How do you find the time difference for fields within transactions? CorrelationID=1==, CaseID=2 endProcess=SubmitInfo , 2019-02-02 11:02:06,130 CorrelationID=1==, CaseID=2 STartProcess=... by venkatrajan04 New Member in Splunk Search 02-04-2019 0 3	0	3
Proofpoint is not loading I installed the add-on for proofpoint. The add-on link is https://splunkbase.splunk.com/app/3681/. I am using splun... by graju89 Path Finder in Splunk Search 02-04-2019 0 0	0	0
How to use condition search by check on $click.value$ of parameter. Hello I have 2 chart (1. Top 10 Signature) (2. Source IP Address) My query can show overall event but can't show spe... by mindterrian New Member in Splunk Search 02-04-2019 0 4	0	4
using map and if/isnull but missing fields in base is causing failure hi could someone please help me out here. been stuck with a problem. we have multiple existing queries in our environ... by milidna13 New Member in Splunk Search 02-04-2019 0 3	0	3
What is the meaning of the following statement? In the following search: index=_internal source=*metrics.log group="per_host_thruput" \| eval GB=kb/1048576 \| stats s... by sbgoldberg13 Explorer in Splunk Search 02-04-2019 0 4	0	4
Syslog forwarding and load balancing Hello, I would like to know if it is possible to have load balancing for the syslog forwarding feature of Splunk. Fo... by jwillaime Explorer in Splunk Search 02-04-2019 0 2	0	2
Concurrent scheduled saved searches I have about 50 saved scheduled searches that run every minute. And now, there is a situation that every minute those... by bckq Path Finder in Splunk Search 02-04-2019 0 2	0	2
Can you help me update some field values from a lookup table? Hi Team, I have the following field values in a look up file BUS_DT+1,11:00 BUS_DT+0,12:00 i want to update the f... by pench2k19 Explorer in Splunk Search 02-04-2019 0 8	0	8
How to search for all devices in my environment that are sending logs to Splunk? Morning Guys I'm mid plan for ripping out our Splunk environment and starting again. As some of you may be aware fro... by AaronMoorcroft Communicator in Splunk Search 02-04-2019 0 3	0	3
chart stacking i have a single column with different values. i would like to show them as a stacked bar chart.. but when i chart th... by jiaqya Builder in Splunk Search 02-04-2019 0 2	0	2
newline in Splunk query Hi, Please help me with a newline command in Splunk query by v709587 Explorer in Splunk Search 02-04-2019 0 8	0	8
Combining fields from 2 sourcetypes in a stats block All, my query below just returns the values from the first sourcetype (first 3 lines in \|stats). The fields from the ... by akelbr Explorer in Splunk Search 02-04-2019 0 8	0	8
Extracting text from fields Question How would you create a new field for example, color, by extracting the text from the value to an existing field, for ... by hredd New Member in Splunk Search 02-04-2019 0 6	0	6
Is it possible to kill or disable long running searches?? Hi, is it possible to kill or disable long running searches automatically. For example whenever we hit performance is... by dbashyam Explorer in Splunk Search 02-03-2019 0 6	0	6
Excluding a list of IP's from the results I have a list of IP's in a CSV that I need to exclude from the results of a query. Below is a my query. How can I app... by samble Path Finder in Splunk Search 02-03-2019 0 2	0	2
Splunk aggregation due to the splunk couldn't aggregate logs I want to use arcsight smart connector, I think I should use splunk app fo... by sabaKhadivi Path Finder in Splunk Search 02-02-2019 0 1	0	1
How to get calling report/alert name/title from called saved-macro? I'm using a search-macro in alet(s), the search-macro is writing search (alert) results to file, I would like to crea... by bhupalbobbadi Path Finder in Splunk Search 02-02-2019 1 1	1	1
Splunk eval if with wildcard Im trying to set a boolean based on a match in a string. I want to set a value to 1 if it does not match ingestion* a... by sboogaar Path Finder in Splunk Search 02-02-2019 1 4	1	4
How to use jquery confirms and alerts in splunk. How to use jquery confirms and alerts in Splunk by abdullawells89 New Member in Splunk Search 02-02-2019 0 2	0	2
How do you make it so an event field name doesn't overlap with Splunk default fields? Hi there, I have a dataset that writes a logfile that has a field named host in it by default. Is there a way to ma... by zhatsispgx Path Finder in Splunk Search 02-01-2019 0 2	0	2
Why would the rex command ignore special characters in a search? I have my log like params=All Items \| ABC \| 2019-01-29 \| \| \| \| \| \| \| = \| \| = \| \| \| \| \| \| ,uri=/api/items... by skhprabu New Member in Splunk Search 02-01-2019 0 2	0	2
regex field extraction - match field in double quotes after sting match I'm attempting to build a regex that will extract a field enclosed in double-quotes, after a string match. Basically ... by rotundwizard Explorer in Splunk Search 02-01-2019 0 8	0	8
Can you help me build a search that finds scheduled reports that are running? Hi! I need help with a search to find scheduled reports that are running. I want to know what are exactly running ri... by amirarsalan Explorer in Splunk Search 02-01-2019 0 4	0	4
search to find total amount in a particular index Im looking to find the total amount of data that was ingested for a particular index. We usually use out deployment s... by vonsolo29 Explorer in Splunk Search 02-01-2019 0 4	0	4
How do you do a conditional Eval? The scenario is this. I have a two field name name joe and bob. if bob help a job it indicate yes as its field value... by marjonhtuazon Explorer in Splunk Search 02-01-2019 1 4	1	4