Splunk Search

Community Activity

	Simple search extraction for lines of text with spaces ??? Hey Guys, I seem to be struggling to pull out some what I thought would be simple searches. An example result coul... by AaronMoorcroft Communicator in Splunk Search 01-22-2019 0 9	0	9
	How do you create several multivalued fields? Hi all, I have several events like this: Field_A // Field_B // Field_C A // 1 // z A // 2 // z B // 3 // y B // ... by MaryvonneMB Path Finder in Splunk Search 01-22-2019 0 2	0	2
	How to specify which columns are totaled up? What columns can I somehow override and specify which ones are totaled up? I only want the count to be totaled but ot... by jaj Path Finder in Splunk Search 01-22-2019 0 2	0	2
	How come my trendline is not displaying on a single visualization? How can I get trendline data to show up on a single visualization using the following query? The results come back fi... by jaj Path Finder in Splunk Search 01-22-2019 0 2	0	2
	How do you use multiple by fields with a trellis layout? Hi all, I want to get the average from a value, group this by cluster and hostname and show the value in a timechart... by tgdvopab Path Finder in Splunk Search 01-22-2019 0 3	0	3
	How do I display text in a dashboard panel based on the event coverage percentage in its corresponding pivot? I want to display text in the middle of the panel that is based on the value of a status code or its percentage. I'v... by splunkwiz New Member in Splunk Search 01-22-2019 0 0	0	0
	Line chart of daily event totals over N-days I need to display trending IP events over the course of 90 days with each day being a sum of the events. My original... by scotmatson Explorer in Splunk Search 01-22-2019 0 0	0	0
	How do you make a regular expression to extract the first 4 words in a sentence? I need to extract the first 4 words in a field with sample data like this, "The team performs checks for the follow... by dojiepreji Path Finder in Splunk Search 01-22-2019 0 3	0	3
	Old Index Old Sourcetype New Field - Search Issues Hi all, I have used back the old index & sourcetype but i have re-created new field names for my dashboard. when usi... by hkchew New Member in Splunk Search 01-22-2019 0 4	0	4
	It appears you do not have an active Support Contract or entitlement and as a result, cannot open a Support case ! Hello splunkers, I tried to submit a new case but unfortunately i got this error : "It appears you do not have an ... by baroudiem New Member in Splunk Search 01-22-2019 0 6	0	6
	match and count in numerical from events Hello, I have a CSV file containing two columns URL and IP. I'm using it to retrieve only events were a match is fou... by adabud6267 Explorer in Splunk Search 01-22-2019 0 0	0	0
	How to change the timestamp of duplicate events I tried to change the time stamp of duplicate events. Can any one suggest me a solution. by sesharao92 Explorer in Splunk Search 01-22-2019 0 1	0	1
	Need to find the ADM accounts with help of Normal accounts We have 2 types of accounts in our organization user adm-user I can find the disabled users in the organization, b... by deepak007 Explorer in Splunk Search 01-22-2019 0 0	0	0
	Can you help me with my multi-line field extraction? Hi, I am looking to extract fields from multi-line events. Some of the events are more than 20 lines. When I am tryi... by AKG1_old1 Builder in Splunk Search 01-22-2019 0 4	0	4
	How do you get an average based on a date field? I have a Splunk log in JSON format as follows: {"SCMSplunkLog":{ "SCMSuccessLog":{ "payload":{ "sourceCount":0,"leve... by karthi25 Path Finder in Splunk Search 01-21-2019 0 1	0	1
	Can you tell me the difference between two boolean expressions? Hi, I am currently figuring out what is wrong with my boolean expression. Currently, I'm making a whitelist of app... by y2kbcm Explorer in Splunk Search 01-21-2019 0 2	0	2
	Cant ingest csv with £ sign, changes to \XA Good evening one and all, I have CSV files that have monetary values in them, however when they are ingested into sp... by rossparfect Path Finder in Splunk Search 01-21-2019 0 2	0	2
	How do you create dummy values in a trellis chart? I have locations 1-6, and I am needing them to stay in the same spot, even if in the time event, there is not a quant... by tseale New Member in Splunk Search 01-21-2019 0 7	0	7
	How do I get results of all values in 2 subqueries? i have 2 of the same subqueries in my search with different time periods. So, both results are different. If I use ... by Anantha123 Communicator in Splunk Search 01-21-2019 0 2	0	2
	How do you extract multiline fields based on a different string? Hi, I am looking to extract fields from multi line events. I have two different types of events. I'm looking to dist... by AKG1_old1 Builder in Splunk Search 01-21-2019 0 6	0	6
	How do you find the difference between the following two events? Hi, I have two events: event1: field1="A",field2="ABC",.....,fieldN="12" event2: field1="B",field2="ABC",.....,fiel... by yko84109 Loves-to-Learn in Splunk Search 01-21-2019 0 2	0	2
	Is it possible to display\calculate the ISO year number for a date ? With strftime(_time, "%Y-%V"), I can create a period to sort on a year and ISO weeknumber. When I have events on 30-... by dirkpeter New Member in Splunk Search 01-21-2019 0 4	0	4
	How to create a field with selected values of the same field Hi , I have OS field which has many rows .In that i need to filter only the below values and create a field , Windo... by umsundar2015 Path Finder in Splunk Search 01-21-2019 0 2	0	2
	How do you search for a specific word when you don't know what the field is? Heya Guys, I'm very new to Splunk and this is likely an obvious answer or I have skimmed across documentation and mi... by brewster88 New Member in Splunk Search 01-21-2019 0 3	0	3
	Deploy search head cluster Hello, I'm deploying a search head cluster and I have a doubt about the steps described on the following link: http... by siemteam Explorer in Splunk Search 01-21-2019 0 4	0	4