Splunk Search

Community Activity

"search base=X" not working with append I am using the "search base=X" approach to generate stats. When I try to run two searches using append (or join etc)... by ChrisCLewis Communicator in Splunk Search 01-10-2019 0 11	0	11
Why am I unable to convert _time to epoch with my search? _time 2016-03-02 07:00:13.405 Above _time is the data format in the logs. I need to find difference between a few d... by arunsubram Explorer in Splunk Search 01-09-2019 1 5	1	5
How do you extract everything that ends with a certain word? Hi all, I have this line in the event log ComputerName=sgp1ply1fe01.xxx I want to extract only "sgp1" using rex, ... by Cbr1sg Path Finder in Splunk Search 01-09-2019 0 4	0	4
Heavy forwarders are currently configured to send some palo alto logs to one server1 . Can you please let me know how to forward a copy of that same traffic to different serve2r(indexer), UDP 514? Current forwarding to server1 must remain in place. Heavy forwarders are currently configured to send some palo alto logs to one server1 . Can you please forward a copy ... by srampally Path Finder in Splunk Search 01-09-2019 0 1	0	1
Splunk Map issue when passing token on the kml map i have a plotted the map with the kml files . When i select a value from the dropdown to locate a point in the map, i... by Nadhiyaa Path Finder in Splunk Search 01-09-2019 0 0	0	0
Multiple Outputs - One Fails, Both Fail Hi there, I have a HF which has two outputs - one to a set of Splunk indexers and one to a TCP-based syslog server. ... by jharms70 New Member in Splunk Search 01-09-2019 0 1	0	1
How do I return a field(s) from a specific index, where the query has multiple search indexes? index=security sourcetype=symantec OR (sourcetyoe=WinHostMon (Path="malwarebytes")) \| fillnull value="" \| table H... by mmercola New Member in Splunk Search 01-09-2019 0 1	0	1
run a splunk query using a hyperlink Hi, I am creating a dashboard that will present various aspects of a given session, with the goal being to additiona... by kylegoldberg New Member in Splunk Search 01-09-2019 0 0	0	0
sum an unknown number of fields (with wildcards) I have event like _time host1=1 host2=10 host3=20 _time host1=2 host3=12 host3=30 The number of fields is not defin... by sbsbb Builder in Splunk Search 01-09-2019 1 5	1	5
How to query data that has no value? Hi fellow Splunkers! I'm hoping you can help my manager and I with a certain problem we're trying to solve. We have ... by dscott198 New Member in Splunk Search 01-09-2019 0 6	0	6
Trick to manage business hours / weekdays at search time Hello guys, this isn't a question just a trick  Add this to your query : \| appendcols [\| makeresults \|... by splunkreal Motivator in Splunk Search 01-09-2019 0 0	0	0
How to alert when we are receiving data from hosts that are not in a lookup, or are not receiving data from hosts in the lookup? Hi, We have a lookup table "hostlist" of hosts that need to be present in Splunk. For example host dns1 dn... by mlevsh Builder in Splunk Search 01-09-2019 0 10	0	10
Can you help me with a percentage calculation in Splunk? Hello, I need to do a percentage calculation, but I cannot. I have the data as follows: It is just a field named a... by hjsabdjahbd Observer in Splunk Search 01-09-2019 0 4	0	4
Using the foreach command, how do you reset the value of a field based on another field? How do you reset a value of a field (to 0) based on another field's 0 value (using foreach - as this needs to be done... by sahil237888 Path Finder in Splunk Search 01-09-2019 0 7	0	7
Transaction grouping between disparate logs with the same hostname hi there- trying to put together a query that will search two different sourcetypes for a hit within 1 minute where t... by daryllj Path Finder in Splunk Search 01-09-2019 0 4	0	4
Optimize transaction query Hello I have a transaction query which I would like to optimize. It is impossible to run the query for a few hours. I... by AnujaJ Path Finder in Splunk Search 01-09-2019 0 5	0	5
Easier navigation: How do you un drill down in Splunk-web? Drill down is one of the best features of Splunk, making it easy to use as a diagnostic tool when looking for unknown... by DarrinWest Engager in Splunk Search 01-08-2019 4 7	4	7
How can I filter different values from the same field ? Hi Experts, I have a field called "Login" in my events, which has various types of values such as "1111@domain1.com"... by pgadhari Builder in Splunk Search 01-08-2019 0 15	0	15
Splunk Enterprise Flow data indigestion limits Hi all, Can some one tell about Network flows indigestion capacity of Splunk enterprise solution.Like how much flo... by hariskhan Explorer in Splunk Search 01-08-2019 0 4	0	4
How do you Join tables using a common field? Hi all I am very new to Splunk, hoping someone can help me. I am working on creating a dashboard that gives us a ... by umakanth_k New Member in Splunk Search 01-08-2019 0 3	0	3
Why is my subsearch not working? I am trying the below subsearch, but it's not giving any results. "No results found. Try expanding the time range. " ... by utk123 Path Finder in Splunk Search 01-08-2019 0 3	0	3
IS there anything special required to move cold data to hot data? I am currently restructuring our logging architecture and want to move existing cold data to hot data but wanted to e... by lhanich1 Path Finder in Splunk Search 01-08-2019 0 1	0	1
Why is the calculated count for a field showing way more than the actual events? Hello, I am having trouble understanding why the counts for a particular field are off. The time frames for both the... by jordanking1992 Path Finder in Splunk Search 01-08-2019 0 2	0	2
Splunk Dynamic search using lookup I wish to populate a list of index names ( > 1) from a lookup table to a search query. Indexlookup.csv --> COL1 ... by rishiaggarwal Explorer in Splunk Search 01-08-2019 0 4	0	4
How do you pull data from a previous event? So here is what my Splunk data looks like... these 4 events are consistently sequential. › 1/7/19 1:02:11.211 PM ... by muzicman61 New Member in Splunk Search 01-08-2019 0 1	0	1