Splunk Search

Community Activity

Can Splunk charts display a logrythmic Axis? Hi, Is there an option for Splunk to display chart axis logrythmically? I don't see an option in the standard chart... by a212830 Champion in Splunk Search 01-14-2019 1 2	1	2
How do you add a blank row after each unique host in search results? I have a search statement in a customized dashboard to show the disk utilization of my servers. I would like to add a... by kenntun Engager in Splunk Search 01-14-2019 0 8	0	8
Need to hide data in DB connect Hi Team, I have 2 sources & have 12 months of data in DB connect app , Can we hide particular month of data in DB co... by rakesh44 Communicator in Splunk Search 01-13-2019 0 5	0	5
Query substring of value stored in token I have a $token$ with value 192.168.25.2. How do I perform a query for all addresses that have 192.168.25.* excluding... by burchl New Member in Splunk Search 01-13-2019 0 7	0	7
Why is my search head sorting columns when displaying statistics/visualizations? We have two search heads, one for general use and one for Enterprise Security. Any table/stats searches on the ES se... by gf13579 Communicator in Splunk Search 01-13-2019 0 7	0	7
How do you extract an XML tag from _raw field? Hi all, I'm new to Splunk and don't have much idea of regex. I'm trying to extract the content of "faultstring" tag... by mukesh2019 Explorer in Splunk Search 01-13-2019 0 3	0	3
Can I exclude certain columns in a table from drilldown? Hello, Basically, I just want to know if there is a way in the Splunk XML to exclude certain columns in a table from... by mal81394 New Member in Splunk Search 01-12-2019 0 3	0	3
Reindex a file on 3000 machines All, I indexed a 30-line config file off all our Linux hosts. But accidentally used the wrong source-type and index... by daniel333 Builder in Splunk Search 01-12-2019 0 4	0	4
interesting regex Hi, I have data that looks like this 2018-06-11 23:37:11,035 pool-10-thread-1 DEBUG c.i.w.i.s.WholesaleCVRService ... by dbcase Motivator in Splunk Search 01-12-2019 0 5	0	5
Dynamic eval if match from a list of values - foreach? A standard eval if match example is below. Any ViewUrl value which starts with /company/.* has the entire string re... by DanielFordWA Contributor in Splunk Search 01-12-2019 0 8	0	8
How do I get the timechart results for a summary index query? I have a query which uses the summary index and some lookup tables with eval conditions and ends with... \| chart co... by pavanae Builder in Splunk Search 01-12-2019 0 6	0	6
Multiple If Statements (Comparing Two Columns) Hello, I have information being indexed from a website that does constant ping tests. The information that I am retr... by dfrench151 Explorer in Splunk Search 01-12-2019 0 4	0	4
ID of the max value event Hello! I have a table like this ID, OperationName, Duration 1, oper_x, 114 2, oper_x, 117 3, oper_c, 76 4, oper_z, 8... by kvaga Explorer in Splunk Search 01-12-2019 0 7	0	7
How to Change Cisco SG350 Switch's sourcetype from syslog to cisco:ios? I have Cisco Networks App for Splunk Enterprise version 2.5.6 and Cisco Networks Add-on for Splunk Enterprise version... by splunkot New Member in Splunk Search 01-11-2019 0 2	0	2
How do you treat a variable value as another field with Splunk? I have a field named "object_XXX_property", where XXX string is dynamically generated and is held in another field na... by derekho55 Explorer in Splunk Search 01-11-2019 1 7	1	7
Help with slot time conditions hi i use the request below but i have an issue with the relative_time: secondlastday=I dont want to have events afte... by jip31 Motivator in Splunk Search 01-11-2019 0 7	0	7
How do you correlate one field between two sources, and then if they match, find value from another field from the second source type? I have: sourcetype_a` and`sourcetype_b Where one field message_ID exists in both source types. I want to loop thr... by luke222010 Engager in Splunk Search 01-11-2019 0 3	0	3
[hdfsprovider] Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table Hi all, I have a CSV lookup file to map with one field in my indexed data. The search was working perfectly before, b... by dannili Communicator in Splunk Search 01-11-2019 0 3	0	3
How to call Splunk custom endpoint using jquery ? Dear all, I wish I could make a call such as $.ajax(...) to my custom endpoint. But which Splunk method should I us... by ecoquelin Explorer in Splunk Search 01-11-2019 0 1	0	1
Custom app logo spanning across app navigation menu bar in Internet Explorer The custom app logo which appears on the right side of the app navigation menu bar appears fine in Google Chrome, Fi... by cdtrialsplunk Explorer in Splunk Search 01-11-2019 0 0	0	0
How to improve efficiency of my regex statement? I have this query \| rex field=_raw "(?ms)^[^\]\n]\]\s+(?P[^:]+)(?:[^:\n]:){2}(?P[^,]+)[^:\n]:\w+=(?P[^,]+)[^;\n];... by JoshuaJohn Contributor in Splunk Search 01-11-2019 0 4	0	4
How do you populate a field if the search time extracted field (using regular expression) is not presented in the logs? Hi All, I am trying to populate a custom field value if my search time extracted field is not present in the raw lo... by raj_mpl Path Finder in Splunk Search 01-11-2019 0 15	0	15
Can you help me create a regular expression to extract 2 values from a string? log1: com.google.AbcdExtension] [mthd] \| null - Bound CLINIC-MBR-GROUP-INC:23490110094900 -- total execution to... by arjun_krishna Explorer in Splunk Search 01-11-2019 0 9	0	9
How do you find consecutive events in two different searches? Hi, This is a newbie question. I have two different searches. I want to combine the search results and only display... by funnysage Loves-to-Learn in Splunk Search 01-10-2019 0 5	0	5
How do you sort dates from newest to oldest in a drop down? I have a drop down which populates the dates in MM/DD/YYYY format, which is an extracted field in the raw data. I wa... by vrmandadi Builder in Splunk Search 01-10-2019 0 10	0	10