Splunk Search

Community Activity

Can we create outputlookup table user based? Hi, As we know that, lookup table can be created as global, if file is located at '$SPLUNK_HOME/etc/system/looku... by sumangala Path Finder in Splunk Search 01-02-2019 0 8	0	8
Splunk search causes browser to crash One of the searches by our user caused his browser to crash. "index=oseventlog OR index=activedir OR index=oseventlo... by mlevsh Builder in Splunk Search 01-02-2019 0 8	0	8
Can you answer a couple of questions for me regarding the certification exam? folks, just checking your experience with Recertification and Splunk Enterprise Certified Architect Anyone have do... by koshyk Super Champion in Splunk Search 01-02-2019 0 4	0	4
Custom lookup table used in search I created a csv file that has two columns, name and ip. I've uploaded the csv and I want to use the name column as li... by mpunderw Engager in Splunk Search 01-02-2019 0 3	0	3
How to add a wild card to all the field values at the end of a field? I have a query as follows \| inputlookup hosts.csv \| table host \| format Which gives the result as follows ( ( h... by pavanae Builder in Splunk Search 01-02-2019 1 4	1	4
Index time extraction: How to field extract from source, with two capturing groups? This is an example of my source: /frameworks/app_console-ui_v656_web_0/runs/latest/errors.stdout I am using the fo... by splunkIT Splunk Employee in Splunk Search 01-02-2019 1 2	1	2
How do you change the background color of a timechart if there is a value of zero ? I have a simple timechart that looks at the _internal index for various hosts and makes a simple timechart span by ho... by DEAD_BEEF Builder in Splunk Search 01-02-2019 0 6	0	6
remove lines containing stack trace Hello, I just started to use Splunk to search and generate reports from logs collected from a Java application. Somet... by asalinas New Member in Splunk Search 01-02-2019 0 0	0	0
Upgrade Splunk Instance to 7.2.x - showing Splunk>Hunk instead of Splunk>Enterprise After the upgrade to 7.2.1 all instances show Splunk>Hunk instead of Splunk>Enterprise This is also affecting previou... by rbal_splunk Splunk Employee in Splunk Search 01-02-2019 0 3	0	3
Base Searches and postprocess Hi! I have a dashboard with 4 panels. I use a base search "baseSearch1" and two post process searches based on my ba... by raphgoncalves Explorer in Splunk Search 01-02-2019 0 7	0	7
How to join large tables with more than 50,000 rows in Splunk? How do you join large tables? It is impossible to join tables with more than 50k rows in splunk, so I'm using some t... by 0range Communicator in Splunk Search 01-02-2019 1 16	1	16
How do you use strptime with different date formats? I have two date formats coming into my index (01/11/2018) and (01/11/18). I wrote: \| eval LastSeen_epoch = strptime... by JoshuaJohn Contributor in Splunk Search 01-02-2019 1 2	1	2
How do you fix the font size of each single value display panel? How do I fix the font size of each panel as in this i have used single value display with concatenate option but as p... by shishirkumar Engager in Splunk Search 01-02-2019 0 4	0	4
How do I replace '," with ";" between a bracket? I have raw data: IMS,CSCF1,,,{REGISTER,19728881234@domain.com;user=phone,200},,{PUBLISH,19728881234@domain.com;use... by jianyu75074 New Member in Splunk Search 01-02-2019 0 2	0	2
Can you help me format system time? hi, I need to format SystemTime='2018-12-27T04:26:29.200782700Z' like this : yy:mm:dd hh:mm Could you help me plea... by jip31 Motivator in Splunk Search 01-01-2019 0 7	0	7
How do you find the disabled usernames along with the status of their respective adm-usernames? I have 2 types of account for the same user's like 1. username 2. adm-username As a requirement, I need to find the ... by deepak007 Explorer in Splunk Search 01-01-2019 0 6	0	6
Can you help me get my subsearch to work? Hi guys, i need help with a search. I believe it's a subsearch that i need (I need a variable output of one search ... by keiran_harris Path Finder in Splunk Search 01-01-2019 0 5	0	5
Cab a field be used in stats command that's declared in eval command? BaseSearch>\|convert auto(A)\|appendcols[\|convert auto(B)]\|eval C=A-B\|table A B C This gives the result as A B ... by gokikrishnan New Member in Splunk Search 01-01-2019 0 7	0	7
convert num(fieldname) as depth does not convert field to a number When I run the following search, the field does not convert to a number: search\| convert num(Samples.Sample.Depth) as... by tzitello_splunk Splunk Employee in Splunk Search 01-01-2019 0 2	0	2
Can you help me figure out what is the job of the rex field in this line? This is the search: index=vha_pronto sourcetype=pronto_neopil_prd NOT [ search index=vha_pronto sourcetype=pronto_ne... by ramanir New Member in Splunk Search 01-01-2019 0 6	0	6
Convert num not working Convert does not work search \| convert num(quantity) as Quantity The quantity field samples are: 1.0000 ... by venanciop New Member in Splunk Search 12-31-2018 0 3	0	3
How do I get the lower and upper bound of a timechart and use these in an eval? Is there any way to get the upper and lower bound dates for a timechart that has a span of weeks? \| timechart span=... by dojiepreji Path Finder in Splunk Search 12-31-2018 0 5	0	5
Can you help create the regex to extract a field from a XML log? hello, In the log below, I want to extract the field TIMECREATED SYSTEMTIME https://cjoint.com/c/HLDpeThG7Qd Could... by jip31 Motivator in Splunk Search 12-31-2018 0 1	0	1
How can i calculate the minimum time per source(log file) and then get the logs with a time difference of more than 6 minutes? I have a WAF log source where logs are written to CEF files. I need a search that calculates the minimum time per lo... by aamer86 Path Finder in Splunk Search 12-31-2018 0 4	0	4
Prefix search no results Hi, I am making a query where it get some raw syslog data and format into columns with some filters. When I search ... by gmasca Explorer in Splunk Search 12-31-2018 0 4	0	4