Splunk Search

Community Activity

How do I make a search that displays all events in a lookup and alerts if any are missing? Hello all, I need your help with the following search: I have a lookup file with a list of ids and account ID's ... by nuaraujo Path Finder in Splunk Search 12-12-2018 0 2	0	2
How do you set multiple tokens from the output of a search? Good Morning. I'm trying to populate an HTML page using the results of a search. To do this, I've been creating toke... by charlesmcdonald Path Finder in Splunk Search 12-12-2018 0 4	0	4
How do I properly convert to UNIX time using strptime with this specific example? The new myTimefield is blank for some reason -- anyone know why? Consider the below code I'm using: \|makeresults \|ev... by russell120 Communicator in Splunk Search 12-12-2018 0 3	0	3
How can I add a field to an extra column, depending on a condition? Hi, My log files look like this: ID Job_Type Target Event1 1 A X Event2 1 B Y Event3 2 A... by j_r Path Finder in Splunk Search 12-12-2018 0 7	0	7
Can you give me some Nullque regex help? On a heavy forwarder, I have the following in the props and transforms files: props.conf [source::/opt/TJApplication/... by MikeBertelsen Communicator in Splunk Search 12-12-2018 0 5	0	5
Why are my multi-line events getting split? I am trying to prevent my multi-line events from being broken into individual rows. My logs are similar to this: 201... by tilbins Explorer in Splunk Search 12-12-2018 0 6	0	6
How do I change the font color in a chart depending on a value? Hello, I try to change the font colour within a chart. Unfortunately I can only create dashboards and don't have any... by jmauritz New Member in Splunk Search 12-12-2018 0 3	0	3
How do I get the total and percentage on each row on the following table? Hello there, My current code is giving me the following (if the screenshot is not clear, I provide the numbers later... by skribble5 Explorer in Splunk Search 12-12-2018 0 3	0	3
how to combine/merge multiple generic fields/columns in one field/column with average calculation per generic field/column values in Splunk? hi, I have following situation in splunk (see picture below). I need following pattern in Splunk (see picture bel... by AlexHoller New Member in Splunk Search 12-12-2018 0 1	0	1
Can you help me with a subsearch across two indexes? Hi Folks, I'm using Splunk version 4.0 (with App verion 6.6.1) and I'm pretty new to Splunk — I've been using it for... by smoig New Member in Splunk Search 12-12-2018 0 2	0	2
Can you help me to create a join in a lookup file? Hi all, I need your help. I created a lookup file (hierarchy_lookup.csv) with this layout I would like to create ... by kingwaras Engager in Splunk Search 12-12-2018 0 3	0	3
How to disable the app icon background color in Splunkbase later on? In our inital release version 0.9.0 (https://splunkbase.splunk.com/app/4317/) we intentionally adjusted the app navig... by TGeorgeDN Engager in Splunk Search 12-12-2018 1 0	1	0
Is there any way to fix cut-off Sparklines? Hello all, I have been adding sparklines to my tables. I noticed that sometimes the sparklines look cut off at the e... by whrg Motivator in Splunk Search 12-12-2018 1 0	1	0
C# SDK separate field notation Hey, i would like to send fields separate from raw data, so its not displayed in normal search result eventtext, onl... by ybartel New Member in Splunk Search 12-12-2018 0 0	0	0
columns with fwdtype i am looking for ideas how to generate report in the following format Clustername HF UF cl01 ... by shihabno New Member in Splunk Search 12-12-2018 0 0	0	0
How to remove one field to be shown in column chart I have created a query which have 4 columns in statistics and want to show column chart as well but with 3 columns. h... by sindhoo Engager in Splunk Search 12-11-2018 0 6	0	6
Export to dump with wrong values in fields Hi, I'm trying to export some data with the dump command, the data from the dump is not exported correctly, some valu... by rosantos New Member in Splunk Search 12-11-2018 0 3	0	3
How do you manipulate table results from a combined results? Hi, I am stuck trying to manipulate my table when using a subsearch. Please see below query. search .... \| stats c... by mabinn Explorer in Splunk Search 12-11-2018 0 4	0	4
How do I query the percentage of unique sessions seeing errors? I'm trying to come up with a query that's a percentage of users (via session ids) experiencing errors. i can find the... by cochang New Member in Splunk Search 12-11-2018 0 1	0	1
Ignore a row to calculate Summary total in Table? Data is like below: Is there any way to enable Total Summary but ignore "%" row to calculate Total? by ansif Motivator in Splunk Search 12-11-2018 0 3	0	3
Create a table that contains 'ALERTS'. User will verify the alerts, click on the specific event and the particular event will disappear. Hi all, I would like to create a table that contains 3 scenarios. ( Low, High, Severe) The table will keep appendi... by marvinlee93 Explorer in Splunk Search 12-11-2018 0 2	0	2
How do you search one way between two deployments/environments? I have inherited an deployment that has multiple environments: PROD, FTI, and oldFTI. I am needing to search from FTI... by cboillot Contributor in Splunk Search 12-11-2018 0 1	0	1
splunk admin system admin - lab is closed same day?? Hi I was participating today to system admin course and found out at the end of the course the lab will be active on... by net1993 Path Finder in Splunk Search 12-11-2018 0 7	0	7
How would I divide this table into hours? source=****** "Result from operation" \| rex field=message ".?returnCode=(?<code>\d+)." \| eval status=if(code=0000,"... by wagnerj02 Engager in Splunk Search 12-11-2018 0 8	0	8
How to convert string to date? I have an existing column "Date" and I need to convert it from a string like 4/2/2018 to a date of 4/2/2018. I've tr... by jimbolya11 New Member in Splunk Search 12-11-2018 0 4	0	4