Splunk Search

Community Activity

How do you color code a cell? I've read through a lot of articles, but I can't figure out how to make this work. My query is below. For ease of rea... by jsights New Member in Splunk Search 12-10-2018 0 1	0	1
Can you help me visualize my input lookup file? Hello There, I have a file CSV as shown in the attached screenshot. I want someone to help me to draw these dates on... by dinaabdelhakam Path Finder in Splunk Search 12-10-2018 0 1	0	1
How do I reconstruct the path of a message across multiple events? I have a log file from our ESB that has multiple events for each message. I want to join those back together so I can... by asturt Explorer in Splunk Search 12-10-2018 0 2	0	2
How do you compare a previous average with the current actual count? Hello, I am trying to write an SPL to do the below but hitting a road block. Can someone please help!! Date ... by rohitmaheshwari Explorer in Splunk Search 12-10-2018 0 1	0	1
How do i display the latest event from two event IDs by computer name? Hello, I am trying to complete a query that allows me to see both the latest failed and successful backups from eve... by willsy Communicator in Splunk Search 12-10-2018 0 4	0	4
What would be the best way to use index and source type for multiple projects? Hi everyone, I am new to Splunk and i have a quite a few projects in my organization. I know that an index can have ... by casmond New Member in Splunk Search 12-10-2018 0 2	0	2
Can you help me combine 2 queries into a timechart? Hi all, I have the following data and I need some help to progress further. I have fields: _time uniqueId action us... by cindywee New Member in Splunk Search 12-09-2018 0 2	0	2
How do you use the value of the lookup filename as a field in the search result? Here is the search and lookup, I need to capture the value, last_logon_lookup_20180928.csv We need the value in bold... by roayers Explorer in Splunk Search 12-09-2018 0 3	0	3
Drilldown on results of a subsearch not working Woodcock - As a new question to the previous one that you help resolve - do you have any idea why the drilldown isn't... by doogan12 Engager in Splunk Search 12-09-2018 0 16	0	16
How to use a different time range within a subsearch? Splunk rookie here, so please be gentle. I am hoping someone can help me with a date-time range issue within a subse... by lblackey Engager in Splunk Search 12-09-2018 1 8	1	8
How to add % symbol with data labels in charts? I want to add % symbol with both the y-axis legend and data labels Thanks in advance! by ny34940 Path Finder in Splunk Search 12-09-2018 0 13	0	13
How to get Splunk btool command to return an exact match? Hi, I have savedsearches like: dev_sudo dev_sudo mod dev_sudo mod2 How to dump the first with btool? If I use spl... by lukasz92 Communicator in Splunk Search 12-08-2018 0 3	0	3
How do you extract a hostname from a source path? Hello all , I've configured Splunk to monitor directory , i.e. /usr/home/test/* for new CSV files ( periodically ... by rkatsnel New Member in Splunk Search 12-08-2018 0 6	0	6
Join Earlier Joins with Later I'm doing a join where I want to only get subsearch events that happened before the parent search event. Thus, I'm u... by grex2595 New Member in Splunk Search 12-08-2018 0 1	0	1
How to trigger the DMC Alert - Near Critical Disk Usage alert on the monitoring console? Hello, I've been asked to set up an alert for disk space exceeding 80%. I enabled the DMC Alert - Near Critical Di... by moizmmz Path Finder in Splunk Search 12-07-2018 0 3	0	3
Why am I seeing several thousand skipped searches per day in the Splunk Deployment Monitor app? Using Splunk 7.2.0. While looking at the Monitoring Console and performing this search (see below) , I see almost 70... by juanlazarosanch New Member in Splunk Search 12-07-2018 0 1	0	1
Subsearch leading to I notice that the below query results in 0 events, whereas the baseSearch alone results in 11 events and the sub-sear... by samtheman Engager in Splunk Search 12-07-2018 0 3	0	3
How can I make my table results in 3s time intervals? Query I am running: index="dcg-video-eng-live-services-stage" \| spath "message.req.originalUrl" \| search "message.re... by moizmmz Path Finder in Splunk Search 12-07-2018 0 8	0	8
How can I split JSON into multiple events? Hi, can anyone help me a bit? i am trying to split an event in more lines or more events, every events got multiple ... by 0xlc Path Finder in Splunk Search 12-07-2018 0 2	0	2
How do I convert epochtime = -1 to a human readable format? I am creating a dashboard for Tenable results and some entries have a Patch Publication Date value of -1. I'm having ... by lball Explorer in Splunk Search 12-07-2018 0 3	0	3
How should I rename a dynamic value after using the timechart count by? Hi All, I am using this search string as below : (some data- index, host, etc)............. \| xmlkv \| search "ns0:Ap... by vaibhavvijay9 New Member in Splunk Search 12-06-2018 0 3	0	3
How do I make a query which finds logs where the value for a field matches? Log1: id=5 errorA Log2: id=5 errorB I would like a query to return the logs with the same id value grouped together.... by infcl Explorer in Splunk Search 12-06-2018 0 1	0	1
How do I search for events within _indextime? I understand the behavior of Splunk when using _indextime, but I want to know what query would do what I really am lo... by mcbradfordwcb Engager in Splunk Search 12-06-2018 0 7	0	7
Is there a way to draw the line of where the cutoff point for outliers is? I refer to the outlier command https://docs.splunk.com/Documentation/Splunk/7.0.4/SearchReference/Outlier *Is there ... by HattrickNZ Motivator in Splunk Search 12-06-2018 0 0	0	0
How do I extract a value from the the following JSON? I want to extract the following values from below JSON. Values needs to be extracted from the highlighted text in Bol... by abhishekgandhe Explorer in Splunk Search 12-06-2018 0 2	0	2