Splunk Search

Community Activity

How do I merge values from two fields into key/value pairs in one field? We have the following sample event data: Timestamp=2018-11-27_14:32 Hostname=xxxxx Service=xxxxx Domain=xxxx JVM=xxx... by luke222010 Engager in Splunk Search 11-28-2018 0 5	0	5
checkpoint Log R80.10 with log forwarder to Splunk (win) field extraction Hi - We're on R80.10 and the logs are coming through fine into a separate index. I've installed the Check Point App ... by sworton Explorer in Splunk Search 11-28-2018 0 0	0	0
How to get previous field value where other fields are equal? Im trying to find out how streamstats work, but the documentation is way off compared to the actual results in Splunk... by sboogaar Path Finder in Splunk Search 11-28-2018 0 1	0	1
How do I get the second datetime from the following log ? Hi Expert, I have the below log. In this, I have 2 different time with different formats. I need to set a second da... by vikas_gopal Builder in Splunk Search 11-28-2018 0 5	0	5
How can i use the append command based on an If condition ? Hi All, i have a base search ,with field A , If field A >0 , I have to append another search query that returns ... by harishalipaka Motivator in Splunk Search 11-28-2018 0 4	0	4
Search & timechart: faster and slower when using fields command? Hello! I have an index with more than 25 million events (and there are going to be more). There is a saved search th... by orinciog New Member in Splunk Search 11-28-2018 0 4	0	4
Is it normal for a rolling restart of 18 indexers to take 12-24 hours? We are having an issue recently where a rolling restart of our indexer cluster can take 12-24 hours for 18 indexers. ... by mschlapfer Explorer in Splunk Search 11-28-2018 1 2	1	2
Why is my lookup(.CSV) search not filtering results? I have a CSV lookup table that has 14,610 rows. I want to filter the lookup, so when I use it in my main query, it is... by angelagunn Engager in Splunk Search 11-27-2018 0 1	0	1
Join events with similar times I have an index containing failure events for both a system as a whole ("System") and individual sections of that sys... by mstark31 Path Finder in Splunk Search 11-27-2018 0 3	0	3
time picker Hi guys, I am trying to show 2 tables - one for the time frame using a time-picker and one search for the same time ... by seanmylne New Member in Splunk Search 11-27-2018 0 10	0	10
How do you add a row to a table that contains text and an eval value? I am creating a table that tallies each type of request per day. Table is as follows. Day \| Assigned \| Re... by dojiepreji Path Finder in Splunk Search 11-27-2018 0 2	0	2
How to map _introspection data.search_props.sid to the SPL of the search? I have a search that uses index=_introspection, to return to me searches and their memory consumption. For an event o... by efavreau Motivator in Splunk Search 11-27-2018 1 3	1	3
How to extract fields from JSON data automatically (without spath command) with TCP forwarding? Hello, 1- I was uploading my JSON formatted data to splunk manually up to now. My fields were being created for all ... by pkurt Path Finder in Splunk Search 11-27-2018 0 3	0	3
Can you help me with my field extraction weirdness? Hi, I have a field extraction situaton that I've never come across before, and hoping someone can help me. We have ... by a212830 Champion in Splunk Search 11-27-2018 1 24	1	24
Why does my drilldown with the rex command return an "Unbalanced quotes" error? Hello, I have the following drilldown in my dashboard panel: <link target="_blank"><![CDATA[search?q=inde... by damucka Builder in Splunk Search 11-27-2018 0 2	0	2
Generate a choropleth map based on the states using geo_us_states I am trying to generate a Choropleth map to show the density of requests for each state in the US. I am using the be... by rohit_kothuru New Member in Splunk Search 11-27-2018 0 6	0	6
How do I filter events based on LDAP search results? Hi guys, I would like to Filter Events based on the result of a LDAP search. Especially, I would like to get all Pas... by hayduk Path Finder in Splunk Search 11-27-2018 0 2	0	2
./splunk: cannot execute Hi, Im not able to run the splunk on Solaris, please let me know whats the problem. below is the solaris version and ... by kpgeroy New Member in Splunk Search 11-27-2018 0 1	0	1
Can you help me create the regex that captures a string with a space in it? Hello I have a field with a space in the string : Model=WDC WD5000LPLX-60ZNTT1 But SPLUNK displays only the chara... by jip31 Motivator in Splunk Search 11-27-2018 0 7	0	7
Can someone help me extract a string from a raw XML log? How do I use an eval field in a search command? Hi I have a Raw log with XML content in it. ex: 2018-06-19 15:35... by KowsiSakthi Engager in Splunk Search 11-26-2018 0 2	0	2
Real time window not working with timechart \| eval _time=_time+28800 \|timechart values(Acc_X_G) as Acc_X values(Acc_Y_G) as Acc_Y values(Acc_Z_G) as Acc_Z Abov... by marvinlee93 Explorer in Splunk Search 11-26-2018 0 3	0	3
Can you help me with the following regex? Hello I want to add a rex field in my search index="ai-wkst-wineventlog-fr" sourcetype="XmlWinEventLog" source="Xml... by jip31 Motivator in Splunk Search 11-26-2018 0 18	0	18
Creating End_Loading_Time Hi Splunkers, I am faced with another problem where the logs I have contain only 3 fields with Start_Loading_Time, _... by kakarsu New Member in Splunk Search 11-26-2018 0 6	0	6
Transaction command replies transaction duration for multiple start events and same stop event Hi All, I'm trying to figure out a query that can give me the transaction time of the earliest occurrence of the sta... by zakyx88 New Member in Splunk Search 11-26-2018 0 1	0	1
How do I correlate a search with an extracted field? Hello, I'm looking for something simple, but I can't seem to wrap my head around it. I have this log entry for exam... by rsulliman New Member in Splunk Search 11-26-2018 0 1	0	1