Splunk Search

Community Activity

Can you do lookups on the (searchtime) auto-extracted fieldnames themselves? I have SNMP logs that come in with a large variety of keyvalue pairs. The key side is translated at the trap level on... by dbergstr New Member in Splunk Search 11-16-2018 0 0	0	0
What is the best method to add a field based upon another field? Hi, I have a number of pre-existing date fields from Nessus that are reported in epoch format. I'd like to add a ne... by a212830 Champion in Splunk Search 11-16-2018 0 4	0	4
Does Splunk Mint is compatible with 6.6? Does Splunk Mint is updated and compatible with enterprise 6.6? by vinaykata Path Finder in Splunk Search 11-16-2018 0 2	0	2
When changing host value using transforms.conf, how do I set the host value to something based on a regex? I'm very new to Splunk. I'm trying to use transforms.conf and props.conf to set the host value to something based on ... by dfetcher Engager in Splunk Search 11-16-2018 0 2	0	2
Conditionals - is there a way in splunk to sum field A if Field B does NOT contain a specific word? I'm new to splunk and it's a little over my head. Please forgive me. I loaded data from a csv file into splunk. The c... by handygecko Explorer in Splunk Search 11-16-2018 0 5	0	5
How do you get a table of most recent events with multiple fields? I have events that are performance metrics taken over time. It includes fields like the sample value and object it pe... by rsrcno New Member in Splunk Search 11-16-2018 0 1	0	1
Why are Props & transforms not taking effect when trying to hide ipclient? Hello community, I am trying to configure my props.conf and transforms.conf to hide ipclient when indexing data. I ... by virtuosoo Explorer in Splunk Search 11-16-2018 0 3	0	3
Multiple rex commands no longer works in Fast/Smart mode? In Splunk 6.6.1, it seems like multiple rex commands with the same field name does no longer work in Fast or Smart mo... by mattiaslindblom Explorer in Splunk Search 11-16-2018 2 20	2	20
What are the two ways to list indexes available in splunk search head ? Hi All, I had two question's on splunk. 1) How to list the indexes details available in splunk search heads? 2) ... by Hemnaath Motivator in Splunk Search 11-16-2018 0 5	0	5
What is the proper regex syntax to use rex to create 4 new fields? I have a log line that looks like the following: 2014-11-28 19:28:42 smx02 postfix/smtp[57736]: 6F7471C73AC_479133AF... by akelly4 Path Finder in Splunk Search 11-16-2018 0 3	0	3
Can you help me build the regex that would extract a filename without filenamenumber and extension? Hi, i am not familiar with regex and am trying to extract only the filename from the following data without the numb... by ugruner Explorer in Splunk Search 11-16-2018 0 1	0	1
Where is the .conf file for the lookup definition? I've looked hard, but I can't seem to find the .conf file of Lookup Definition. I know it can be done on the user int... by morethanyell Builder in Splunk Search 11-16-2018 0 2	0	2
Can I optimize an mvzip, mvappend, and mvexpand combination for creating additional events? Hello, I am looking for optimization advice for a use case in which I need to create new event data and then calcula... by andrewtrobec Motivator in Splunk Search 11-16-2018 0 3	0	3
How do you get sklearn algorithm to work in Splunk? I have added another algorithm SVR in Splunk Enterprise with the way on the website below, and it works. But I'm conf... by rickyhsu7 Explorer in Splunk Search 11-16-2018 0 1	0	1
Why do my results appear and then disappear on a map? Dear All, I have a geostats search that is providing a mapped view of events over a single area. It is like this: i... by BlueSocket Contributor in Splunk Search 11-16-2018 1 9	1	9
How do you perform a search based on lookup values? Hello, I'm trying to do an outer join, but without actually using a join, I have a lookup with names and based on t... by ndaniel88 Explorer in Splunk Search 11-15-2018 0 3	0	3
Splunk Tableau ODBC connection and date field parsing We are connecting to Splunk from Tableau via ODBC. It worked fine for most of the time. Recently we are facing [Spl... by ngantla New Member in Splunk Search 11-15-2018 0 0	0	0
What is the best practice to perform a query using distributed search? Hello Splunkers, I've a issue with my distributed searches. I've one search head and 2 indexers. Both indexers are ... by danje57 Path Finder in Splunk Search 11-15-2018 0 2	0	2
Why is the transaction command not working? Hello Everyone...I have the below query and I want to evict transactions that starts with Message arrived but not end... by ramprakash Explorer in Splunk Search 11-15-2018 0 1	0	1
External search command 'ldapfetch' returned error code 1. Script output = "error_message=Missing required value for alternatedomain in ldap/DOMAIN. " I keep receiving the error "External search command 'ldapfetch' returned error code 1. Script output = "error_message... by msteffes New Member in Splunk Search 11-15-2018 0 2	0	2
Can you help me come up with the regex to get the domain + scheme? Hi, I tried many things but I still cannot get to the correct result. my field value looks like this http://34.223... by jtotzek Explorer in Splunk Search 11-15-2018 0 5	0	5
How do I show nested field in one box in a table? How can I get the nested JSON in this field called "Message" (see below) with the nested fields (here currentMessage)... by nikosattlermhp Engager in Splunk Search 11-15-2018 0 0	0	0
How do you exclude two matching field values in a search? Hello, I want to make a very specific exclusion from my search. In my case, there are two different field names I am... by johann2017 Explorer in Splunk Search 11-15-2018 0 2	0	2
use streamstats for checking multiple column values How can I use streamstats for checking multiple column values.(With or without foreach command for multiple columns) by sahil237888 Path Finder in Splunk Search 11-15-2018 0 9	0	9
Why is an unknown value showing up in my search? One of my dashboards reflects some data which actually isn't present in the data input. It might have been present be... by rpradeep Path Finder in Splunk Search 11-15-2018 0 15	0	15