Splunk Search

Community Activity

Sorting chart headers (dates) by descending I am trying to sort the column headers of a chart (dates) so they appear with the most recent date on the far left. I... by lukepatrick Explorer in Splunk Search 11-12-2018 0 0	0	0
Stats sum command experiencing strange behavior after 7.2.0 upgrade Hi Folks; So getting a very bizaare issue here after our upgrade to 7.2 index="app_rocket_dxs" sourcetype="fluentd_... by paimonsoror Builder in Splunk Search 11-12-2018 0 4	0	4
Get metrics from events in between 2 events I want to get metrics from events which occur between 2 events(eg: Job Start, Job end). This job event runs every 1h... by rajeshad45 Engager in Splunk Search 11-12-2018 1 1	1	1
How come our negative field search is looking in all the fields instead of the searched field? I have a Splunk local installation that is having some strange behavior. The search is filtered by negative field ext... by jonaspereira New Member in Splunk Search 11-12-2018 0 1	0	1
Pull back metadata against 2 fields in a lookup Hi, I have a lookup file containing hostnames and IP addresses, either of which can be logged in splunk against the ... by jacqu3sy Path Finder in Splunk Search 11-12-2018 0 0	0	0
How to add own IP locations into the GeoLite2-City.mmdb Hello, I applied successfully the tool at github Customizing-Maxmind-IP-Geo-DB-for-Internal-Networks https://gith... by graether Path Finder in Splunk Search 11-12-2018 0 6	0	6
How to split only alphanumeric strings in line of data with separated by "-" Hi , How to get the alphanumeric string from below data. inputs : ABCD-47440c7534d1a13d7d462860-90d2aa5bb3b20184-1... by asplunk789 Loves-to-Learn Everything in Splunk Search 11-12-2018 0 1	0	1
Adding Empty JSON Array Count To Chart Below, I have a chart being created which is supposed to show how many times we see each tag we find in a "tags" arra... by samkass New Member in Splunk Search 11-11-2018 0 2	0	2
Can spath cater for missing values in an array? Hi, I have a nested array and I want to compare values across I've a query that works, apart from when a value is ... by ewanbrown Path Finder in Splunk Search 11-11-2018 1 1	1	1
understanding how delta and streamstats handles no value This is my search to simulate the data i need to illustrate: \| makeresults \| eval data = " 1-Sep 7820592; 2... by HattrickNZ Motivator in Splunk Search 11-11-2018 0 0	0	0
How do you build an alert that triggers when a file is moved to a monitored folder? I'm trying to build an alert that triggers when a file is moved to an Error folder within the system we are monitorin... by kozanic_FF Path Finder in Splunk Search 11-11-2018 0 7	0	7
search requires stitching together two distinct events from a single sourcetype i require some assistance in my search query where i need to search a mail log to extract the highest recipients by m... by danesh_shah New Member in Splunk Search 11-10-2018 0 5	0	5
Improve TSTATS performance (dispatch.localSearch) command with more Indexers(Search nodes)? HI I have the following tstat command that takes ~30 seconds (dispatch.localSearch) is the main slowness . I have b... by robertlynch2020 Influencer in Splunk Search 11-10-2018 0 16	0	16
How can I search for a particular string in a larger string? I am running the following query: index=uplynk slice_played \| rex field=_raw "^(?<date>\S)\s(?<time>\S)\s(?<slic... by moizmmz Path Finder in Splunk Search 11-09-2018 0 7	0	7
Sequential automatic lookups not working... Here is my props.conf for the Qualys vulnerability data: [qualys:hostDetection] LOOKUP-2_qualys_nvd_lookup = nvd_db_... by responsys_cm Builder in Splunk Search 11-09-2018 0 3	0	3
Can you help me with the following field extraction issue? Hi, I have a weird problem. I have a field called 'playerUserAgent' which returns the following sample of values: ... by moizmmz Path Finder in Splunk Search 11-09-2018 0 7	0	7
How do I correlate email events when the key-id is not defined in all events? So I have correlated email events before where there was a UID defined as a field for all transactions of a unique em... by Log_wrangler Builder in Splunk Search 11-09-2018 0 3	0	3
Can you help me work out a query involving distribution percentages? Hi Splunk Community, I have a simple query which pulls request counts in per node. sourcetype=test-log New Line \| ... by luckyman80 Path Finder in Splunk Search 11-09-2018 0 2	0	2
How do you create a static table for a lookup file? I have kind of a silly question that I am embarrassed to admit has stumped me for a little while. I have a small li... by _smp_ Builder in Splunk Search 11-09-2018 0 3	0	3
debugging when columns are not filled out How does one debug searches when you expect a column to be filled out yet its not? sourcetype=mongo_stats \| stream... by tb5821 Communicator in Splunk Search 11-09-2018 0 2	0	2
How to carry forward values of a field to next event till it changes? My goal is to see the availability of NSG devices in percentage. Each NSG is connected to 4 VSCs. If connection to : ... by achoudhary1 New Member in Splunk Search 11-09-2018 0 0	0	0
How do I make it so time conversion always has epoch start at midnight regardless of DST? I have the following SPL. I am trying to calculate days i want to look up for data. Instead of trying to load a who... by wjrbrady Engager in Splunk Search 11-09-2018 0 5	0	5
Why does the position of my dedup command in a query alter the results of my statistics? My problem is that I cannot understand why I get a different statistics number depending on wether I place the dedup ... by net1993 Path Finder in Splunk Search 11-09-2018 0 6	0	6
How can I search for all fields that have a certain string? Hello How can I get only results for specific fields where field name is like something ? fx. get all fields which... by net1993 Path Finder in Splunk Search 11-09-2018 0 12	0	12
Are values() returned by Splunk in a search sorted alphabetically? I couldn't find any documentation except that values(), when used in transforming commands, performs dedup. But there... by morethanyell Builder in Splunk Search 11-09-2018 0 7	0	7