Splunk Search

Community Activity

How come only one of many fields is not extracting? I have a weird behavior in my environment. When I get new data, I parse them using my regex (= as delimiter between ... by shayhibah Path Finder in Splunk Search 10-25-2018 0 6	0	6
How do I count occurrences with wildcard in count by field? Hi, I have the following values from my search result: /api/v2/nodes/107757943/nodes /api/v2/nodes/107758003/nodes... by mhornste Path Finder in Splunk Search 10-25-2018 1 4	1	4
Can you help me break my search up into two smaller ones? I have a query that is taking up too many resources I am told. I decided to break it up into two smaller reports (on... by bealm New Member in Splunk Search 10-25-2018 0 3	0	3
Splunk dbxquery to call stored procedure with subsearch to populate parameter not working I have two working Splunk queries as follows. The first one takes in an IP Address and datetime and returns a Mac Ad... by rdclark Engager in Splunk Search 10-25-2018 0 1	0	1
Why is HTTP is working while HTTPS is not? Hi, I tried to enable SSL on my Splunk instances. A few of them were successful. Some of them(specifically none of t... by graju89 Path Finder in Splunk Search 10-25-2018 0 2	0	2
In a statistics table, how do I make it so a row hides when clicked upon? Hello guys I want to hide the row of a table after clicking on a cell on this table. I guess I should look for JS so... by denys_k Explorer in Splunk Search 10-25-2018 0 2	0	2
Feature Suggestion: Panel-local variables for prebuilt panels Prebuilt panels would be more useful if they allowed local variables. This would parallel the way macros allow argum... by madkins23 New Member in Splunk Search 10-25-2018 0 1	0	1
Merge tables by aligning fields with same value Hello, I have two tables listed below. The small table is a subset of the large table. Large_table S... by Thuan Explorer in Splunk Search 10-24-2018 0 0	0	0
Use a lookup file to show IP name Hello,I have a csv file ,and I use it as a lookup table, it has two fields : IP,IP Name; \| inputlookup ip_name.csv ... by WXY Path Finder in Splunk Search 10-24-2018 0 1	0	1
How to increase the maximum number of conditions in a splunk search? Hi there, I have a search below: host = xxx.xxx.xxx.xxx AND duration \| rex field=_raw (something) \| rex field=_raw (... by zongwei New Member in Splunk Search 10-24-2018 0 2	0	2
Field extraction for IP ADFS Logs Hello, I found one post but the REGEX search didn't work. How would I extract the IP into a new field that comes aft... by donaldmayo New Member in Splunk Search 10-24-2018 0 1	0	1
Can eventstats or streamstats be used with accelerated data model searches? We are looking to convert most if not all of our existing searches and correlation rules to search against accelerate... by john_dagostino Path Finder in Splunk Search 10-24-2018 0 3	0	3
How to compare two CSVs and see what's missing from the original? Hi, consider these two CSVs septemberheros.csv: name alias best_power origin clark superman fl... by russell120 Communicator in Splunk Search 10-24-2018 0 3	0	3
How to find a difference between two times which are off by two different formats and set an alert if the difference is more than 10mins? Hi, I have a query which returns two columns Time1 which is _time and one more column Time 2 which is user calculat... by sangs8788 Communicator in Splunk Search 10-24-2018 0 3	0	3
Can you help me with the following regex expression? I have events from which I need to extract the strings that fall before the string "raced to road" Here is a sample ... by zacksoft Contributor in Splunk Search 10-24-2018 0 6	0	6
After upgrading to Splunk 7.2, how come I'm unable to sort or click on links? My team recently upgraded to Splunk 7.2, but unfortunately, I am unable to click on any links under reports, alerts, ... by jdibblee New Member in Splunk Search 10-24-2018 0 1	0	1
How do I join different events on an ID with different source types? Hello everybody, I have many messages with two different source types and an ID and a information field. For every I... by nikosattlermhp Engager in Splunk Search 10-24-2018 0 1	0	1
How to search for which users were logged in to a machine at a certain time or date on linux given the workstation name ? I have the workstation name and IP address — how do I find out which users were logged in to the machine (Linux) and ... by ibrahima New Member in Splunk Search 10-24-2018 0 2	0	2
How to group data in a table by 2 or more fields from different sources joined with coalesce? Hi Guys, I have a question regarding grouping in tables. I have sets of data from 2 sources monitoring a transaction... by marcvf1 Engager in Splunk Search 10-24-2018 0 3	0	3
How do I add every two rows into a seperate column? I want to add every two rows in a column and display them in new column as new total: Column1 1 2 5 7 8 9 NewTotal... by akhera New Member in Splunk Search 10-24-2018 0 3	0	3
How do I compare multiple fields between two CSV files? Hi. I'm attempting to compare an inventory master list (lookup file) to a weekly inventory list (lookup file) display... by russell120 Communicator in Splunk Search 10-23-2018 0 5	0	5
How do you pull field values from an outer query to show in final table where inner query uses the map command? I have a log file from which I extract the below table of test results, where each test result row describes a partic... by bobkaz New Member in Splunk Search 10-23-2018 0 4	0	4
How do I limit the following search of the assetIds with the 10 highest calls? Here's my query: index=dcg_prod handler=CanIplay sc=200\|chart count as "calls" by assetId I want to limit this qu... by moizmmz Path Finder in Splunk Search 10-23-2018 0 2	0	2
How do I extract the response time from the following log? INFO -Transaction successful. Time taken to get Response in millis:29; XURA Response Content:\u003c?xml version="1.0... by yograjpatel New Member in Splunk Search 10-23-2018 0 3	0	3
How to convert Decimal IP address to dotted quad IPv4 using SPL ? Hello Guys, I'm working on Data which is exported by telecom devices and IPs is exported in Decimal format as 170468... by Muwafi Path Finder in Splunk Search 10-23-2018 0 10	0	10