Splunk Search

Community Activity

How do you apply coloring based on a column value string to the complete row? Hi All, Context X Y Z ABC 98 97 67 DEF 50 45 23 GHI 3 2 1 So, if Context is ABC, i have to apply color coding for ... by bharathkumarnec Contributor in Splunk Search 10-18-2018 0 2	0	2
conditional lookup with catch-all value I am looking to retrieve the following a field from a lookup table depending on the lookup result of two fields as fo... by thezen Explorer in Splunk Search 10-18-2018 0 5	0	5
How do you find true or false value in the following string? Hi, I have to find the value of true or false from the following string in logfile. Below are 2 strings with either ... by abhishekgandhe Explorer in Splunk Search 10-18-2018 0 6	0	6
Compare field with lookup Hi I have a lookup table containg the host name and a software version hostlookup.csv hostname,version hostA,2 hos... by mfritsch New Member in Splunk Search 10-18-2018 0 3	0	3
How do you use the timechart command to retrieve top IP by span window with top value in this window? I try to get from iis logs top source IP by requests with the number of requests in every 5 seconds. If I just try to... by evkuzin New Member in Splunk Search 10-18-2018 0 2	0	2
find maximum value of a field by host over the last 7 days I need am trying to find the maximum value of a field(Peak value and time at which it happened everyday) based on a ... by arrangineni Path Finder in Splunk Search 10-17-2018 0 1	0	1
How do I make an alert which triggers if an event's delay is unusually long? I have multiple events such as below: Key points here: New values of event_type may be added randomly and the sched... by matthewg Explorer in Splunk Search 10-17-2018 0 2	0	2
SPLUNK Search derived from Stream app produces strange result... Hi there, when I run this search: index=* source=stream:Splunk_IP \| rex field=src_ip "(?<src1>.)\.(?<src2>.)\.(?<... by heskez Engager in Splunk Search 10-17-2018 0 7	0	7
Quote escaping best practices I'm trying to figure out how I can format my logs such that splunk does not get confused by an escaped quote. I'm cur... by stevennoble Explorer in Splunk Search 10-17-2018 3 5	3	5
Comparing raw data volume Vs indexed data volume How do i compare my raw data volume to the indexed data volume for a specific source type? Can someone help with thi... by gnanaraj_mcc Loves-to-Learn Lots in Splunk Search 10-17-2018 0 1	0	1
How do I return a string field (e.g. FQDN) with an IF statement? I am trying to look up a server (using an input field - $field1$) in my dashboard and pull the most recent alerts for... by josephinemho Path Finder in Splunk Search 10-17-2018 1 0	1	0
Clear textbox value after submit I have a dashboard where I want to use a textbox input to add data to a lookup file. I have managed to get this to ... by garryclarke Path Finder in Splunk Search 10-17-2018 1 6	1	6
How do you extract the following field using the rex command? Additional backup items: /db/cos7j.dump.Z /db/PSCSS.dump.Z /db/imqdb0152.dump.Z I want to extract 0152 from this. by shubhambhagat02 New Member in Splunk Search 10-17-2018 0 10	0	10
Can you help me use the tstats command with a fillnull? Greetings, So, I want to use the tstats command. It's super fast and efficient. But not if it's going to remove im... by chris94089 Path Finder in Splunk Search 10-17-2018 1 2	1	2
How to exclude multiple time ranges in a search? Hi, I would like to execute a search, where several non-overlapping time ranges are excluded. An exclusion time rang... by hbacbs Explorer in Splunk Search 10-17-2018 2 2	2	2
Why is a search for fields added with _meta in inputs.conf not returning any results? Hello, We added several fields with the _meta keyword in inputs.conf. When we search for the fields with "field::val... by rainerzufall Path Finder in Splunk Search 10-17-2018 0 8	0	8
How do I rename field name with dollar and curly braces in name? Hello, I would like to ask you how to rename field name like "${http.headers.ClientSide}". Such names are generate... by ReddySk Explorer in Splunk Search 10-17-2018 0 6	0	6
Can anyone help me split this field into 2? Hi! temp=C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe to... path=C:\Program Files\SplunkUn... by hok2010 New Member in Splunk Search 10-17-2018 0 2	0	2
Why is _time showing in 12 hr format in the following graph? For some reason, my column graph is showing the time in a 12hr (AM or PM) format, which I do not want. The same query... by svijay30 Engager in Splunk Search 10-17-2018 1 2	1	2
How do you fetch table data from join table? There are two tables: "Table A" is a detailed information, and the "Table B" is the primary key. The two tables are ... by flzhang132 Explorer in Splunk Search 10-17-2018 0 4	0	4
count value per minute and then sum the count per hour I have the query that gives me the results I need. I just wanted to ask the gurus out here to look at my SPL and if ... by mmdacutanan Explorer in Splunk Search 10-16-2018 0 0	0	0
Hi All, how can i take result (which is a macro ) of inputlookup table and use that result to extract data from the macro ?? \| inputlookup ED_ENDI_Digital_Flow \| search Flow="ED_ENDI_FLOW_" \| search Step="ED_ENDI_STEP" \| rex field=Step "ED... by Anantha123 Communicator in Splunk Search 10-16-2018 0 3	0	3
Your maximum disk usage quota has been reached - WHat does this mean? When I try to run a search in Splunk Web, I see this error message - Your maximum disk usage quota has been reached... by mctester Communicator in Splunk Search 10-16-2018 7 5	7	5
How to append values from a field to all values of a multivalued field? Hi All, I have a multivalued field. I want to take values from one field and append the same to all the values of a... by kabiraj Path Finder in Splunk Search 10-16-2018 0 7	0	7
Trendline to work grouped by field Hi, My intention is to measure the 2 hour moving average of the events with X201 reason code ratio compared to the t... by Esperteyu Explorer in Splunk Search 10-16-2018 1 2	1	2