Splunk Search

Community Activity

How do I return a string field (e.g. FQDN) with an IF statement? I am trying to look up a server (using an input field - $field1$) in my dashboard and pull the most recent alerts for... by josephinemho Path Finder in Splunk Search 10-17-2018 1 0	1	0
Clear textbox value after submit I have a dashboard where I want to use a textbox input to add data to a lookup file. I have managed to get this to ... by garryclarke Path Finder in Splunk Search 10-17-2018 1 6	1	6
How do you extract the following field using the rex command? Additional backup items: /db/cos7j.dump.Z /db/PSCSS.dump.Z /db/imqdb0152.dump.Z I want to extract 0152 from this. by shubhambhagat02 New Member in Splunk Search 10-17-2018 0 10	0	10
Can you help me use the tstats command with a fillnull? Greetings, So, I want to use the tstats command. It's super fast and efficient. But not if it's going to remove im... by chris94089 Path Finder in Splunk Search 10-17-2018 1 2	1	2
How to exclude multiple time ranges in a search? Hi, I would like to execute a search, where several non-overlapping time ranges are excluded. An exclusion time rang... by hbacbs Explorer in Splunk Search 10-17-2018 2 2	2	2
Why is a search for fields added with _meta in inputs.conf not returning any results? Hello, We added several fields with the _meta keyword in inputs.conf. When we search for the fields with "field::val... by rainerzufall Path Finder in Splunk Search 10-17-2018 0 8	0	8
How do I rename field name with dollar and curly braces in name? Hello, I would like to ask you how to rename field name like "${http.headers.ClientSide}". Such names are generate... by ReddySk Explorer in Splunk Search 10-17-2018 0 6	0	6
Can anyone help me split this field into 2? Hi! temp=C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe to... path=C:\Program Files\SplunkUn... by hok2010 New Member in Splunk Search 10-17-2018 0 2	0	2
Why is _time showing in 12 hr format in the following graph? For some reason, my column graph is showing the time in a 12hr (AM or PM) format, which I do not want. The same query... by svijay30 Engager in Splunk Search 10-17-2018 1 2	1	2
How do you fetch table data from join table? There are two tables: "Table A" is a detailed information, and the "Table B" is the primary key. The two tables are ... by flzhang132 Explorer in Splunk Search 10-17-2018 0 4	0	4
count value per minute and then sum the count per hour I have the query that gives me the results I need. I just wanted to ask the gurus out here to look at my SPL and if ... by mmdacutanan Explorer in Splunk Search 10-16-2018 0 0	0	0
Hi All, how can i take result (which is a macro ) of inputlookup table and use that result to extract data from the macro ?? \| inputlookup ED_ENDI_Digital_Flow \| search Flow="ED_ENDI_FLOW_" \| search Step="ED_ENDI_STEP" \| rex field=Step "ED... by Anantha123 Communicator in Splunk Search 10-16-2018 0 3	0	3
Your maximum disk usage quota has been reached - WHat does this mean? When I try to run a search in Splunk Web, I see this error message - Your maximum disk usage quota has been reached... by mctester Communicator in Splunk Search 10-16-2018 7 5	7	5
How to append values from a field to all values of a multivalued field? Hi All, I have a multivalued field. I want to take values from one field and append the same to all the values of a... by kabiraj Path Finder in Splunk Search 10-16-2018 0 7	0	7
Trendline to work grouped by field Hi, My intention is to measure the 2 hour moving average of the events with X201 reason code ratio compared to the t... by Esperteyu Explorer in Splunk Search 10-16-2018 1 2	1	2
Can you help me with my non overlapping time window query? Min and Max are _time min and max values per database. Any ideas on how can I find when a MIN is higher than another ... by tamakg Path Finder in Splunk Search 10-16-2018 0 1	0	1
Multiple queries for single value panel? I have some index=job_console source="DEV2" "Finished:" \| sort - _time <_time value here> Result: 2018-10-16T12:... by pshangguan New Member in Splunk Search 10-16-2018 0 0	0	0
How do I extract a year and use as a chart? I have a csv lookup that has the date in MM/DD/YYYY format. I managed to get the data into splunk with DBConnect. Ult... by devfrag New Member in Splunk Search 10-16-2018 0 1	0	1
How do I find matching events that occurred in the last 15 minutes? I'm pretty new to Splunk and am learning every day. I have this search and I have to create an alert if more than 2 ... by vwilson3 Path Finder in Splunk Search 10-16-2018 0 1	0	1
How to use a wildcard with a where clause? Hi - I wish to use a wildcard in the where clause in the below query can someone help? index=whatever* sourcetype=se... by allladin101 Explorer in Splunk Search 10-16-2018 2 8	2	8
How do I insert values for different fields in different rows? HI, My data is like , Sno Name URL Column2 1 A Null Null 2 Null https:/ N... by umsundar2015 Path Finder in Splunk Search 10-16-2018 0 5	0	5
Is it possible to change case of a column name? I would like to change case of column name. Is it possible. My column name changes at run time and is not known at th... by ma_anand1984 Contributor in Splunk Search 10-16-2018 0 5	0	5
How can I combine two queries based on chronological order? I have two searches and I am trying to join start and stop post based on event name. Problem is event name could be t... by dukie New Member in Splunk Search 10-16-2018 0 1	0	1
How do I merge 2 fields (or more)? Hi there, How to merge 2 fields? I have to merge First_Name field with Last_Name field to result in Employee_Name ... by bogdan_nicolesc Communicator in Splunk Search 10-16-2018 0 1	0	1
Can you help me come up with a regex for an API path? Hi Community, Sorry this should be easiest for you, but i have many problem with regex .... i want to keep the firs... by serviceinfrastr Explorer in Splunk Search 10-16-2018 0 2	0	2