Splunk Search

Community Activity

Multiple Searches at the Same Time Is it possible to run multiple searches without having to open multiple browser tabs? Does Splunk have a built in tab... by widomj New Member in Splunk Search 10-15-2018 0 2	0	2
Splunk 7.2 Tstats, Addinfo, and Earliest/Latest Bug? Hello! I've recently upgraded a test server of mine from 6.x.x to 7.2.x to find a weird bug and I'm wondering if any... by jamesmoriarty Explorer in Splunk Search 10-15-2018 1 3	1	3
request optimization with best practices hello I use the request below but i would like to have an example of doing this code more performant following splun... by jip31 Motivator in Splunk Search 10-15-2018 0 2	0	2
How to match two columns based on prefix (Numbers/Letters) and do a loop through each result So we have a lookup and an index : We need to correlate the prefix from the lookup with the data from the index, if... by Sp3ctre11 New Member in Splunk Search 10-14-2018 0 7	0	7
Can you help me with the following Splunk search query? Hi, So i'm having this rule... index=logs sourcetype=console_test_1 "[Status] Discovered" \| rex "<regex rule... by jafarmat New Member in Splunk Search 10-14-2018 0 4	0	4
How do I improve a lookup-stats by output search? Let's say I have a search that immediately goes into a lookup with a filtered kvstore of 1 million events followed by... by landen99 Motivator in Splunk Search 10-14-2018 0 1	0	1
How can I get a timeline of the percentage of a particular error code among a total of logs coming into Splunk? Hi, I'm trying to get a timeline of the percentage of a particular error code among the total of logs. And, based on... by Esperteyu Explorer in Splunk Search 10-14-2018 0 8	0	8
Why can't results can be shown when calculating the difference between two columns from two searches? Here is my query : index="basicdataapi" source="/data/api-process/logs/equitydata-rawdata-producer/application.log" ... by asdusert Engager in Splunk Search 10-14-2018 0 3	0	3
How do I find the latest time project name in each group? I want to group by virtual machine and then find the latest time project name in each group. How would I implement t... by flzhang132 Explorer in Splunk Search 10-13-2018 0 3	0	3
How do I calculate the number of server requests in the last 2 minutes? Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time) by rajhemant26 New Member in Splunk Search 10-13-2018 0 1	0	1
Using regex, how do you extract data when there are special characters? I am trying to create a Regular Expression string which could extract several key pieces of data from a syslog event ... by meinfan New Member in Splunk Search 10-13-2018 0 1	0	1
How can I group IP addresses together to exclude them from my searches? Hello, I'm new to Splunk and I was just wondering: how can I group IP addresses together to exclude them from my se... by wraithman2222 New Member in Splunk Search 10-13-2018 0 2	0	2
Why Does Search Head Cluster Replication Fail with large lookup table Replication is failing with the following error. 07-12-2015 21:08:45.859 +0000 WARN ConfReplicationThread - Error... by faol Explorer in Splunk Search 10-12-2018 0 4	0	4
How can I group last results into OTHERS? Hi, I have a search that gives me results as below "Country" "Sales" "Total Sales" "Percentage" A... by anoopk1981 New Member in Splunk Search 10-12-2018 0 19	0	19
How do I compare one field from multiple results over time? I'm pretty new to Splunk and have been messing around with searches. However, I am struggling to get to grips with wh... by luke222010 Engager in Splunk Search 10-12-2018 0 1	0	1
How can index specific event in log? Hello I hope can you help me For example I have this event in log: 18-05-30;15:38:06.282 \hola.1,237 aaaaaa bbb ccc... by rjfv8205 Path Finder in Splunk Search 10-12-2018 0 1	0	1
How do I match two fields from the same join command? Splunkers, Search String: admon-user-lookup-update \| eval src_user = (cn) \| fields src_nt_domain, displayName, c... by matthew_foos Path Finder in Splunk Search 10-12-2018 0 3	0	3
Can you help me create a lookup table for fields coming from Azure Monitoring Data Add-On? We're using the Azure Monitoring Data Add-on to integrate Splunk and Azure. The Azure events have the subscription I... by donaldwayne1975 Path Finder in Splunk Search 10-12-2018 0 1	0	1
How do I create a new summarized field based on other field values? Hi guys First of all, please excuse, I'm an absolute newbie in regards to Splunk. I'm trying to do the following. Fr... by memorecks New Member in Splunk Search 10-12-2018 0 1	0	1
How do you get join functionality without using subsearch? Hey Splunkers, Here is my original query where the sub search is getting truncated to 50000 records. index = abc so... by djain Path Finder in Splunk Search 10-12-2018 0 11	0	11
Will you help me enumerate some duplicate records returned in a search into another field? Greetings! I have duplicate data. But that's ok. I actually don't want to just remove my dupes, I want to create a... by chris94089 Path Finder in Splunk Search 10-12-2018 0 6	0	6
File Deletion search query Hi All, Actually in one of my server, some files has been deleted from the file path C\Windows\Systems32\drivers\etc... by mailmetoramu Explorer in Splunk Search 10-12-2018 0 10	0	10
How do you find the average count within a time range? I have the following search that shows users who are continuously being infected over a 30 day period: index=foo \| s... by jwalzerpitt Influencer in Splunk Search 10-12-2018 1 6	1	6
How do I split an event with extracted fields into rows? Hello all, I've used the following SPL to extract some fields from my logs. I got the following result. My issue... by shaheelkhan59 New Member in Splunk Search 10-12-2018 0 3	0	3
What should be the sequence of using dedup and sort together in a query? When dedup is used before sort in a query, the number of events returned is greater than the vice versa. by prachi0693 New Member in Splunk Search 10-12-2018 0 1	0	1