Splunk Search

Community Activity

Can you help me with this subsearch Question using Splunk's TimeWrap command? I have this query that uses the timewrap command that I want to insert a subsearch instead of a 'fixed' value ( 193 )... by bobbieluturner New Member in Splunk Search 10-18-2018 0 3	0	3
How do I remove empty rows in the result fields? Folks !! I'm struggling with removing empty rows from the result fields in my results. In my results, i've got many ... by leninkp3005 Explorer in Splunk Search 10-18-2018 1 5	1	5
How to pass field values from initial search to further searches I have some ironport logs that I am trying to tie together within Splunk without much success. Currently I have a se... by jakewhittet Explorer in Splunk Search 10-18-2018 0 0	0	0
How to include values from a search in a subsearch? I have some ironport logs that I am trying to tie together within Splunk without much success. Currently I have a se... by jakewhittet Explorer in Splunk Search 10-18-2018 0 0	0	0
is there a search to find out which users (Pulling username from AD on windows) were logged on to a machine at a certain time or date ? is there a search to find out which users (Pulling username from AD on windows) were logged on to a machine at a cert... by ibrahima New Member in Splunk Search 10-18-2018 0 0	0	0
rename default fields i'm using a NIFI flow to send in 3 values (host, message, moreData). I want to use host passed in from nifi as a JSON... by moorvogi Path Finder in Splunk Search 10-18-2018 0 0	0	0
How do you apply coloring based on a column value string to the complete row? Hi All, Context X Y Z ABC 98 97 67 DEF 50 45 23 GHI 3 2 1 So, if Context is ABC, i have to apply color coding for ... by bharathkumarnec Contributor in Splunk Search 10-18-2018 0 2	0	2
conditional lookup with catch-all value I am looking to retrieve the following a field from a lookup table depending on the lookup result of two fields as fo... by thezen Explorer in Splunk Search 10-18-2018 0 5	0	5
How do you find true or false value in the following string? Hi, I have to find the value of true or false from the following string in logfile. Below are 2 strings with either ... by abhishekgandhe Explorer in Splunk Search 10-18-2018 0 6	0	6
Compare field with lookup Hi I have a lookup table containg the host name and a software version hostlookup.csv hostname,version hostA,2 hos... by mfritsch New Member in Splunk Search 10-18-2018 0 3	0	3
How do you use the timechart command to retrieve top IP by span window with top value in this window? I try to get from iis logs top source IP by requests with the number of requests in every 5 seconds. If I just try to... by evkuzin New Member in Splunk Search 10-18-2018 0 2	0	2
find maximum value of a field by host over the last 7 days I need am trying to find the maximum value of a field(Peak value and time at which it happened everyday) based on a ... by arrangineni Path Finder in Splunk Search 10-17-2018 0 1	0	1
How do I make an alert which triggers if an event's delay is unusually long? I have multiple events such as below: Key points here: New values of event_type may be added randomly and the sched... by matthewg Explorer in Splunk Search 10-17-2018 0 2	0	2
SPLUNK Search derived from Stream app produces strange result... Hi there, when I run this search: index=* source=stream:Splunk_IP \| rex field=src_ip "(?<src1>.)\.(?<src2>.)\.(?<... by heskez Engager in Splunk Search 10-17-2018 0 7	0	7
Quote escaping best practices I'm trying to figure out how I can format my logs such that splunk does not get confused by an escaped quote. I'm cur... by stevennoble Explorer in Splunk Search 10-17-2018 3 5	3	5
Comparing raw data volume Vs indexed data volume How do i compare my raw data volume to the indexed data volume for a specific source type? Can someone help with thi... by gnanaraj_mcc Loves-to-Learn Lots in Splunk Search 10-17-2018 0 1	0	1
How do I return a string field (e.g. FQDN) with an IF statement? I am trying to look up a server (using an input field - $field1$) in my dashboard and pull the most recent alerts for... by josephinemho Path Finder in Splunk Search 10-17-2018 1 0	1	0
Clear textbox value after submit I have a dashboard where I want to use a textbox input to add data to a lookup file. I have managed to get this to ... by garryclarke Path Finder in Splunk Search 10-17-2018 1 6	1	6
How do you extract the following field using the rex command? Additional backup items: /db/cos7j.dump.Z /db/PSCSS.dump.Z /db/imqdb0152.dump.Z I want to extract 0152 from this. by shubhambhagat02 New Member in Splunk Search 10-17-2018 0 10	0	10
Can you help me use the tstats command with a fillnull? Greetings, So, I want to use the tstats command. It's super fast and efficient. But not if it's going to remove im... by chris94089 Path Finder in Splunk Search 10-17-2018 1 2	1	2
How to exclude multiple time ranges in a search? Hi, I would like to execute a search, where several non-overlapping time ranges are excluded. An exclusion time rang... by hbacbs Explorer in Splunk Search 10-17-2018 2 2	2	2
Why is a search for fields added with _meta in inputs.conf not returning any results? Hello, We added several fields with the _meta keyword in inputs.conf. When we search for the fields with "field::val... by rainerzufall Path Finder in Splunk Search 10-17-2018 0 8	0	8
How do I rename field name with dollar and curly braces in name? Hello, I would like to ask you how to rename field name like "${http.headers.ClientSide}". Such names are generate... by ReddySk Explorer in Splunk Search 10-17-2018 0 6	0	6
Can anyone help me split this field into 2? Hi! temp=C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe to... path=C:\Program Files\SplunkUn... by hok2010 New Member in Splunk Search 10-17-2018 0 2	0	2
Why is _time showing in 12 hr format in the following graph? For some reason, my column graph is showing the time in a 12hr (AM or PM) format, which I do not want. The same query... by svijay30 Engager in Splunk Search 10-17-2018 1 2	1	2