Splunk Search

Community Activity

Real Time Search Visualisation works briefly then gives wrong results I am running the following search: index=fi \| stats last(BP) as start,first(BP) as last by Name \| eval diff=last-sta... by luke222010 Engager in Splunk Search 10-15-2018 0 0	0	0
How do I pass an event's field value from a subsearch to an eval statement to retrieve another field? How do I pass an event's field value into a subsearch to retrieve another field? At the moment, I can't use join bec... by junxianli Explorer in Splunk Search 10-15-2018 4 4	4	4
Can you help me with the following search using a lookup? Hi, We are frequently required to validate that data is being received by Splunk from multiple servers. The lists o... by a212830 Champion in Splunk Search 10-15-2018 0 5	0	5
Is it possible to use an inputlookup command with an OR statement? Hi, I have a query that uses this search to look for hosts that we need to validate: \|tstats count WHERE index=* AN... by a212830 Champion in Splunk Search 10-15-2018 0 5	0	5
How do I make a regex expression to remove "=20" and more? So here are the results from my "Scanned" field: 20Certificates.pdf 20from=20GLA-PTX164760.pdf 20from=20a=20Xerox.pd... by dsmeerkat Explorer in Splunk Search 10-15-2018 0 1	0	1
Multiple Searches at the Same Time Is it possible to run multiple searches without having to open multiple browser tabs? Does Splunk have a built in tab... by widomj New Member in Splunk Search 10-15-2018 0 2	0	2
Splunk 7.2 Tstats, Addinfo, and Earliest/Latest Bug? Hello! I've recently upgraded a test server of mine from 6.x.x to 7.2.x to find a weird bug and I'm wondering if any... by jamesmoriarty Explorer in Splunk Search 10-15-2018 1 3	1	3
request optimization with best practices hello I use the request below but i would like to have an example of doing this code more performant following splun... by jip31 Motivator in Splunk Search 10-15-2018 0 2	0	2
How to match two columns based on prefix (Numbers/Letters) and do a loop through each result So we have a lookup and an index : We need to correlate the prefix from the lookup with the data from the index, if... by Sp3ctre11 New Member in Splunk Search 10-14-2018 0 7	0	7
Can you help me with the following Splunk search query? Hi, So i'm having this rule... index=logs sourcetype=console_test_1 "[Status] Discovered" \| rex "<regex rule... by jafarmat New Member in Splunk Search 10-14-2018 0 4	0	4
How do I improve a lookup-stats by output search? Let's say I have a search that immediately goes into a lookup with a filtered kvstore of 1 million events followed by... by landen99 Motivator in Splunk Search 10-14-2018 0 1	0	1
How can I get a timeline of the percentage of a particular error code among a total of logs coming into Splunk? Hi, I'm trying to get a timeline of the percentage of a particular error code among the total of logs. And, based on... by Esperteyu Explorer in Splunk Search 10-14-2018 0 8	0	8
Why can't results can be shown when calculating the difference between two columns from two searches? Here is my query : index="basicdataapi" source="/data/api-process/logs/equitydata-rawdata-producer/application.log" ... by asdusert Engager in Splunk Search 10-14-2018 0 3	0	3
How do I find the latest time project name in each group? I want to group by virtual machine and then find the latest time project name in each group. How would I implement t... by flzhang132 Explorer in Splunk Search 10-13-2018 0 3	0	3
How do I calculate the number of server requests in the last 2 minutes? Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time) by rajhemant26 New Member in Splunk Search 10-13-2018 0 1	0	1
Using regex, how do you extract data when there are special characters? I am trying to create a Regular Expression string which could extract several key pieces of data from a syslog event ... by meinfan New Member in Splunk Search 10-13-2018 0 1	0	1
How can I group IP addresses together to exclude them from my searches? Hello, I'm new to Splunk and I was just wondering: how can I group IP addresses together to exclude them from my se... by wraithman2222 New Member in Splunk Search 10-13-2018 0 2	0	2
Why Does Search Head Cluster Replication Fail with large lookup table Replication is failing with the following error. 07-12-2015 21:08:45.859 +0000 WARN ConfReplicationThread - Error... by faol Explorer in Splunk Search 10-12-2018 0 4	0	4
How can I group last results into OTHERS? Hi, I have a search that gives me results as below "Country" "Sales" "Total Sales" "Percentage" A... by anoopk1981 New Member in Splunk Search 10-12-2018 0 19	0	19
How do I compare one field from multiple results over time? I'm pretty new to Splunk and have been messing around with searches. However, I am struggling to get to grips with wh... by luke222010 Engager in Splunk Search 10-12-2018 0 1	0	1
How can index specific event in log? Hello I hope can you help me For example I have this event in log: 18-05-30;15:38:06.282 \hola.1,237 aaaaaa bbb ccc... by rjfv8205 Path Finder in Splunk Search 10-12-2018 0 1	0	1
How do I match two fields from the same join command? Splunkers, Search String: admon-user-lookup-update \| eval src_user = (cn) \| fields src_nt_domain, displayName, c... by matthew_foos Path Finder in Splunk Search 10-12-2018 0 3	0	3
Can you help me create a lookup table for fields coming from Azure Monitoring Data Add-On? We're using the Azure Monitoring Data Add-on to integrate Splunk and Azure. The Azure events have the subscription I... by donaldwayne1975 Path Finder in Splunk Search 10-12-2018 0 1	0	1
How do I create a new summarized field based on other field values? Hi guys First of all, please excuse, I'm an absolute newbie in regards to Splunk. I'm trying to do the following. Fr... by memorecks New Member in Splunk Search 10-12-2018 0 1	0	1
How do you get join functionality without using subsearch? Hey Splunkers, Here is my original query where the sub search is getting truncated to 50000 records. index = abc so... by djain Path Finder in Splunk Search 10-12-2018 0 11	0	11