Splunk Search

Community Activity

How do I match two fields from the same join command? Splunkers, Search String: admon-user-lookup-update \| eval src_user = (cn) \| fields src_nt_domain, displayName, c... by matthew_foos Path Finder in Splunk Search 10-12-2018 0 3	0	3
Can you help me create a lookup table for fields coming from Azure Monitoring Data Add-On? We're using the Azure Monitoring Data Add-on to integrate Splunk and Azure. The Azure events have the subscription I... by donaldwayne1975 Path Finder in Splunk Search 10-12-2018 0 1	0	1
How do I create a new summarized field based on other field values? Hi guys First of all, please excuse, I'm an absolute newbie in regards to Splunk. I'm trying to do the following. Fr... by memorecks New Member in Splunk Search 10-12-2018 0 1	0	1
How do you get join functionality without using subsearch? Hey Splunkers, Here is my original query where the sub search is getting truncated to 50000 records. index = abc so... by djain Path Finder in Splunk Search 10-12-2018 0 11	0	11
Will you help me enumerate some duplicate records returned in a search into another field? Greetings! I have duplicate data. But that's ok. I actually don't want to just remove my dupes, I want to create a... by chris94089 Path Finder in Splunk Search 10-12-2018 0 6	0	6
File Deletion search query Hi All, Actually in one of my server, some files has been deleted from the file path C\Windows\Systems32\drivers\etc... by mailmetoramu Explorer in Splunk Search 10-12-2018 0 10	0	10
How do you find the average count within a time range? I have the following search that shows users who are continuously being infected over a 30 day period: index=foo \| s... by jwalzerpitt Influencer in Splunk Search 10-12-2018 1 6	1	6
How do I split an event with extracted fields into rows? Hello all, I've used the following SPL to extract some fields from my logs. I got the following result. My issue... by shaheelkhan59 New Member in Splunk Search 10-12-2018 0 3	0	3
What should be the sequence of using dedup and sort together in a query? When dedup is used before sort in a query, the number of events returned is greater than the vice versa. by prachi0693 New Member in Splunk Search 10-12-2018 0 1	0	1
How to estimate an empty value in a search I have some events like : _time CITY %CPU %Disk Read Time %Disk Writ... by celianouguier Explorer in Splunk Search 10-12-2018 0 4	0	4
map command works but need more fields Hi Guys, I have a search that is working fine.. However the issue is that using the map command removes all other fi... by mwdbhyat Builder in Splunk Search 10-12-2018 0 1	0	1
Subsearch timeout SPL Hi guys, I have a search with subsearch that times out before it can complete. The subsearch doesnt finalise, so the... by mwdbhyat Builder in Splunk Search 10-11-2018 0 4	0	4
Average of a field Hi, I have a log trace like, ...........................wages: 50 I have written a splunk query to skip all the e... by saranyaa21 Path Finder in Splunk Search 10-11-2018 0 6	0	6
Throughput calculate for web servers How to calculate Throughput for web servers. if we have following data source. server name RAF,TAP,DFT by rajhemant26 New Member in Splunk Search 10-11-2018 0 1	0	1
Spaces removed from query - repeatable We have a report that runs and when you edit the report in the edit window, it will strip the space if the line wraps... by moorvogi Path Finder in Splunk Search 10-11-2018 0 3	0	3
SPlunk search not returning all events Hi, We have a query with below format: (index=A sourcetype=A1) OR (index=A sourcetype=A2) OR (index=B sourcetype=B1... by varun85negi Engager in Splunk Search 10-11-2018 1 3	1	3
Why does creating a new field sometimes require restarting Splunk services? We are having an issue when creating a New Field by using RegEx instead of the Field Extractor. The field itself may ... by sgoodman26 Explorer in Splunk Search 10-11-2018 0 3	0	3
How do you count the least number of events (as opposed to the highest number)? I have a Top Ten report going which counts the highest number of network timeout/disconnects on wireless devices by t... by stcrispan Communicator in Splunk Search 10-11-2018 0 5	0	5
tstats summariesonly query does not return results Hi all, my query is not returning any results and I think it's an error in the query. The clauses 'as' and 'from' in ... by kokanne Communicator in Splunk Search 10-11-2018 1 19	1	19
How do I fetch data from an existing field? I have a field in my log which contains a huge text data with two different formats. I tried to catch a few parts in ... by twh1 Communicator in Splunk Search 10-11-2018 0 3	0	3
How do you create a Splunk query to get new inbound IP's? I am trying to get a list of new inbound IPs/hosts, which would compare to the old data of the previous month from a ... by arrangineni Path Finder in Splunk Search 10-11-2018 0 0	0	0
mstats latest(_time) not working I am not able to get the latest (or earliest) _time values using mstats. \| mstats sum(bytes) latest(_time) where ind... by simpkins1958 Contributor in Splunk Search 10-11-2018 0 2	0	2
Regex Expressions Hi Team, I need to extract the fields from the JSON format in my Search Head GUI so kindly let us know how to procee... by anandhalagarasa Path Finder in Splunk Search 10-11-2018 0 6	0	6
How do I compare the log date with the time picker date? I want to check the records for which CREATE_TIME matches based on my date selection from time picker control. Curren... by twh1 Communicator in Splunk Search 10-11-2018 0 8	0	8
Display all values at time when hoovering over timechart I have a timechart with multiple values/graphs. When hoovering my mouse over the timechart I can only see one value ... by snorri Path Finder in Splunk Search 10-11-2018 0 4	0	4