Splunk Search

Community Activity

Best practice for dealing with Unicode codepoints in Splunk ? Dear Splunkers, I face logs, where special characters have been encoded into Unicode codepoints (e. g. \u0301 instea... by smichalski Explorer in Splunk Search 10-04-2018 3 3	3	3
Can someone help me fix my search that uses the sort command? I'm getting strange behavior with a sort, and wondered if anyone knows why. If I run: index=os source=/var/log/sla... by mitchellthom Engager in Splunk Search 10-04-2018 0 2	0	2
OR connection with missing fileds Hello Folks, i have folowing question I have folowing search index=indexA OR index=indexB OR indexC user=alex OR ip... by alex_kh Explorer in Splunk Search 10-04-2018 0 2	0	2
How do I filter values with at least one zero in time? Hello! I want to find local IPs that communicate with outside IPs every 5 minutes, for example: ... by Shark2112 Communicator in Splunk Search 10-04-2018 0 1	0	1
Can you help me with the following conditional streamstats issue? Hi splunkers, Suppose I have the following table: Date ItemsPurchased UnitPrice 1/1/1111 20 0.5 2/1/1111 10 1 3/1... by ADRIANODL Explorer in Splunk Search 10-03-2018 0 7	0	7
Can you help me with a regex expression(multiple in one query)? Trying to capture multiple groups, basically after the colon MacAddress : 7A:AA:82:31:24:B1 Manufactu... by JoshuaJohn Contributor in Splunk Search 10-03-2018 0 4	0	4
In a search, Is there an alternative for the eventstats command? I need to find another way instead of eventstats for my search. Is there a way where I can tag the events and add an... by patricianaguit Explorer in Splunk Search 10-03-2018 0 2	0	2
Is there a way where I can tag events and add another field based on hierarchy? is there a way where I can tag events and add another field based on hierarchy? For example: Id 1 has different ini... by patricianaguit Explorer in Splunk Search 10-03-2018 0 4	0	4
Can you help me to extract a specific event from a log? Hello In a report, i used the code below in order to search for an error code in my events. But, when a code is fou... by jip31 Motivator in Splunk Search 10-03-2018 0 2	0	2
In a search, how do you group similar URL patterns? I am doing a search and evaluating count, avg RT based on some URL patterns. Below are the URLs for my category pages... by alex129 New Member in Splunk Search 10-03-2018 0 8	0	8
Can you help me with my query that uses multiple where conditions? I have a search to identify when a particular server activates "hardware mode" and doesn't exit within a certain time... by jcleary47 Path Finder in Splunk Search 10-03-2018 0 2	0	2
How do I return lookup events only if they match certain field values? Hi, I have two lookup files below: masterinventory.csv type make model year storeID keycode... by russell120 Communicator in Splunk Search 10-03-2018 0 3	0	3
How to extract values where the field name has multiple spaces? Hello, I'm trying to figure out a way to extract values where the field has multiple spaces in it. When I do a sim... by gnoellbn Explorer in Splunk Search 10-03-2018 0 8	0	8
i have a join query which i need to optimize using OR and Stats, Since i am dealing with timestamp and fetching last(field), i am struggling, Can any one help? index="index1 sourcetype="sourcetype1" \| join deviceId [ search index="index2" sourcetype="sourcetype2" productFamil... by m4sucess New Member in Splunk Search 10-03-2018 0 7	0	7
How can I get time picker earliest and latest epoch values before doing a search? Hi, How can I get 'raw' earliest and latest value before doing search? I need the epoch seconds format, so -1d@d co... by lukasz92 Communicator in Splunk Search 10-03-2018 1 10	1	10
How do you show a row count in a dashboard panel? Hello All I am not sure how to show the row count in my dashboard. I have one panel that searches a list of hosts... by edwardrose Contributor in Splunk Search 10-03-2018 0 2	0	2
How do I extract the latest occurrence of a field from multiple lines? Want to capture the latest occurrence of "working_condition_check - status -" which is "Stopped". Please help me in... by nkchaitanya Explorer in Splunk Search 10-03-2018 0 2	0	2
Can you help me use the rex command to parse API's JSON? I have the following JSON, but I'm not really familiar with Splunk's rex function. I tried this command without succe... by gcescatto New Member in Splunk Search 10-03-2018 0 1	0	1
How to calculate the "number of files" field in the table colunm of "Files & directories Hi, I would like to know how to calculate the "number of files" field in the table colunm of "Files & directories",w... by Shuhei052492 Path Finder in Splunk Search 10-03-2018 0 0	0	0
In a search, How do I get the next to the last value(or field)? I have data that looks like this; When I perform my search the data returned by Splunk looks like this on the dashbo... by hartcl1 Explorer in Splunk Search 10-02-2018 0 2	0	2
How do I combine " \|stats count by host " and "\| stats distinct_count(host)" in one table? I can search for events and run stats count by host. And I can run a search of distinct number of hosts. I want t... by pretzel2 Path Finder in Splunk Search 10-02-2018 0 8	0	8
Is there a way to search for what searches have been run over a period of time and by who? Hi, Is there a way to search for what searches have been run over a period of time and by who - preferably listing t... by Skins Path Finder in Splunk Search 10-02-2018 0 2	0	2
Error after stats command Hi, I need your help, I have a search like this index=test sourcetype=XY \| stats count(Field1) AS f1 by action=... by hoerberm New Member in Splunk Search 10-02-2018 0 4	0	4
Can you help me optimize this query without join using stats and OR? index="index1" sourcetype=show_command \| join id [ search index="index2" sourcetype=software_data ] \| sort _time \| ... by m4sucess New Member in Splunk Search 10-02-2018 0 3	0	3
How do I create an alarm if a value stored in a CSV changes? Hi, I have a CSV file with the following structure: NAME DiskSerial ProcSerial ... by josedgaravito New Member in Splunk Search 10-02-2018 0 1	0	1