Splunk Search

Community Activity

Join two stats searches and run stats/group on the result I'd like to join two searches and run some stats to group the combined result to see how many users change/update bro... by gregorymountfor Explorer in Splunk Search 10-02-2018 0 0	0	0
No results DBX I like to use DATABASES. I connected DBX and made a connection. With the query: \| dbxquery query="SELECT * FROM \"XXX... by LH_SPLUNK Explorer in Splunk Search 10-02-2018 0 1	0	1
How do I remove a particular row from my stats command based on the value of another row? source="something_source" topic="something_topic1" OR topic="something_topic2" earliest = "-1d" client="cpu1305" \| st... by avisriv New Member in Splunk Search 10-02-2018 0 2	0	2
How do you stop displaying a timechart line when value is 0? I'm trying to display a timechart based on count by a type. But, for a certain type, the value will always be 0 for... by dfofie New Member in Splunk Search 10-01-2018 0 2	0	2
How do you store multiple similar field names as values in a new field? I have multiple fields with similar names abc*, example: abcXYZ1 abcKLM abc_DEF I want to create a new field, say 'E... by mpatel11 Explorer in Splunk Search 10-01-2018 1 6	1	6
How do I fill values in a timechart for a non existing event? How do I fill values in a timechart for a non existing event? Suppose that the event is received at 5:00AM. Then, I w... by avisriv New Member in Splunk Search 10-01-2018 0 3	0	3
Can you help me with my sum of counts query? I'm trying to get the sum of spam folders and where they are quarantined by user. Is there a better way to do this, e... by gdavid Path Finder in Splunk Search 10-01-2018 0 2	0	2
How do you store field names as values in a new field based on presence of that field? Say I have 100 rows of logs. Some have only field "abcXYZ1" and not the other two. Some have field "abcKLM" and not t... by mpatel11 Explorer in Splunk Search 10-01-2018 0 2	0	2
How do you customize the drilldown of a search? I've got a search viewed as a table and one of the values of the table cell is a URL. I want to be able to click on t... by heatonra Engager in Splunk Search 10-01-2018 1 3	1	3
transforms.conf regex extract strange fields with value $2 my transforms.conf has such lines [api-param] REGEX=^(\w+)=(.+?)\n FORMAT=$1::$2 props.conf [api] TZ = Europe/Mo... by exmuzzy Explorer in Splunk Search 10-01-2018 0 0	0	0
How do I combine data from CSV with data from index Now ,I have a lookup named exchange.csv , and index="exchange_data" The data in the exchange.csv is extracted from ... by WXY Path Finder in Splunk Search 10-01-2018 0 7	0	7
Can you help me make a Splunk Search for all Splunk Clients using TLS1.2? Is there any way we can frame a Splunk query which we can run on a search head to get the list of all the Splunk clie... by arrangineni Path Finder in Splunk Search 10-01-2018 0 0	0	0
How do I run forecast time series multiple times using one search? I want to run a forecast time series multiple times using one search on the remaining freespace of a number of our da... by mtmoore Explorer in Splunk Search 10-01-2018 0 2	0	2
Can you help me use the "sort" and "top" commands in a search? Hi , I have a rsult set like this below status URL value status-500 identifiers 539 status-500 customer 529 ... by Mohsin123 Path Finder in Splunk Search 10-01-2018 1 2	1	2
How do I change the value of a search to MB? I have this search which shows the total of bytes coming in for a particular time period. Can someone tell me how to ... by marcusmartin Path Finder in Splunk Search 10-01-2018 0 2	0	2
How do I add a new field in the output? Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time) by rajhemant26 New Member in Splunk Search 10-01-2018 0 2	0	2
How to list datamodel name in a Table I am trying to list certain datamodels in a table along with their log count but I can't seem to find how to list the... by DEAD_BEEF Builder in Splunk Search 10-01-2018 0 5	0	5
extarct specific field with regex i want to extract the field with the name of http_agent from my logs the raw field is : "http_host=""nts.mapnanyp.co... by khanlarloo Explorer in Splunk Search 09-30-2018 0 5	0	5
Datamodel search with Datamodel Subsearch Circular Dependancy Error How do I fix this search to avoid- 'Error in 'SearchParser': Found circular dependency when expanding datamodel=Intru... by jgbricker Contributor in Splunk Search 09-30-2018 1 7	1	7
how to pass the output of one query as search key to a subsearch? I have raw events that look as below: 2018:08:22:22:39:51.731 myhostname 3:INFO MY_IDENTIFIER_TEST 54802679013030316... by bkumarm Contributor in Splunk Search 09-30-2018 0 2	0	2
How to use a variable to limit a sort list length? I want to find the highest ten results of a search and group the others up. I'm using the following search: index=fo... by bebowi New Member in Splunk Search 09-30-2018 0 3	0	3
How to set python script to run automatically on a custom app. Hello guys, I am new to Splunk. I need help in letting the python script i have created to run automatically every mo... by splunkbot22 New Member in Splunk Search 09-29-2018 0 10	0	10
When trying to return different error messages with one saved search/alert, how do I combine 2 searches where one uses regex(OR is not allowed)? I am trying to return several different error messages with one saved search / alert. I can get all of them indiv... by cmahan Path Finder in Splunk Search 09-29-2018 0 2	0	2
Can you help me with a problem I'm having parsing fields? I'm new to parsing fields in splunk. And, in truth, I'm not great at regex yet. I'm trying to parse an event in Spl... by TitanAE New Member in Splunk Search 09-29-2018 0 1	0	1
search the result returned from "search 1" and append the second search and then pass the value of search 1 to overall search the appended search Good Day Folks, I have facing trouble in dealing with multisearches. For e.g. index="a" sourcetype="ab" field1=nam... by Akumar294 Path Finder in Splunk Search 09-28-2018 0 17	0	17