Splunk Search

Community Activity

How to get all items after count and get a list of items in an array? Hi, what is the best way to get all items from a count? Let's say I have two columns. First column displays the items... by mabinn Explorer in Splunk Search 09-15-2018 0 2	0	2
Display last 8 hours from now () ..? Hi Splunkers, i want to display the last 8 hours of data with 1 hour different without any index or kv table .like m... by harishalipaka Motivator in Splunk Search 09-15-2018 0 4	0	4
Should I use a lookup or an inner query for the following search? Sample Logs: Incident=112 Group=ABC Status = Open Incident=113 Group=ABC Status = Open - Incident=113 Group=X... by joydeep741 Path Finder in Splunk Search 09-14-2018 0 4	0	4
Why is my search returning no events after data entry? Hello I have done a data entry in Splunk for the log event below : [WinEventLog://Microsoft-Windows-PowerCfg/Diagno... by jip31 Motivator in Splunk Search 09-14-2018 0 6	0	6
Tstats query and dashboard optimization I'm looking for assistance in optimizing a dashboard where we use tstats as a base search. Our Splunk systems have mo... by Justinboucher0 Path Finder in Splunk Search 09-14-2018 0 1	0	1
Can you help me improve my Splunk search? Hello Fellow Splunkers, I'm busy with improving a search: The original search: “index=powermonitoring source=dashb... by KarnN Engager in Splunk Search 09-14-2018 0 2	0	2
How can you get a single value based on eval results? Hello, I have a search that joins together data. The search works great, but the results that Im trying to get are p... by tkwaller_2 Communicator in Splunk Search 09-14-2018 0 2	0	2
Splunk Transforms REGEX Wildcard Help We are routing events to some_index based on the source during parsing. Part of the source goes to "original_index",... by Venkat_16 Contributor in Splunk Search 09-14-2018 1 8	1	8
Why is chart drilldown not passing parameter? When I attempt to drilldown from a dashboard (line) chart to another dashboard (form), it seems like the parameter is... by claatu Explorer in Splunk Search 09-14-2018 0 2	0	2
How to split a field into multiple fields via sourcetype? I have a a huge message field with the format: field1=value1,field2=value2......fieldn=valuen. This field is not gett... by AnujaJadhav2 Explorer in Splunk Search 09-14-2018 0 6	0	6
workaround for "unable to write 'random state'" when installing? When installing latest version on Linux, with a splunk OS user set (SPLUNK_OS_USER=splunk) in etc/splunk-launch.conf,... by JeToJedno Explorer in Splunk Search 09-14-2018 1 2	1	2
Table format field size We are trying to create a table view of some event log messages, however some of the event log messages are very long... by lspringer Path Finder in Splunk Search 09-14-2018 1 8	1	8
In Splunk Free Version, why is the same search query returning different results? Hi, I have Splunk Free (I am afraid this is not present in the "choose product" list, switched from "Enterprise Tria... by flopit Path Finder in Splunk Search 09-14-2018 0 4	0	4
Summary index missing random events I'm trying to set up some summary indexes, but the summary index is missing random events. The scheduled search job i... by phemmer Path Finder in Splunk Search 09-14-2018 0 3	0	3
Can you help me create a separate field called "customer" that contains the following values? Hi I was trying to group by together the field values . Example: i have a field called "url" that has such sort of ... by Mohsin123 Path Finder in Splunk Search 09-14-2018 0 8	0	8
How do you get an automatic lookup file to coalesce with an existing field? Hi All, I have looked around on the community but I am unable to find anything that matches what I'm looking for, so... by abbam Explorer in Splunk Search 09-14-2018 0 4	0	4
How to get the result of timechart value divided by a number search command host= index= sourcetype=syslog job=* "jobname" \| dedub job \| fields - _raw \| timechart span=1d count... by mindia New Member in Splunk Search 09-13-2018 0 13	0	13
Can you combine cells based on another column value? Is it possible for splunk to get an output something along the lines of: Source: Col_A \| Col_B \| Col_C ID_A \| log... by cboonyan New Member in Splunk Search 09-13-2018 0 6	0	6
Why is the Memory Tracker not working as expected? Hi Splunkers, We have set search_process_memory_usage_threshold to 3GB, but noticed that searches are terminated whe... by dvg06 Path Finder in Splunk Search 09-13-2018 0 3	0	3
How do you bucket two events starting using a timespan that starts with the first event? My question is a mix of using the transaction command with the bin command. What I would like to achieve is capturi... by rkondeti3 Explorer in Splunk Search 09-13-2018 0 1	0	1
How do you make a multiple cumulative time series? I can make mulitple summed time series. source="splunk-source" \| timechart sum(figure) as figure by category I can... by isaacsanders Engager in Splunk Search 09-13-2018 0 1	0	1
How do you create a table with each row being a log and every column being a recognized "Interesting Field"? I was wondering if there is an easy way to create a table that contains every single recognized interesting field ins... by ixixix_spl Explorer in Splunk Search 09-13-2018 0 1	0	1
How do you combine data from two source types based on common values? Hi there, I have a question regarding source types. I have 2 source types "A" and "B". "A" has a field called "aaa" ... by dminev1 Explorer in Splunk Search 09-13-2018 0 2	0	2
How do you create a table with each row being a log and every column being a recognized "Interesting Field"? I was wondering if there is an easy way to create a table that contains every single recognized interesting field ins... by ixixix_spl Explorer in Splunk Search 09-13-2018 0 2	0	2
How can we add the first event to all existing event as a matedata? Here is the case , I have an huge XML file . In which i have extracted the events based on the tags.So i have the 3... by vikasreddy Explorer in Splunk Search 09-13-2018 0 0	0	0