Splunk Search

Community Activity

Why are two of my columns empty in a table returned by a lookup file with multiple fields? I used a lookup file which is configuring like this field1, field2, field3, field4 value1, value2, value3, value4 v... by faribole Path Finder in Splunk Search 09-17-2018 0 2	0	2
How do I combine 3 searches? I have search1 which is a join of 2 different log sources ( S1 , S2 ). After joining these sources, I used rex to ext... by USER78 New Member in Splunk Search 09-16-2018 0 0	0	0
Transpose command causes other columns to be displayed as rows? I am having issues with the QuestionText fields in my query below. I am trying to take all the QuestionText entries a... by rkassabov Path Finder in Splunk Search 09-16-2018 0 0	0	0
How to rebuild Timeline custom visualization app in windows? Need to change the date format for timeline graph and found solution. Accordingly updated the 2 js file for the app a... by sunith35 Engager in Splunk Search 09-16-2018 0 1	0	1
Can you help me with my table count? Hello, I use the table count below : index="wineventlog" sourcetype="wineventlog:" SourceName="" Type="Critique" ... by jip31 Motivator in Splunk Search 09-16-2018 0 5	0	5
count events from a radio button choice issue Hello I use the code below in order to display the events corresponding to these event code index="windows" sour... by jip31 Motivator in Splunk Search 09-16-2018 0 7	0	7
How do I extract farm name from IIS logs to a table? I'm Trying to run a table on IIS logs. The farm is https://sp001, examples below)... However, within the farm we hav... by smudge797 Path Finder in Splunk Search 09-15-2018 0 3	0	3
How do I combine two fields from different sources but of the same source type in a single search? I am trying to perform a ratio calculation on 2 fields (values) coming from different sources but of the same source... by rkatsnel New Member in Splunk Search 09-15-2018 0 6	0	6
How to get all items after count and get a list of items in an array? Hi, what is the best way to get all items from a count? Let's say I have two columns. First column displays the items... by mabinn Explorer in Splunk Search 09-15-2018 0 2	0	2
Display last 8 hours from now () ..? Hi Splunkers, i want to display the last 8 hours of data with 1 hour different without any index or kv table .like m... by harishalipaka Motivator in Splunk Search 09-15-2018 0 4	0	4
Should I use a lookup or an inner query for the following search? Sample Logs: Incident=112 Group=ABC Status = Open Incident=113 Group=ABC Status = Open - Incident=113 Group=X... by joydeep741 Path Finder in Splunk Search 09-14-2018 0 4	0	4
Why is my search returning no events after data entry? Hello I have done a data entry in Splunk for the log event below : [WinEventLog://Microsoft-Windows-PowerCfg/Diagno... by jip31 Motivator in Splunk Search 09-14-2018 0 6	0	6
Tstats query and dashboard optimization I'm looking for assistance in optimizing a dashboard where we use tstats as a base search. Our Splunk systems have mo... by Justinboucher0 Path Finder in Splunk Search 09-14-2018 0 1	0	1
Can you help me improve my Splunk search? Hello Fellow Splunkers, I'm busy with improving a search: The original search: “index=powermonitoring source=dashb... by KarnN Engager in Splunk Search 09-14-2018 0 2	0	2
How can you get a single value based on eval results? Hello, I have a search that joins together data. The search works great, but the results that Im trying to get are p... by tkwaller_2 Communicator in Splunk Search 09-14-2018 0 2	0	2
Splunk Transforms REGEX Wildcard Help We are routing events to some_index based on the source during parsing. Part of the source goes to "original_index",... by Venkat_16 Contributor in Splunk Search 09-14-2018 1 8	1	8
Why is chart drilldown not passing parameter? When I attempt to drilldown from a dashboard (line) chart to another dashboard (form), it seems like the parameter is... by claatu Explorer in Splunk Search 09-14-2018 0 2	0	2
How to split a field into multiple fields via sourcetype? I have a a huge message field with the format: field1=value1,field2=value2......fieldn=valuen. This field is not gett... by AnujaJadhav2 Explorer in Splunk Search 09-14-2018 0 6	0	6
workaround for "unable to write 'random state'" when installing? When installing latest version on Linux, with a splunk OS user set (SPLUNK_OS_USER=splunk) in etc/splunk-launch.conf,... by JeToJedno Explorer in Splunk Search 09-14-2018 1 2	1	2
Table format field size We are trying to create a table view of some event log messages, however some of the event log messages are very long... by lspringer Path Finder in Splunk Search 09-14-2018 1 8	1	8
In Splunk Free Version, why is the same search query returning different results? Hi, I have Splunk Free (I am afraid this is not present in the "choose product" list, switched from "Enterprise Tria... by flopit Path Finder in Splunk Search 09-14-2018 0 4	0	4
Summary index missing random events I'm trying to set up some summary indexes, but the summary index is missing random events. The scheduled search job i... by phemmer Path Finder in Splunk Search 09-14-2018 0 3	0	3
Can you help me create a separate field called "customer" that contains the following values? Hi I was trying to group by together the field values . Example: i have a field called "url" that has such sort of ... by Mohsin123 Path Finder in Splunk Search 09-14-2018 0 8	0	8
How do you get an automatic lookup file to coalesce with an existing field? Hi All, I have looked around on the community but I am unable to find anything that matches what I'm looking for, so... by abbam Explorer in Splunk Search 09-14-2018 0 4	0	4
How to get the result of timechart value divided by a number search command host= index= sourcetype=syslog job=* "jobname" \| dedub job \| fields - _raw \| timechart span=1d count... by mindia New Member in Splunk Search 09-13-2018 0 13	0	13