Splunk Search

Community Activity

Why is my index time extraction not working On my Intermediates or Heavy Forwarders and Search Heads I have: props.conf [role_extract] TRANSFORMS-roleextract = ... by tkwaller_3 New Member in Splunk Search 09-07-2018 0 1	0	1
How do I calculate elapsed time between hours on two specific dates? I have an Incident "Open Date" in following format DD/MM/YYYY HH:MM and an Incident "Close Date" in same format. I w... by jackreeves Explorer in Splunk Search 09-07-2018 0 1	0	1
How to combine two field results into single field permanently ? Lets say I have extracted two fields rs_time1 and rs_time2. But now, I want to merge the values from these fields to ... by navd New Member in Splunk Search 09-07-2018 0 4	0	4
Outputnew: How do I compare two Fields in two Lookup tables? Hello, I need help finding out how I can display field values of one lookup that are not present in the same-named ... by russell120 Communicator in Splunk Search 09-07-2018 0 1	0	1
How do I run a query for a user's Internet activity and create a table by date and url? I need to run a query for a user's Internet activity. I would like to create a table/report for the output that's li... by rsmaddox New Member in Splunk Search 09-07-2018 0 4	0	4
How to list a count ONLY if the value within a query is above a certain threshold? Hello. Today, I have several panels in a dashboard to provide us daily, weekly, and monthly counts of certain proble... by CTHolt01 New Member in Splunk Search 09-07-2018 0 3	0	3
How do I search to exclude logs with extensions? Hi, In my data, I have API calls with several extensions like (.html, .com, .php and many more). I am trying to excl... by sravani27 Path Finder in Splunk Search 09-07-2018 0 4	0	4
How do I create a derived field using two searches? I want to create a derived field using a search string like so: (host=HostA sourcetype="SourceTypeA" counter="Count... by SlothB77 Engager in Splunk Search 09-07-2018 0 4	0	4
Help sorting by time results in lost records When I do a sort, the records show up newest first. I will typically search for events on the duration of a week or... by echelon101 New Member in Splunk Search 09-07-2018 0 3	0	3
How to round a number when displaying results in a chart? I am trying to display the response times of services for the last 7 days in a chart , but I want to round the respon... by navd New Member in Splunk Search 09-07-2018 0 5	0	5
How to calculate the number of days between two dates? I have two dates as part of a string. I have to get these dates in separate fields by using the substr function. Now,... by twh1 Communicator in Splunk Search 09-07-2018 0 4	0	4
APPEND is not UNION? Splunk version 4.3 search A : index=webserver1 type=error \| table serverName message method search B : index=webserv... by joy76 Path Finder in Splunk Search 09-07-2018 1 12	1	12
Time value difference in duration: getting value as 0d HI All, I am able to get the time value difference in epoch and able to convert it to string with the following comm... by Chandras11 Communicator in Splunk Search 09-07-2018 0 3	0	3
How to change two parts of a search query based on input selection? I have a column chart that needs to update based on the input selection (Hour/Weekday/Month - aka $field4$). I've man... by josephinemho Path Finder in Splunk Search 09-06-2018 0 3	0	3
Why would Splunk be grouping events together when I haven't told it to? Wow, so finding any related questions on this has proven very difficult as any searches for "Splunk grouping events t... by EricLloyd79 Builder in Splunk Search 09-06-2018 0 8	0	8
How do you link transactions with other sourcetypes based on timestamp? Splunk fellows your help is needed, In our project (license plate recognition on gas stations) - we have 2 sourcety... by DenysB New Member in Splunk Search 09-06-2018 0 3	0	3
How to create a regex or rex in a search to extract each line in a log event to separate events? Hi Splunk Gurus - I am new to splunk, need your help on the below. Below is how the events are getting into splunk, ... by mani3033 New Member in Splunk Search 09-06-2018 0 5	0	5
Comparing arbitrary # of columns values similar to xyseries? Suppose I have a data set with a metric, let's say for example, it contains the average # of stamps licked per day by... by grantsmiley Path Finder in Splunk Search 09-06-2018 1 2	1	2
How to update certain time fields of lookup table without overwriting old table entries? So, I put together a search not too long ago, with help from the community on here, that would run hourly to update a... by JakeInfoSec Explorer in Splunk Search 09-06-2018 1 7	1	7
How do I use an if-statement to reduce rows of a field in a Splunk result set? I have the following Splunk base search: sourcetype=serverA FATAL OR ERROR OR WARN \| rex field=_raw max_match=1 "(?... by samsam48 Explorer in Splunk Search 09-06-2018 0 5	0	5
How do you include a varying number of a Splunk Search's field values in an email alert? I have a Splunk Search that returns events that have an alert-type field value of "Severe", "Moderate", and "light".... by samsam48 Explorer in Splunk Search 09-06-2018 0 2	0	2
splunk eval row with last field Hello Splunkers i requiered eval the last field with current row. example: field 1 ...... field2.........field3..... by jaxob01 New Member in Splunk Search 09-06-2018 0 1	0	1
How to extract time and format using regex? Hello fellows, I have an issue that I'm not really sure how to solve. Well in event I have time in following form... by ninisimonishvil Path Finder in Splunk Search 09-06-2018 0 10	0	10
How do I return values that unmatched column in Lookup table? i am trying to search for urls that are not in my allowed list lookup csv , my csv file is named as url and has 1 col... by sabeqa Engager in Splunk Search 09-06-2018 0 3	0	3
How to combine multiple queries into one? Hello, I have multiple queries with small differences, is it possible to combine them? Here is example: index=some... by vintik Engager in Splunk Search 09-06-2018 0 2	0	2