Splunk Search

Community Activity

How to compare one value from another in a lookup? I got a number in my first lookup and i want to compare this number with a start and end number in a lookup, how do i... by w344423 Explorer in Splunk Search 09-05-2018 0 6	0	6
How can I get common values from data? Now ,I want to get common values from data. I use this command: `index="new_1" \|stats list(oper_field) as gn by de... by WXY Path Finder in Splunk Search 09-05-2018 0 5	0	5
I need to compare two results based on one part of a field ( and not the entire field ) I have search A which gives out results like field A, field B , field C, where field C is a combination of two halves... by USER78 New Member in Splunk Search 09-05-2018 0 2	0	2
How to find list of all events within time window of other events? I have a query that looks like this: index=A ( ErrorCode=2 OR ErrorCode=3) [ search index=B Criteria=1 ... by brajaram Communicator in Splunk Search 09-05-2018 0 1	0	1
dnslookup not working trying to use "lookup dnslookup clientip as dvc OUTPUT clienthost AS dvc" within a search on a dashboard. Some of the... by nedwards94 Engager in Splunk Search 09-05-2018 0 0	0	0
How to escape double backslash in rex/regex command? I'm having some serious difficulty in figuring out how to escape a double backslash within the REX/regex spl command.... by ixixix_spl Explorer in Splunk Search 09-05-2018 0 2	0	2
How to implement "NOT IN" in Splunk I have an index that is populated by and extensive, long running query that creates a line like "Client1 Export1 Miss... by griffinpair Path Finder in Splunk Search 09-05-2018 0 3	0	3
Which is faster: SHOULD_LINEMERGE vs LINE_BREAKER Hi, I'm doing some research for our new architecture and am currently doing some house keeping on our props and trans... by dkrichards16 Path Finder in Splunk Search 09-05-2018 0 4	0	4
Can someone explain why I'm getting this confusing search output? Hi sourcetype="SourceA" ERROR NOT "GET-INFO" NOT "GET-ArchivedInfo" NOT "Error1" NOT "ERROR2" The above search g... by Navitas28 New Member in Splunk Search 09-05-2018 0 1	0	1
How to use subsearch without a field name? (but just with field value) We have got data for particular data which contains field in many places Events 2018-09-05 01:00:00 logged in by USE... by koshyk Super Champion in Splunk Search 09-05-2018 1 3	1	3
LookUpでカレンダー情報を作り、該当日のサーチ範囲を指定したい。例えば、Index=XXX sourcetype=+++ と言ったログファイルをサーチする際に 2018/09/10には2018/9/7のデータを検索したい、2018/09/11には2018/09/08～2018/09/10までのデ... by enoshima New Member in Splunk Search 09-05-2018 0 1	0	1
Will someone help me with my Regular Expression query? Hi, I am looking for some help regarding Splunk Regular Expression. I have a data something like this in a field "fie... by Shashank_87 Explorer in Splunk Search 09-05-2018 0 7	0	7
IF statements to determine which table to format in Hi there, I'm wondering if it's possible to format a Splunk query like so: IF results contains "this string" THEN u... by aherrington Path Finder in Splunk Search 09-05-2018 0 3	0	3
how to sum 2 fields of value Hi, if I have: 2012-10-16T03:27:05+0000, cCount:0 , lCount:17, in an event. How can I cCount + lCount = totalCount?... by JelianeL Explorer in Splunk Search 09-05-2018 0 11	0	11
With a full list of class C IPs, how can i get Splunk to show me how many VLANs are in the data? We are searching new environments monthly this means we are blind going in. I can get Splunk to stat out a total list... by cabowman Engager in Splunk Search 09-05-2018 0 5	0	5
Splunk has found 10 orphaned searches owned by 5 unique disabled users.Click to view the orphaned scheduled searches. Reassign them to a valid user to re-enable or alternatively disable the searches. Splunk has found 10 orphaned searches owned by 5 unique disabled users.Click to view the orphaned scheduled searches.... by hrithiktej Communicator in Splunk Search 09-05-2018 0 3	0	3
How do I convert year, month, day, hour, minute, seconds to seconds? Now, I want to get the time interval For example: between 2018/5/31 8:25:45 and 2018/5/31 8:25:47 ,the time interva... by WXY Path Finder in Splunk Search 09-04-2018 0 1	0	1
Is there any difference between top and stats in tstats? I could see the same result in index=* ~~~ \| top abc index=* ~~~ \| stats count by abc \| sort -count (ignore percent c... by apple143 Engager in Splunk Search 09-04-2018 0 2	0	2
How do I create a rolling time window which counts forward and backward? Given a dummy index/data consisting of the following fields: sku_number customers_id date_purchase ------... by fuwuqi Engager in Splunk Search 09-04-2018 0 1	0	1
Can someone help me with a regex that transforms nullQueue before specific date? I've got data coming in (Dropbox). This is pulled with the TA via REST API. I can't use the ignoreOlderThan in inputs... by anzianojackson6 Explorer in Splunk Search 09-04-2018 0 4	0	4
regex wimp I have this in a transforms.conf file on one of my forwarders. My goal is to drop everything from either of the IP's,... by chowell Explorer in Splunk Search 09-04-2018 1 2	1	2
Why does adding a table command after transaction result in no results found? \| inputlookup id_test.csv \| reverse \| eval _time=now()\| transaction Col_A startswith=(Col_C=yes) returns result... by landen99 Motivator in Splunk Search 09-04-2018 0 2	0	2
combining fields from two log entries which have a common id that is named differently Base, How can I combine two log entries that share a common ID when the field name of the ID is different between b... by dreeck Path Finder in Splunk Search 09-04-2018 0 2	0	2
How to chart a list of key/value pair fields only if a condition matches? Hi Splunk'az, I have events composed of 64 key/value pairs that are being extracted into fields at indexing time: ... by jbethmont Explorer in Splunk Search 09-04-2018 0 6	0	6
To find number of days between two dates Please give a solution to calculate the number of days between two given dates.. Regards Govind. by jgr_26 Engager in Splunk Search 09-04-2018 0 9	0	9