Splunk Search

Community Activity

How do you include a varying number of a Splunk Search's field values in an email alert? I have a Splunk Search that returns events that have an alert-type field value of "Severe", "Moderate", and "light".... by samsam48 Explorer in Splunk Search 09-06-2018 0 2	0	2
splunk eval row with last field Hello Splunkers i requiered eval the last field with current row. example: field 1 ...... field2.........field3..... by jaxob01 New Member in Splunk Search 09-06-2018 0 1	0	1
How to extract time and format using regex? Hello fellows, I have an issue that I'm not really sure how to solve. Well in event I have time in following form... by ninisimonishvil Path Finder in Splunk Search 09-06-2018 0 10	0	10
How do I return values that unmatched column in Lookup table? i am trying to search for urls that are not in my allowed list lookup csv , my csv file is named as url and has 1 col... by sabeqa Engager in Splunk Search 09-06-2018 0 3	0	3
How to combine multiple queries into one? Hello, I have multiple queries with small differences, is it possible to combine them? Here is example: index=some... by vintik Engager in Splunk Search 09-06-2018 0 2	0	2
Why are my props/transforms not taking effect? Hello, i have a single Splunk Enterprise instance with a 9997 listener. I have a single Windows Server with a UF for... by ajhstn Explorer in Splunk Search 09-06-2018 0 4	0	4
How to change the colors in Timeline custom visualization index="_internal" \| timechart span=15m count(name) as name \| eval Status=if(name>1500, "RED", if(name>100,"AMBER","G... by sunith35 Engager in Splunk Search 09-06-2018 1 0	1	0
How to search a lookup table and return the unmatched term? i am trying to search for the allowed urls (passthrough) and not in my list uploaded csv called url. the csv is made ... by sabeqa Engager in Splunk Search 09-06-2018 0 0	0	0
Could you help me with a stats(sum) query? hi I use the code below in order to count some events from 3 fields: (LogName SourceName Type ) index="windows" (s... by jip31 Motivator in Splunk Search 09-05-2018 0 6	0	6
How to compare one value from another in a lookup? I got a number in my first lookup and i want to compare this number with a start and end number in a lookup, how do i... by w344423 Explorer in Splunk Search 09-05-2018 0 6	0	6
How can I get common values from data? Now ,I want to get common values from data. I use this command: `index="new_1" \|stats list(oper_field) as gn by de... by WXY Path Finder in Splunk Search 09-05-2018 0 5	0	5
I need to compare two results based on one part of a field ( and not the entire field ) I have search A which gives out results like field A, field B , field C, where field C is a combination of two halves... by USER78 New Member in Splunk Search 09-05-2018 0 2	0	2
How to find list of all events within time window of other events? I have a query that looks like this: index=A ( ErrorCode=2 OR ErrorCode=3) [ search index=B Criteria=1 ... by brajaram Communicator in Splunk Search 09-05-2018 0 1	0	1
dnslookup not working trying to use "lookup dnslookup clientip as dvc OUTPUT clienthost AS dvc" within a search on a dashboard. Some of the... by nedwards94 Engager in Splunk Search 09-05-2018 0 0	0	0
How to escape double backslash in rex/regex command? I'm having some serious difficulty in figuring out how to escape a double backslash within the REX/regex spl command.... by ixixix_spl Explorer in Splunk Search 09-05-2018 0 2	0	2
How to implement "NOT IN" in Splunk I have an index that is populated by and extensive, long running query that creates a line like "Client1 Export1 Miss... by griffinpair Path Finder in Splunk Search 09-05-2018 0 3	0	3
Which is faster: SHOULD_LINEMERGE vs LINE_BREAKER Hi, I'm doing some research for our new architecture and am currently doing some house keeping on our props and trans... by dkrichards16 Path Finder in Splunk Search 09-05-2018 0 4	0	4
Can someone explain why I'm getting this confusing search output? Hi sourcetype="SourceA" ERROR NOT "GET-INFO" NOT "GET-ArchivedInfo" NOT "Error1" NOT "ERROR2" The above search g... by Navitas28 New Member in Splunk Search 09-05-2018 0 1	0	1
How to use subsearch without a field name? (but just with field value) We have got data for particular data which contains field in many places Events 2018-09-05 01:00:00 logged in by USE... by koshyk Super Champion in Splunk Search 09-05-2018 1 3	1	3
LookUpでカレンダー情報を作り、該当日のサーチ範囲を指定したい。例えば、Index=XXX sourcetype=+++ と言ったログファイルをサーチする際に 2018/09/10には2018/9/7のデータを検索したい、2018/09/11には2018/09/08～2018/09/10までのデ... by enoshima New Member in Splunk Search 09-05-2018 0 1	0	1
Will someone help me with my Regular Expression query? Hi, I am looking for some help regarding Splunk Regular Expression. I have a data something like this in a field "fie... by Shashank_87 Explorer in Splunk Search 09-05-2018 0 7	0	7
IF statements to determine which table to format in Hi there, I'm wondering if it's possible to format a Splunk query like so: IF results contains "this string" THEN u... by aherrington Path Finder in Splunk Search 09-05-2018 0 3	0	3
how to sum 2 fields of value Hi, if I have: 2012-10-16T03:27:05+0000, cCount:0 , lCount:17, in an event. How can I cCount + lCount = totalCount?... by JelianeL Explorer in Splunk Search 09-05-2018 0 11	0	11
With a full list of class C IPs, how can i get Splunk to show me how many VLANs are in the data? We are searching new environments monthly this means we are blind going in. I can get Splunk to stat out a total list... by cabowman Engager in Splunk Search 09-05-2018 0 5	0	5
Splunk has found 10 orphaned searches owned by 5 unique disabled users.Click to view the orphaned scheduled searches. Reassign them to a valid user to re-enable or alternatively disable the searches. Splunk has found 10 orphaned searches owned by 5 unique disabled users.Click to view the orphaned scheduled searches.... by hrithiktej Communicator in Splunk Search 09-05-2018 0 3	0	3