Splunk Search

Community Activity

APPEND is not UNION? Splunk version 4.3 search A : index=webserver1 type=error \| table serverName message method search B : index=webserv... by joy76 Path Finder in Splunk Search 09-07-2018 1 12	1	12
Time value difference in duration: getting value as 0d HI All, I am able to get the time value difference in epoch and able to convert it to string with the following comm... by Chandras11 Communicator in Splunk Search 09-07-2018 0 3	0	3
How to change two parts of a search query based on input selection? I have a column chart that needs to update based on the input selection (Hour/Weekday/Month - aka $field4$). I've man... by josephinemho Path Finder in Splunk Search 09-06-2018 0 3	0	3
Why would Splunk be grouping events together when I haven't told it to? Wow, so finding any related questions on this has proven very difficult as any searches for "Splunk grouping events t... by EricLloyd79 Builder in Splunk Search 09-06-2018 0 8	0	8
How do you link transactions with other sourcetypes based on timestamp? Splunk fellows your help is needed, In our project (license plate recognition on gas stations) - we have 2 sourcety... by DenysB New Member in Splunk Search 09-06-2018 0 3	0	3
How to create a regex or rex in a search to extract each line in a log event to separate events? Hi Splunk Gurus - I am new to splunk, need your help on the below. Below is how the events are getting into splunk, ... by mani3033 New Member in Splunk Search 09-06-2018 0 5	0	5
Comparing arbitrary # of columns values similar to xyseries? Suppose I have a data set with a metric, let's say for example, it contains the average # of stamps licked per day by... by grantsmiley Path Finder in Splunk Search 09-06-2018 1 2	1	2
How to update certain time fields of lookup table without overwriting old table entries? So, I put together a search not too long ago, with help from the community on here, that would run hourly to update a... by JakeInfoSec Explorer in Splunk Search 09-06-2018 1 7	1	7
How do I use an if-statement to reduce rows of a field in a Splunk result set? I have the following Splunk base search: sourcetype=serverA FATAL OR ERROR OR WARN \| rex field=_raw max_match=1 "(?... by samsam48 Explorer in Splunk Search 09-06-2018 0 5	0	5
How do you include a varying number of a Splunk Search's field values in an email alert? I have a Splunk Search that returns events that have an alert-type field value of "Severe", "Moderate", and "light".... by samsam48 Explorer in Splunk Search 09-06-2018 0 2	0	2
splunk eval row with last field Hello Splunkers i requiered eval the last field with current row. example: field 1 ...... field2.........field3..... by jaxob01 New Member in Splunk Search 09-06-2018 0 1	0	1
How to extract time and format using regex? Hello fellows, I have an issue that I'm not really sure how to solve. Well in event I have time in following form... by ninisimonishvil Path Finder in Splunk Search 09-06-2018 0 10	0	10
How do I return values that unmatched column in Lookup table? i am trying to search for urls that are not in my allowed list lookup csv , my csv file is named as url and has 1 col... by sabeqa Engager in Splunk Search 09-06-2018 0 3	0	3
How to combine multiple queries into one? Hello, I have multiple queries with small differences, is it possible to combine them? Here is example: index=some... by vintik Engager in Splunk Search 09-06-2018 0 2	0	2
Why are my props/transforms not taking effect? Hello, i have a single Splunk Enterprise instance with a 9997 listener. I have a single Windows Server with a UF for... by ajhstn Explorer in Splunk Search 09-06-2018 0 4	0	4
How to change the colors in Timeline custom visualization index="_internal" \| timechart span=15m count(name) as name \| eval Status=if(name>1500, "RED", if(name>100,"AMBER","G... by sunith35 Engager in Splunk Search 09-06-2018 1 0	1	0
How to search a lookup table and return the unmatched term? i am trying to search for the allowed urls (passthrough) and not in my list uploaded csv called url. the csv is made ... by sabeqa Engager in Splunk Search 09-06-2018 0 0	0	0
Could you help me with a stats(sum) query? hi I use the code below in order to count some events from 3 fields: (LogName SourceName Type ) index="windows" (s... by jip31 Motivator in Splunk Search 09-05-2018 0 6	0	6
How to compare one value from another in a lookup? I got a number in my first lookup and i want to compare this number with a start and end number in a lookup, how do i... by w344423 Explorer in Splunk Search 09-05-2018 0 6	0	6
How can I get common values from data? Now ,I want to get common values from data. I use this command: `index="new_1" \|stats list(oper_field) as gn by de... by WXY Path Finder in Splunk Search 09-05-2018 0 5	0	5
I need to compare two results based on one part of a field ( and not the entire field ) I have search A which gives out results like field A, field B , field C, where field C is a combination of two halves... by USER78 New Member in Splunk Search 09-05-2018 0 2	0	2
How to find list of all events within time window of other events? I have a query that looks like this: index=A ( ErrorCode=2 OR ErrorCode=3) [ search index=B Criteria=1 ... by brajaram Communicator in Splunk Search 09-05-2018 0 1	0	1
dnslookup not working trying to use "lookup dnslookup clientip as dvc OUTPUT clienthost AS dvc" within a search on a dashboard. Some of the... by nedwards94 Engager in Splunk Search 09-05-2018 0 0	0	0
How to escape double backslash in rex/regex command? I'm having some serious difficulty in figuring out how to escape a double backslash within the REX/regex spl command.... by ixixix_spl Explorer in Splunk Search 09-05-2018 0 2	0	2
How to implement "NOT IN" in Splunk I have an index that is populated by and extensive, long running query that creates a line like "Client1 Export1 Miss... by griffinpair Path Finder in Splunk Search 09-05-2018 0 3	0	3