Splunk Search

Community Activity

How to implement "NOT IN" in Splunk I have an index that is populated by and extensive, long running query that creates a line like "Client1 Export1 Miss... by griffinpair Path Finder in Splunk Search 09-05-2018 0 3	0	3
Which is faster: SHOULD_LINEMERGE vs LINE_BREAKER Hi, I'm doing some research for our new architecture and am currently doing some house keeping on our props and trans... by dkrichards16 Path Finder in Splunk Search 09-05-2018 0 4	0	4
Can someone explain why I'm getting this confusing search output? Hi sourcetype="SourceA" ERROR NOT "GET-INFO" NOT "GET-ArchivedInfo" NOT "Error1" NOT "ERROR2" The above search g... by Navitas28 New Member in Splunk Search 09-05-2018 0 1	0	1
How to use subsearch without a field name? (but just with field value) We have got data for particular data which contains field in many places Events 2018-09-05 01:00:00 logged in by USE... by koshyk Super Champion in Splunk Search 09-05-2018 1 3	1	3
LookUpでカレンダー情報を作り、該当日のサーチ範囲を指定したい。例えば、Index=XXX sourcetype=+++ と言ったログファイルをサーチする際に 2018/09/10には2018/9/7のデータを検索したい、2018/09/11には2018/09/08～2018/09/10までのデ... by enoshima New Member in Splunk Search 09-05-2018 0 1	0	1
Will someone help me with my Regular Expression query? Hi, I am looking for some help regarding Splunk Regular Expression. I have a data something like this in a field "fie... by Shashank_87 Explorer in Splunk Search 09-05-2018 0 7	0	7
IF statements to determine which table to format in Hi there, I'm wondering if it's possible to format a Splunk query like so: IF results contains "this string" THEN u... by aherrington Path Finder in Splunk Search 09-05-2018 0 3	0	3
how to sum 2 fields of value Hi, if I have: 2012-10-16T03:27:05+0000, cCount:0 , lCount:17, in an event. How can I cCount + lCount = totalCount?... by JelianeL Explorer in Splunk Search 09-05-2018 0 11	0	11
With a full list of class C IPs, how can i get Splunk to show me how many VLANs are in the data? We are searching new environments monthly this means we are blind going in. I can get Splunk to stat out a total list... by cabowman Engager in Splunk Search 09-05-2018 0 5	0	5
Splunk has found 10 orphaned searches owned by 5 unique disabled users.Click to view the orphaned scheduled searches. Reassign them to a valid user to re-enable or alternatively disable the searches. Splunk has found 10 orphaned searches owned by 5 unique disabled users.Click to view the orphaned scheduled searches.... by hrithiktej Communicator in Splunk Search 09-05-2018 0 3	0	3
How do I convert year, month, day, hour, minute, seconds to seconds? Now, I want to get the time interval For example: between 2018/5/31 8:25:45 and 2018/5/31 8:25:47 ,the time interva... by WXY Path Finder in Splunk Search 09-04-2018 0 1	0	1
Is there any difference between top and stats in tstats? I could see the same result in index=* ~~~ \| top abc index=* ~~~ \| stats count by abc \| sort -count (ignore percent c... by apple143 Engager in Splunk Search 09-04-2018 0 2	0	2
How do I create a rolling time window which counts forward and backward? Given a dummy index/data consisting of the following fields: sku_number customers_id date_purchase ------... by fuwuqi Engager in Splunk Search 09-04-2018 0 1	0	1
Can someone help me with a regex that transforms nullQueue before specific date? I've got data coming in (Dropbox). This is pulled with the TA via REST API. I can't use the ignoreOlderThan in inputs... by anzianojackson6 Explorer in Splunk Search 09-04-2018 0 4	0	4
regex wimp I have this in a transforms.conf file on one of my forwarders. My goal is to drop everything from either of the IP's,... by chowell Explorer in Splunk Search 09-04-2018 1 2	1	2
Why does adding a table command after transaction result in no results found? \| inputlookup id_test.csv \| reverse \| eval _time=now()\| transaction Col_A startswith=(Col_C=yes) returns result... by landen99 Motivator in Splunk Search 09-04-2018 0 2	0	2
combining fields from two log entries which have a common id that is named differently Base, How can I combine two log entries that share a common ID when the field name of the ID is different between b... by dreeck Path Finder in Splunk Search 09-04-2018 0 2	0	2
How to chart a list of key/value pair fields only if a condition matches? Hi Splunk'az, I have events composed of 64 key/value pairs that are being extracted into fields at indexing time: ... by jbethmont Explorer in Splunk Search 09-04-2018 0 6	0	6
To find number of days between two dates Please give a solution to calculate the number of days between two given dates.. Regards Govind. by jgr_26 Engager in Splunk Search 09-04-2018 0 9	0	9
How to sort the month when using the field in chart over command? Hi Below is a query which returns the latency over month by cust_id. Events contain fields as month=April, month=May... by sangs8788 Communicator in Splunk Search 09-03-2018 0 1	0	1
What's the output of the following eval and now() function query? Hi All, Could you please help me here in confirming what would be the output of the below eval command? "eval age =... by bishtk Communicator in Splunk Search 09-03-2018 0 7	0	7
show one instance of an error (out of many errors coming repeatedly) from a given time I am getting many errors while just writing keyword error when searched from a single log file like Retrying connecti... by sajjadkernel Engager in Splunk Search 09-03-2018 0 3	0	3
Can you help me build a KVStore record deletion query? hello, Short background.. One of the application populates some ids for deletion of multiple types like type A, B... by anantdeshpande Path Finder in Splunk Search 09-03-2018 0 0	0	0
Process delayed - Could you suggest a way to speed up our search? We have a search with some subsearches that runs for about 40 seconds. "This search has completed and has returned 1... by tonniea Explorer in Splunk Search 09-03-2018 1 0	1	0
set a column's max-width in a chart Hi, I have a JSChart like this and I want to set a max width for graph's column. I want to avoid this huge column whe... by RiccardoV Communicator in Splunk Search 09-02-2018 3 6	3	6