Splunk Search

Community Activity

How can I join two searches on a common field? I'm trying to append a two tables on a common key. I am using \|appendcols but the two tables are not internally joine... by alanzchan Path Finder in Splunk Search 08-22-2018 0 1	0	1
lookuptable compare with new event I called all the errors and created to lookup-table. I want to create a job which would compare the last 5 minutes o... by Satsan Engager in Splunk Search 08-22-2018 0 2	0	2
Find Time between events, including current Time. Hello all, I've seen examples of how to find time between events using streamstats, and also to find the time since ... by jrnastase Explorer in Splunk Search 08-22-2018 0 1	0	1
Searching strings with accented characters Hello, I'm having an issue when trying to filter events based on accented characters. For instance if I look at th... by LordLeet Path Finder in Splunk Search 08-22-2018 0 6	0	6
View full source of the log file I have a need to view/export the source a log file. Requirement is to export all lines of the log file within a date/... by madsplunk123 New Member in Splunk Search 08-22-2018 0 2	0	2
What are some of the best practices for field extractions? Hi, There is some debate in our group regarding best practices for field extractions. We have a feed that has well ... by a212830 Champion in Splunk Search 08-22-2018 0 3	0	3
find max length where field name is firstName_1,firstName_2... My splunk entry is firstName_1="Tom" firstName_2="Jerry" firstName_3="Tom1" firstName_4="Jerry1" I would like to fin... by dummy1281 Engager in Splunk Search 08-22-2018 0 6	0	6
Does Anyone Have Field Definitions for Cisco IOS Technology Add-On? We have been asked to provide definitions for the following field names for events produced by parsing Cisco switch l... by masseur0802 Engager in Splunk Search 08-21-2018 1 0	1	0
One-Table Combining Different Search Results in Real-Time My end goal is to show events in one table coming from multiple searches in real time. They all have the same fields... by mlorrette Path Finder in Splunk Search 08-21-2018 0 1	0	1
How to display comparison between previous week with current week in Single Value with trendline Hi, I have a query which should ideally give me results for the Last week and the current week Request count. index... by sangs8788 Communicator in Splunk Search 08-21-2018 0 3	0	3
subsearch or lookup from search results Morning all, In short I need to be able to run a CSV lookup search against all my Splunk logs to find all SessionID... by stephenreece New Member in Splunk Search 08-21-2018 0 1	0	1
Trouble with UTC time I have some search results that return values in the format %Y-%m-%d %H:%M:%S. For example: ...some search... \| tab... by BearMormont Path Finder in Splunk Search 08-21-2018 0 1	0	1
In real-time alert, if I use lookup command, too many alerts triggered. Splunk ver 7.1.1 I'm using real-time alert that trigger when there is event which has src_ip match black_list.csv li... by yutaka1005 Builder in Splunk Search 08-21-2018 0 2	0	2
how to know the search history by user, but only the searches you type Sorry for the inconvenience, but I'm looking for a query that only shows the searches typed by users, because when I ... by efaundez Path Finder in Splunk Search 08-21-2018 0 3	0	3
Replace a column with diagonal value in a table host time timediff a 12:00 END a 11:55 1 a 11:50 ... by khavildar Explorer in Splunk Search 08-21-2018 0 5	0	5
Adding a date to a string Message I am trying to create an error message based on a time frame, the last 15 min. and now. So the error message would sa... by griffinpair Path Finder in Splunk Search 08-21-2018 0 6	0	6
count(var) by "a list of values within a field" First of all, sorry, if I am missing something really obvious here but after hours of googling I am still stuck with ... by ndey New Member in Splunk Search 08-21-2018 0 3	0	3
How to write a regex for string followed by number? Below are my 3 logs, i want to write a query, to get all the below 3 logs: *EXT_CODE[0-9]** with 1/2/3 digit follo... by arjun_krishna Explorer in Splunk Search 08-21-2018 0 8	0	8
How to find the RequestPerSec by Country using ClientIP adddress ? Hi I have a query which would list me avg, max & P95 requestpersec for the selected time range index=test client... by sangs8788 Communicator in Splunk Search 08-21-2018 0 2	0	2
How to use a lookup table to identify new open ports based on source IP I have NMAP data in Splunk that reports on open ports associated with a list of IP addresses. I'd like to create a lo... by khansonveracode New Member in Splunk Search 08-20-2018 0 1	0	1
Need to create a Dashboard which can select multiple fields based on user selection of checkbox/ radio button. Hi all, I Need to create a Dashboard which can select multiple extracted fields based on user selection of checkbox/... by jithinmathew Explorer in Splunk Search 08-20-2018 0 4	0	4
How do I combine storage statistics of indexes with the index, sourcetype, and host? I can use a rest search from the services/data/indexesendpoint to calculate storage statistics, like the index size i... by alanzchan Path Finder in Splunk Search 08-20-2018 0 1	0	1
Advanced documentation for field extraction/transformation? I'm trying to make sense of the default access-extractions transform so that I can modify it a bit. I've been nosing... by AHinMaine Engager in Splunk Search 08-20-2018 9 4	9	4
Need help understanding how Transform "access-extractions" works Hi to all that read this, Hoping one of you might be able to provide some assistance. We have an app that is produci... by Kozanic Path Finder in Splunk Search 08-20-2018 0 1	0	1
After upgrading to 7.0.x searches, using NOT host= filters gives no results After upgrade to 7.0.x searches using NOT host= filters are giving no results with the warning in the job inspector a... by pradeepkumarg Influencer in Splunk Search 08-20-2018 0 3	0	3