Splunk Search

Community Activity

How do I find missing information from query 2 and query 1 I am trying to find missing stores from query 2 in the below script. However, it returns no results, or all results d... by benj851 Explorer in Splunk Search 08-24-2018 0 6	0	6
Charts with positive and negative values Is it possible to have charts with both positive and negative values? For example, if I have a time series that can ... by bojanz Communicator in Splunk Search 08-24-2018 0 3	0	3
How to concatenate results from the same field? Hi, I want to concatenate results from same field into string. How can I do that? e..g \|inputlookup user.csv\| tabl... by praspai Path Finder in Splunk Search 08-24-2018 0 3	0	3
How can I compare sum(bytes) in two time period using sub-search? Hi. im new to Splunk. I'm trying to compare the sum(bytes) for an hour ago, and the same hour one week before by cer... by everynameIwanti Explorer in Splunk Search 08-24-2018 0 2	0	2
Can I use join by using multiple fields from the main search to match a single field on the subsearch? I have a search with the following table as output: time customer circuit_id parent_circuit device_card 8:1... by christopheryu Communicator in Splunk Search 08-24-2018 0 4	0	4
Extract string to use for lookup Need to do a lookup using the hostname field from my events data and an asset name from my asset/cmdb data. However, ... by malmiran Path Finder in Splunk Search 08-23-2018 0 5	0	5
How to use SPL to count the number of clients of a deployment server? We know we can see the number of clients on the Forwarder Management page of the deployment server, but I want to sho... by bestSplunker Contributor in Splunk Search 08-23-2018 0 1	0	1
Extract string between 2 string Hi Community, I have a question about regex and extraction I want to extract only the string between /var/log/nginx... by serviceinfrastr Explorer in Splunk Search 08-23-2018 0 5	0	5
How do I present run time values for the past 30 days, but only display those that are greater than the average? Hello - we are looking to present daily run time values of events in a search, but only display the daily run time va... by fisuser1 Contributor in Splunk Search 08-23-2018 0 2	0	2
How does integrating Splunk Universal Forwarder into a Windows System Image work with a deployment server? Hi all, I have been working on integrating the Splunk Universal Forwarder into a system image that we will use to de... by MikeElliott Communicator in Splunk Search 08-23-2018 0 4	0	4
IF statement inside EVAL Hello, I want to divide AverageCount by AverageTotal. The problem is that Average count is separated by Sourcetype a... by tonahoyos Explorer in Splunk Search 08-23-2018 0 12	0	12
How Do I Add LatestEvent Column to a Sparkline Chart? I have a search that is currently working to give me a spark line for different event types. The search looks like th... by JordanPeterson Path Finder in Splunk Search 08-23-2018 0 2	0	2
Is using inputlookup or lookup commands the best way to capture missing URLs from my search? I have a lookup file named mylookup. The lookup is a csv with the following information: SearchString, Reported_by,... by AnthonyTibaldi Path Finder in Splunk Search 08-23-2018 0 5	0	5
How can I join multiple source types with common field and search? When I try to join three sourcetypes on CommonField, I don't get all the fields to populate in a table. Example: s... by mattbirk Explorer in Splunk Search 08-23-2018 0 2	0	2
Why does "mvexpand X" remove events with X=NULL? Why does mvexpand X remove events with X=NULL? As simple as that. It's illogical from my perspective, unless it's on... by macoo Explorer in Splunk Search 08-23-2018 4 3	4	3
How do I convert a country name to country code (or vice versa)? How do I convert a CC to a country name in Splunk, or vice versa? Since Splunk Answers won't let me post this quest... by nick405060 Motivator in Splunk Search 08-23-2018 1 6	1	6
How to use regex to reformat a field? Need assistance regex to reformat the field the field is Message. And the output is "Reason: Details: Attributes: ... by ronbuzon New Member in Splunk Search 08-23-2018 0 11	0	11
How to remove some extra options from a custom time picker? Hello, I am looking to remove some extra options from Time picker. I have disabled them through GUI (User Interface ... by AKG1_old1 Builder in Splunk Search 08-23-2018 0 7	0	7
Why are both of my new time fields are coming out as being the same when using streamstats? I'm running my search over the last 7 days and attempting to get the earliest time along with the value of the count ... by tb5821 Communicator in Splunk Search 08-23-2018 0 1	0	1
Help need to fix error "The expression is malformed. Expected LIKE." (Using rex and inputlookup) Hi, I am looking for some help on how to remove the malformed expression error coming from the query below, many th... by ChrisCLewis Communicator in Splunk Search 08-23-2018 0 7	0	7
Java SDK - Search strings syntax understanding Hello, I'm new with Java SDK and this is what I don't understand in my use of it so far : Question 1: I am using t... by michel_hc New Member in Splunk Search 08-23-2018 0 6	0	6
Combine multiple rows in one with a common key Hello, I have a log that records data bit by bit. I want to combine them to have only one row of data. ... by lyds Explorer in Splunk Search 08-23-2018 0 3	0	3
Performing Sum Calculation when Field values are combined Captured fields are Account, RequestorCode, Service, and ElapsedTime. An Account will have multiple RequestorCode, an... by limalbert Path Finder in Splunk Search 08-22-2018 0 14	0	14
how to combine more than three types of charts in one chart. hello everyone, I'd like to know how to combine three types of charts in one chart. I'd like to make just one chart ... by jenny_life Path Finder in Splunk Search 08-22-2018 0 9	0	9
On what user does splunk start after restarting it from deployment server Hi, When we restart splunk forwarder from deployment -server does it start 1) based on user defined in boot script O... by ankithreddy777 Contributor in Splunk Search 08-22-2018 0 3	0	3