Splunk Search

Community Activity

Need to create a Dashboard which can select multiple fields based on user selection of checkbox/ radio button. Hi all, I Need to create a Dashboard which can select multiple extracted fields based on user selection of checkbox/... by jithinmathew Explorer in Splunk Search 08-20-2018 0 4	0	4
How do I combine storage statistics of indexes with the index, sourcetype, and host? I can use a rest search from the services/data/indexesendpoint to calculate storage statistics, like the index size i... by alanzchan Path Finder in Splunk Search 08-20-2018 0 1	0	1
Advanced documentation for field extraction/transformation? I'm trying to make sense of the default access-extractions transform so that I can modify it a bit. I've been nosing... by AHinMaine Engager in Splunk Search 08-20-2018 9 4	9	4
Need help understanding how Transform "access-extractions" works Hi to all that read this, Hoping one of you might be able to provide some assistance. We have an app that is produci... by Kozanic Path Finder in Splunk Search 08-20-2018 0 1	0	1
After upgrading to 7.0.x searches, using NOT host= filters gives no results After upgrade to 7.0.x searches using NOT host= filters are giving no results with the warning in the job inspector a... by pradeepkumarg Influencer in Splunk Search 08-20-2018 0 3	0	3
How can I visualize "table _raw" in the same format as the search result for the raw events in default Splunk search screen ? When I search for my events by giving index=myindex, I get my data in the proper format. But when i try to print it o... by Upas02 Path Finder in Splunk Search 08-20-2018 0 2	0	2
Failed to reap - because of directory not empty We have a lot of theese errors in splunked.log, I have searched a lot to find an solution but to no success. ERROR D... by thbrix New Member in Splunk Search 08-20-2018 0 1	0	1
Is it possible to do a conditional stats values command A common usecase I run into is I want to join two sources of data together only if fields meet certain criteria. The ... by twhite_splunk Splunk Employee in Splunk Search 08-20-2018 0 7	0	7
check if stringa in stingb how can i make a case condition to check if StingA is in StringB? for example StingA is "xxx.com." StingB is: "a.xxx... by mcohen13 Loves-to-Learn in Splunk Search 08-20-2018 0 3	0	3
Back end query to pull the active searches running in Search Head I want to check what are the searches which are running currently or which are finalizing or which is done via our ba... by anandhalagarasa Path Finder in Splunk Search 08-20-2018 0 5	0	5
Help on complex request in order to improve the performances Hello I need help on a complex request with different indexes and with a "primary key" (host which is the name of th... by jip31 Motivator in Splunk Search 08-19-2018 0 15	0	15
Hide a column based on search criteria I want to hide a column based on some search. I have three columns. Host, Value , Unit If(host=abc) then hide the ... by sahil237888 Path Finder in Splunk Search 08-19-2018 0 8	0	8
Can someone help me with regex to remove HTML tags from fields? Hello, Could someone please help me with removing the HTML tags from fields. The data is a few sentences, such as r... by ndsouza25 New Member in Splunk Search 08-19-2018 0 12	0	12
how to calculate Throughput Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time) by rajhemant26 New Member in Splunk Search 08-18-2018 0 2	0	2
How to export a Splunk search and display it in Grafana without requiring to use their own data source? Hello I would like to export the Splunk's search and to also display it in Grafana without requiring to use their ow... by bernardchew New Member in Splunk Search 08-18-2018 0 2	0	2
How to return full count of field1, and a TRUE/FALSE field if 1 or more of the results in field1 matches a specific criteria? eventtype=X \| iplocation ClientIP \| where Country!="United States" \| eval bad=if(match(Country,"Brazil\|China\|Vietnam... by Earenhart Path Finder in Splunk Search 08-18-2018 0 3	0	3
Why does Fillnull not work without specifying a field? Hi,If I try to run this search, the value of my_null_field doesn't change to "?" \| makeresults \| table _time my_null... by 606866581 Path Finder in Splunk Search 08-18-2018 1 5	1	5
Splitting columns into rows Hi Splunk Gurus, I have an unusual requirement where I need to create two rows from one: A \| B \| C \|D \| E to Row ... by greg_cox1979 New Member in Splunk Search 08-18-2018 0 3	0	3
Limitation on number of boolean clauses within search string Is there a limitation on the number of search boolean clauses (i.e. OR, AND) within a search string? For example \|... by jcart11entergy Engager in Splunk Search 08-18-2018 0 1	0	1
Assign keys to tokenised string Hi there, Can someone help me with reading the tokenized string and assign the keys to each index retrieved. It is di... by afulamba Explorer in Splunk Search 08-17-2018 0 5	0	5
Using tstats to extract first element in multivalue field I have a field that looks something like this in the event viewer: project_sources: [ { scmEvent: { ... by BarnesLeo Engager in Splunk Search 08-17-2018 0 2	0	2
select latest timestamp of data and from second to last date. I have this data set of data coming in multiple times a day. I want to select all the latest timestamp and the lates... by michaelrosello Path Finder in Splunk Search 08-17-2018 0 3	0	3
How to extract fields from JSON data in Splunk? Hi We have the below data, out of which I wanted to extract specific data from the json format. 06/Feb/2016:16:10:... by kotig Path Finder in Splunk Search 08-17-2018 2 7	2	7
Monitoring the directories recursively Hi, I have a directory on E drive by name SPLUNK. It has 3 to 4 subdirectories in it and under each subdirectory the... by sushma7 Path Finder in Splunk Search 08-17-2018 0 8	0	8
How to calculate the average delta between each event and the event count? Hi Splunkers, Need a help in forming a splunk query. Requirement: Find the time difference (delta1, delta2,delta3..... by ankithnageshshe Path Finder in Splunk Search 08-17-2018 0 1	0	1