Splunk Search

Community Activity

	How do you create an if statement without the else? I am producing a table that will monitor what various users are searching for and I am trying to limit the amount of ... by zikpefu New Member in Splunk Search 07-16-2018 0 2	0	2
	help on eval hello i try to use the code below but everytimes i have an issue of quote or parenthesis even if i do modifications: ... by jip31 Motivator in Splunk Search 07-16-2018 0 9	0	9
	How to assign multivalued field to a variable? Hi, I'm trying to assign the multivalue field ApixRes and RestRes to a new variable result . But , it isnt working a... by Mohsin123 Path Finder in Splunk Search 07-16-2018 0 3	0	3
	How to use stats count where OR stats count where on different fields? Greetings, I'm pretty new to Splunk. I have to create a search/alert and am having trouble with the syntax. This i... by vwilson3 Path Finder in Splunk Search 07-16-2018 0 7	0	7
	Field Extractions tutorial or recommended documentation? Hi: I want to extract 3 fields from this line Create "/juanpablo/files/Splunk Info/universalforwarders.pdf" with fi... by leantricity New Member in Splunk Search 07-16-2018 0 1	0	1
	Has anybody integrated dynatrace managed 7x/appmon 7x events into splunk on premise Hi Experts, Need your support for one POC, I need to know whether we can get the dynatrace appmon/managed 7.1 alert ... by abhishekbanerje New Member in Splunk Search 07-16-2018 0 0	0	0
	How to add a character to front of result if true in an if statement? Hi, I want to use an eval if statement to add a minus onto the original value if it's is true. I am using table comma... by alex389 Engager in Splunk Search 07-16-2018 0 2	0	2
	How can I give source string dynamically in COLLECT command? I want to extract a value dynamically in a subsearch and give the value (string) to source= << string>> of COLLECT co... by tac24 New Member in Splunk Search 07-15-2018 0 2	0	2
	search not returning after map command I'm writing a search that extracts data from 2 indexes. I have 3 searches that tries to accomplish this. 1st search ... by brdr Contributor in Splunk Search 07-15-2018 0 8	0	8
	Will the below search work. \|inputlookup lookup \|map [ search index=index ESP_APPLICATION=$ESP_Application$ \|eval Actual_Start_Time='[search inde... by tvon1990 Explorer in Splunk Search 07-15-2018 0 10	0	10
	Percentage per each MEMBER per row not per all of them in chart/timechart Hi, I'm newbie here and read a little about my issue in docs and answers here but got no clue for now. I've got coupl... by psp_admins New Member in Splunk Search 07-15-2018 0 5	0	5
	splunk query for consecutive event in less than 5 s window Hi I am trying to write a query to detect IIS start stop event 3201 and 3202 respectively. I wanted to create a query... by maniishpawar Path Finder in Splunk Search 07-15-2018 0 6	0	6
	How to use rex to capture a list of fields? I have the following log data: Number of Users:3 [1]UserId:1 NumberOfUserRoles:2 [1]UserRoleCode:1 UserRoleText:... by Naren26 Path Finder in Splunk Search 07-15-2018 0 6	0	6
	Need help with Where for _time from lookup Hi all, So inherited a lookup table from former contractor and want to pull and display information based on what wa... by gabarrygowin Path Finder in Splunk Search 07-15-2018 0 4	0	4
	iplocation not showing country,city when selected "Real Time" from time range picker I am using the following iplocation query:- index="filtered_uiauditlogs" \| stats count(ip) as "Count" by ip \| appen... by kapilbk1996 Explorer in Splunk Search 07-15-2018 0 2	0	2
	Correlating audit log events I'm having trouble remembering how to correlate two separate events into one event for RHEL audit log events. Im try... by mrcusanelli New Member in Splunk Search 07-15-2018 0 3	0	3
	How can I search by a count of DIFFERENT values for a field? I am trying to create a query that monitors logins. The logic is that it should alert me if a user (UserId) attempts ... by jnicoara11 New Member in Splunk Search 07-15-2018 0 2	0	2
	rename & replace Hello, I'm new with SPL and Splunk, I have a folder that has 3 files, in the first file I have a column called Vbloc... by Lynda_Sadi1275 Path Finder in Splunk Search 07-15-2018 0 5	0	5
	regex: replace my events with _raw=Body Hi, I want to replace my events with _raw=Body can anyone help ? pl let me know the regex . Regards Shraddha by Mohsin123 Path Finder in Splunk Search 07-15-2018 0 6	0	6
	Why would a same search running on 2 different instances shows a huge difference in job size? Hello Fellow Splunkers, Need help to understand a scenario that I came across in my org. Why would the same search ru... by meenu_2017 Engager in Splunk Search 07-15-2018 0 8	0	8
	Regex : Keep Left Indention Hi, I have logs like this : Exception in thread "main" java.lang.RuntimeException: Some other message at Excepti... by Sukisen1981 Champion in Splunk Search 07-14-2018 0 6	0	6
	How to create the below view? I have a below query: index="auto_prod_cm_comparisions" sourcetype="auto_prod_details_log" source="/logs/web/output... by abhi04 Communicator in Splunk Search 07-13-2018 0 5	0	5
	Use result of set intersect for another command Hello, I am trying to use the result of an intersect to further search in one of the indexes. \| set intersect [searc... by catalinberbece New Member in Splunk Search 07-13-2018 0 4	0	4
	How to get the Max Value and Sum for each column and put in a table? All, I have been trying to figure this out, but running out of Ideas. I have the following data note the column nam... by srobinsonxtl Path Finder in Splunk Search 07-13-2018 0 2	0	2
	unable to forward squid logs when i add to log format xforwarder unable to forward squid logs when i add to log format xforwarder i am currently forwarding from my squid servers to ... by bobmccoy Explorer in Splunk Search 07-13-2018 0 0	0	0