Splunk Search

Community Activity

How do you multiply a field value by the value's count? For example, I have the field "received_files" with 3 values: 1, 2, and 3. I already ran "convert num(received_files... by ryan_t_gavin New Member in Splunk Search 07-17-2018 0 0	0	0
How to build a srchFilter when two indexes are allowed? Hello, I am trying to build a role that would allow the users to access to two indexes (index1 and index2). The inde... by Clovisa Path Finder in Splunk Search 07-17-2018 0 2	0	2
How to display zero count in a stats table? Hi, I wonder whether someone may be able to help me please. I'm using the following stats query. `wso2_wmf(RequestC... by IRHM73 Motivator in Splunk Search 07-17-2018 1 6	1	6
How to use the time range in search query? I would like to find a error occurs in the past 30, 60 and 90 days. How to do that? by gokikrishnan198 New Member in Splunk Search 07-16-2018 0 1	0	1
how can I get data from tableelement In my dashBoard,i edit a table in sampleXML,then, The table is converted from sampleXML to HTML. and Converted code v... by flzhang132 Explorer in Splunk Search 07-16-2018 0 1	0	1
wmi.conf "interval" and "batch_size" I'm using Windows Universal Forwarder (UF) 7.1.2 in my test environment. Windows 2012 R2 (gets security event from R... by naotoyoshida New Member in Splunk Search 07-16-2018 0 0	0	0
How to rename multiple field names and bind them by one common field? Team, We have 3 different sourcetype on which endpoint/device are identified by different fieldname: sourcetype=x e... by CryoHydra Path Finder in Splunk Search 07-16-2018 0 4	0	4
How to assign numeric values based on counts? Hello, I need some help. I'm trying to make a search where I take recipient_count and assign a "value" based on how... by yagbootz48 New Member in Splunk Search 07-16-2018 0 3	0	3
Using Lookup table of known errors in search to not include in results. Hello splunk users, So I have a system that I am logging all errors to splunk. I have been getting a few false posi... by SSchaff81 New Member in Splunk Search 07-16-2018 0 2	0	2
How to eliminate duplicate rows in a scheduled lookup? I have created a search to populate a lookup periodically. index x sourcetype=y \| outputlookup abc.csv append=true ... by joydeep741 Path Finder in Splunk Search 07-16-2018 0 2	0	2
Get search results after earlier search query I have a requirement where I have to show the logs in splunk after an earlier search query. i.e Suppose I get a set o... by aravindkv805 New Member in Splunk Search 07-16-2018 0 0	0	0
Why is Splunk Python SDK export not using field extraction? Hi there, I am trying to use the Python Splunk-SDK to query results from a search, and return a specific field that... by zhatsispgx Path Finder in Splunk Search 07-16-2018 0 7	0	7
Find event with invalid JSON Trying to find a consistent way of finding events that contain invalid JSON. We've ran into all sorts of different is... by tjago11 Communicator in Splunk Search 07-16-2018 0 14	0	14
How do you create an if statement without the else? I am producing a table that will monitor what various users are searching for and I am trying to limit the amount of ... by zikpefu New Member in Splunk Search 07-16-2018 0 2	0	2
help on eval hello i try to use the code below but everytimes i have an issue of quote or parenthesis even if i do modifications: ... by jip31 Motivator in Splunk Search 07-16-2018 0 9	0	9
How to assign multivalued field to a variable? Hi, I'm trying to assign the multivalue field ApixRes and RestRes to a new variable result . But , it isnt working a... by Mohsin123 Path Finder in Splunk Search 07-16-2018 0 3	0	3
How to use stats count where OR stats count where on different fields? Greetings, I'm pretty new to Splunk. I have to create a search/alert and am having trouble with the syntax. This i... by vwilson3 Path Finder in Splunk Search 07-16-2018 0 7	0	7
Field Extractions tutorial or recommended documentation? Hi: I want to extract 3 fields from this line Create "/juanpablo/files/Splunk Info/universalforwarders.pdf" with fi... by leantricity New Member in Splunk Search 07-16-2018 0 1	0	1
Has anybody integrated dynatrace managed 7x/appmon 7x events into splunk on premise Hi Experts, Need your support for one POC, I need to know whether we can get the dynatrace appmon/managed 7.1 alert ... by abhishekbanerje New Member in Splunk Search 07-16-2018 0 0	0	0
How to add a character to front of result if true in an if statement? Hi, I want to use an eval if statement to add a minus onto the original value if it's is true. I am using table comma... by alex389 Engager in Splunk Search 07-16-2018 0 2	0	2
How can I give source string dynamically in COLLECT command? I want to extract a value dynamically in a subsearch and give the value (string) to source= << string>> of COLLECT co... by tac24 New Member in Splunk Search 07-15-2018 0 2	0	2
search not returning after map command I'm writing a search that extracts data from 2 indexes. I have 3 searches that tries to accomplish this. 1st search ... by brdr Contributor in Splunk Search 07-15-2018 0 8	0	8
Will the below search work. \|inputlookup lookup \|map [ search index=index ESP_APPLICATION=$ESP_Application$ \|eval Actual_Start_Time='[search inde... by tvon1990 Explorer in Splunk Search 07-15-2018 0 10	0	10
Percentage per each MEMBER per row not per all of them in chart/timechart Hi, I'm newbie here and read a little about my issue in docs and answers here but got no clue for now. I've got coupl... by psp_admins New Member in Splunk Search 07-15-2018 0 5	0	5
splunk query for consecutive event in less than 5 s window Hi I am trying to write a query to detect IIS start stop event 3201 and 3202 respectively. I wanted to create a query... by maniishpawar Path Finder in Splunk Search 07-15-2018 0 6	0	6