Splunk Search

Community Activity

	How do you resolve the error "The lookup table 'windows_event_descriptions' does not exist"? Running Splunk 6.2.4. Search results are displayed but message says "22 errors occured while the search was executing... by jjryanjj New Member in Splunk Search 07-06-2018 0 9	0	9
	DispatchThread: Search auto-finalized after disk usage limit (500mb) reached One of our Splunk users is running the following search: index=customindex fieldip!=10.0.0.0/8 fieldip!="0.0.0.0" \|... by mlevsh Builder in Splunk Search 07-06-2018 0 3	0	3
	Brute Force Alarm Hello, I do a alarm that detects 10 logins in one minute, but i need to detect this 10 logins from the same ip in 1 ... by Isaor New Member in Splunk Search 07-06-2018 0 2	0	2
	How to divide events in a field by events in another field? I want to divide events in one field by events in another field that would then display in a dashboard as a single va... by Ragate Explorer in Splunk Search 07-06-2018 0 2	0	2
	downloading the Jobs that are being executed I would like to download all the jobs that are being executed currently / if possible in past. Something like the Jo... by dtakacssplunk Explorer in Splunk Search 07-06-2018 0 1	0	1
	Compare stats of current day with previous day Hi all! I am currently getting stats of current day as followed Port Count 25 25 443 75 53 990 I wan... by aqudoos Explorer in Splunk Search 07-06-2018 0 3	0	3
	Help with evaluating date Hi all, Struggling to get my Service Now times to evaluate just tickets older than 30 days. The date picker isn't p... by gabarrygowin Path Finder in Splunk Search 07-06-2018 0 3	0	3
	sourcetypes comparison for the similar data with varies filed names I had 2 different sourcetypes on each contains the Domain, hostname,ipaddress sourcer1 having data like. Domain... by svemurilv Path Finder in Splunk Search 07-06-2018 0 3	0	3
	How to do a timechart of a week with a timewrap on the previous year? Hi ! I am trying to display a timechart that gives the data of a week, and the data of the same week but one year ear... by Clovisa Path Finder in Splunk Search 07-06-2018 0 3	0	3
	How to search data for a unique user count by date? Hi, I am completely new to Splunk and I have a specific need to address so please be patient with my newbie incompet... by NealM New Member in Splunk Search 07-06-2018 0 5	0	5
	Merging Splunk Searches Hi Pros, I want to merge results of two queries together and need some help in achieving the best possible way to do... by memow8 New Member in Splunk Search 07-06-2018 0 1	0	1
	Exclude non-standard IIS result codes I am trying to get a chart of IIS result codes (mapped as sc_status) and ignore crap data. For example, one of the r... by drultima New Member in Splunk Search 07-06-2018 0 2	0	2
	Grouping Errors extracted with field extraction for to run trasform commands Hi All, I am trying to group different errors that i have extracted to run transform commands, like stats, chart, e... by VI371887 Path Finder in Splunk Search 07-06-2018 0 1	0	1
	Can I use an eval statement inside an if statement? Hi , Can I use an eval statement inside an if? I have to implement something like this : I have two fields : one ... by Mohsin123 Path Finder in Splunk Search 07-06-2018 0 10	0	10
	How to correlate events in ITSI ? How to correlate events in ITSI ? New to Splunk ITSI Example CPU and DB alerts collection based on CI match . Cur... by anurag0011 New Member in Splunk Search 07-05-2018 0 2	0	2
	Using eval from outer search to inner Hi, I am aware that an eval in the parent search cannot be used in a subsearch like this - \| eval foo = ..... \| e... by dhruv101 Path Finder in Splunk Search 07-05-2018 0 1	0	1
	Getting hold of an eval from subsearch Hello, How do I do something like this in splunk? eval base_starttime = [search index="app_event"\| eval starttime =... by dhruv101 Path Finder in Splunk Search 07-05-2018 0 2	0	2
	Removing redundancy from query Hi, I have a query with 5 joins but I am sure that this can be reduced to just one join. I cant figure out the syntax... by dhruv101 Path Finder in Splunk Search 07-05-2018 0 0	0	0
	Regex Help I'm trying to parse out the exception type and exception message from the DB Connect dbx_server logs. I'm having som... by bschaap Path Finder in Splunk Search 07-05-2018 0 5	0	5
	How to exclude events through lookup? Hi there, trying to exclude some events through the use of a lookup but it's not working for some reason: index=mai... by mmoermans Path Finder in Splunk Search 07-05-2018 0 3	0	3
	How do you see events where a variable's value is null? I am trying to see the events that have null values for a variable called 'Issuer', but I can't seem to find a way to... by pjdwyer Explorer in Splunk Search 07-05-2018 0 7	0	7
	How to use append on stats table to show count past 5 minutes? Hello, I am trying to show the last 5 minute count with a larger time period spark chart. index="iis" \|stats sparkl... by brianMiller94 Engager in Splunk Search 07-05-2018 0 2	0	2
	How do I merge two fields together and get rid of what does not match? Hi. I have two sources that I am trying to merge and dedup similar data. They both have a license key, one was longer... by Ragate Explorer in Splunk Search 07-05-2018 0 13	0	13
	Display the Results of Search Query at regular intervals of time with fixed start DateTime Hi , Currently am running below SPlunk Search Query where am using earliest=-0d@d latest=-2m. earliest=-0d@d latest... by boppana New Member in Splunk Search 07-05-2018 0 4	0	4
	How to do a common eval operation with dynamic field values? I have a splunk query index=abc sourcetype=xyz \| timechart by field1 This gives me data like _time column1 cloum... by joydeep741 Path Finder in Splunk Search 07-05-2018 0 2	0	2