Splunk Search

Community Activity

Can I use an eval statement inside an if statement? Hi , Can I use an eval statement inside an if? I have to implement something like this : I have two fields : one ... by Mohsin123 Path Finder in Splunk Search 07-06-2018 0 10	0	10
How to correlate events in ITSI ? How to correlate events in ITSI ? New to Splunk ITSI Example CPU and DB alerts collection based on CI match . Cur... by anurag0011 New Member in Splunk Search 07-05-2018 0 2	0	2
Using eval from outer search to inner Hi, I am aware that an eval in the parent search cannot be used in a subsearch like this - \| eval foo = ..... \| e... by dhruv101 Path Finder in Splunk Search 07-05-2018 0 1	0	1
Getting hold of an eval from subsearch Hello, How do I do something like this in splunk? eval base_starttime = [search index="app_event"\| eval starttime =... by dhruv101 Path Finder in Splunk Search 07-05-2018 0 2	0	2
Removing redundancy from query Hi, I have a query with 5 joins but I am sure that this can be reduced to just one join. I cant figure out the syntax... by dhruv101 Path Finder in Splunk Search 07-05-2018 0 0	0	0
Regex Help I'm trying to parse out the exception type and exception message from the DB Connect dbx_server logs. I'm having som... by bschaap Path Finder in Splunk Search 07-05-2018 0 5	0	5
How to exclude events through lookup? Hi there, trying to exclude some events through the use of a lookup but it's not working for some reason: index=mai... by mmoermans Path Finder in Splunk Search 07-05-2018 0 3	0	3
How do you see events where a variable's value is null? I am trying to see the events that have null values for a variable called 'Issuer', but I can't seem to find a way to... by pjdwyer Explorer in Splunk Search 07-05-2018 0 7	0	7
How to use append on stats table to show count past 5 minutes? Hello, I am trying to show the last 5 minute count with a larger time period spark chart. index="iis" \|stats sparkl... by brianMiller94 Engager in Splunk Search 07-05-2018 0 2	0	2
How do I merge two fields together and get rid of what does not match? Hi. I have two sources that I am trying to merge and dedup similar data. They both have a license key, one was longer... by Ragate Explorer in Splunk Search 07-05-2018 0 13	0	13
Display the Results of Search Query at regular intervals of time with fixed start DateTime Hi , Currently am running below SPlunk Search Query where am using earliest=-0d@d latest=-2m. earliest=-0d@d latest... by boppana New Member in Splunk Search 07-05-2018 0 4	0	4
How to do a common eval operation with dynamic field values? I have a splunk query index=abc sourcetype=xyz \| timechart by field1 This gives me data like _time column1 cloum... by joydeep741 Path Finder in Splunk Search 07-05-2018 0 2	0	2
How to create a regex domain to not include "@" and terminate capture before ">"? Hi, I have been tinkering with regex101 for some time now and no luck. I have a field called sender Return-Path:<s... by Log_wrangler Builder in Splunk Search 07-05-2018 0 8	0	8
How to make Linechart of users logged in throughout the day with tstats? I want to make a linechart of users in a division logged in throughout the day, but I can't make the tstat search wor... by powermundsen Engager in Splunk Search 07-05-2018 0 2	0	2
Sequentially search a time range by multi-hour blocks, output each to csv Hi All! Here's my scenario: I'm searching 24 hours worth of data, but due to load I can only search in 4 hour increm... by jvesrc New Member in Splunk Search 07-05-2018 0 0	0	0
Why is the walklex command not working? Hello splunkers, I'm trying to visualize one of my .tsidx file with the splunk "walklex" command, in order to see my... by julienoud New Member in Splunk Search 07-05-2018 0 2	0	2
plus and minus in a trend calcul Hello In this piece of code, i want to add th possibility to display a percent result with + or - before the percen... by jip31 Motivator in Splunk Search 07-05-2018 0 6	0	6
tstats subsearch Hi, I have a tstats query working perfectly however I need to then cross reference a field returned with the data he... by griggsy New Member in Splunk Search 07-05-2018 0 14	0	14
How to split the value into title and value? I have a field that I extract to information from Whois this field every value is write so that the title of the valu... by mcohen13 Loves-to-Learn in Splunk Search 07-05-2018 0 2	0	2
How to group and count together the rows based on some field value in splunk? Example: I am having a search in my view code and displaying results in the form of table. small example result: cust... by gokikrishnan198 New Member in Splunk Search 07-04-2018 0 1	0	1
calculate the percentage of sum of volume between current and the previous month base search... \| eval Month = case(Month = "2018-02","Feb",Month = "2018-03","Mar", Month = "2018-04","Apr") \| eval m... by alaghumeenal New Member in Splunk Search 07-04-2018 0 11	0	11
extract date from string Hello I have string from nessus . Wed Jun 6 02:02:10 2018 . I need to extract the date . strftime and strptime re... by sravanthikand New Member in Splunk Search 07-04-2018 0 2	0	2
i have two different searches there is nothing common between both the search, I want to combine both the result as one. query 1: index=lenovo sourcetype = ticketmaster \| where Status in ("Assigned","In-Progress","New","Pending") \| stats... by dhirajyadav New Member in Splunk Search 07-04-2018 0 2	0	2
How do I change the names in the popup while keeping the legend names the same? When we plot a chart like this \| chart count time phase Lets say the legend appears as Foo Bar Hey Day When I... by dhruv101 Path Finder in Splunk Search 07-04-2018 1 7	1	7
Dissimilar results between sid & normal search I am facing a weird issue with sid. I have a saved sid with yesterday's (00:00 to 23:59) data, which is showing a dip... by Naren26 Path Finder in Splunk Search 07-04-2018 0 6	0	6