Splunk Search

Community Activity

Using lookup table on multivalue field to exclude events I've found some variations on this issue but nothing exactly the same. Go easy on me... I'm dealing with events that... by jpawloski Path Finder in Splunk Search 06-27-2018 1 1	1	1
How to search losing events as number of events increase? I have a search that compares an expanded multi value field against a lookup table and returns those events where at ... by jpawloski Path Finder in Splunk Search 06-27-2018 0 3	0	3
How would I remove duplicates but add up their counts? I have two sources of data. One that has an Account Name, License Key, and Account Revenue. The other has License Key... by Ragate Explorer in Splunk Search 06-27-2018 0 1	0	1
Corelating independent searches. I have 2 absolutely independent searches. Search-1 gives me the availability of server throughout the day. Sample da... by joydeep741 Path Finder in Splunk Search 06-27-2018 0 2	0	2
change column name with specified new column value in Splunk Hi, I am having correct value in current field and want to use that value as column name which is currently showing ... by vikas_baranwal Path Finder in Splunk Search 06-27-2018 0 6	0	6
How to sort by field? I am trying to get the highest used process percentage by user, however, I am unable to sort by the field I want to. ... by jackpal Path Finder in Splunk Search 06-27-2018 0 3	0	3
How to create a regex to return events with specific usernames in a field? I am trying to create a search that returns only those events that have a specific username (or part of a username) i... by adamfiore Explorer in Splunk Search 06-27-2018 0 4	0	4
Does full key value not extract properly if it starts with a number? I have created a new log message that looks like 2018-06-27 11:28:01,743 WARN TestReporting , id="LJ99YUT5F1K", tra... by msmapper Path Finder in Splunk Search 06-27-2018 0 3	0	3
How to get time between events during a search? Hi everyone, Recently I faced some issues when I try to do an advance search. My problem : I need to create table th... by ayela Engager in Splunk Search 06-27-2018 0 6	0	6
How to filter table results? Hi all! I have a table as a search result: date Country cs_username 2018-06-12 Mexico mendoza 2018-06-12 Mexi... by pierre_weg Path Finder in Splunk Search 06-27-2018 0 2	0	2
How to ignore days with no data in timechart? Hello, I want to be able to ignore days where data was not collected. I am using the following search: index="x" \| ... by tonahoyos Explorer in Splunk Search 06-27-2018 0 3	0	3
can anyone direct me to an autolookup example please? does anyone know where I might be able to find a 'dummies' guide to autolookup, with a simple example if possible? I ... by vincenp2 New Member in Splunk Search 06-27-2018 0 1	0	1
Cannot transform string with regex Hi I am trying to transform a couple of strings that are being capture in my Splunk logs The string are similar to ... by scottkurtosys New Member in Splunk Search 06-27-2018 0 5	0	5
assign value from subsearch to outer search eval I want to get a value from subsearch assigned to outer search. I am trying like this index=OUTER sourcetype=OUTER_ST... by joydeep741 Path Finder in Splunk Search 06-27-2018 0 3	0	3
Enchance search results with subsearch on different sourcetypes? (DNS src ip & timestamp with DHCP ip & timestamp) Hello Splunkers! For some time I'm trying to figure out how to feed results of a DNS blacklist check versus DHCP log... by Neur0mencer Explorer in Splunk Search 06-27-2018 0 3	0	3
How do I remove all 1 and 2 character words from a field? Hello, I have a string field containing many words and I would like to remove all 1 and 2 character words from it. H... by andrewtrobec Motivator in Splunk Search 06-27-2018 0 2	0	2
Parameter passing between 2 searches as input as well as output HI All, I need to give input from search1 to search2 and then get a single result from search 2 with the values from... by Chandras11 Communicator in Splunk Search 06-27-2018 0 7	0	7
Why am I seeing Incorrect stats with appendcols/append in a pie chart? I have been trying to prepare pie chart with proper stats on types of database errors. For some unknown reasons, I am... by snayani Explorer in Splunk Search 06-27-2018 0 4	0	4
How do I pass in a default value for a single value chart? How do I pass in a default value for a single value chart? As in I am not looking to search anything for now in the ... by angersleek Path Finder in Splunk Search 06-27-2018 0 2	0	2
Search with multiple trivial 'append' commands taking much longer in Splunk 7.1 We have a dashboard that lists a series of events representing alarms that need to be 'cleared' by the user as non-is... by jhigginsmq Path Finder in Splunk Search 06-27-2018 0 0	0	0
How to create a regex that removes everything after a second underscore? I have a regex that should remove everything after a second underscore. When I try to search with the regex, it does... by gbwilson Path Finder in Splunk Search 06-27-2018 0 3	0	3
How to split values within a field that are not separated by any characters? Hello everyone, I have this field with values that are retrieved withing "" but not separated by any character, and I... by pstamati Path Finder in Splunk Search 06-27-2018 0 10	0	10
append data from two indexes i have two indexes: index#1 contain raw event log. from this event log i calc for every domain the number of events s... by mcohen13 Loves-to-Learn in Splunk Search 06-26-2018 0 3	0	3
Getting Duplicate message when doing search for User ID (title) This is the search I used: \|rest /services/authentication/users splunk_server=local \|fields title \|rename title ... by nls7010 Path Finder in Splunk Search 06-26-2018 0 2	0	2
How to use radio button choices in case statements? Hi, I have a simple checkbox as shown below - <input type="checkbox" token="eventtype" searchWhenChanged="true"> ... by dhruv101 Path Finder in Splunk Search 06-26-2018 0 1	0	1