Splunk Search

Community Activity

Spunk Search Query for Trimming and Grouping Hi, I have a CSV named Results2018. It has fields Group, Server, Issue. The field Issue has information about CPU ... by mbasharat Builder in Splunk Search 06-30-2018 0 6	0	6
How to configure Splunk statistics table to display more than 100 rows? Hi all, How to configure Splunk statistics table to display more than 100 rows? can this be achieved by editing a sp... by mjlsnombrado Communicator in Splunk Search 06-30-2018 1 1	1	1
Does a saved search get a new sid each time it runs? I'm trying to use the REST API to get the results of a search. I need to run a saved search daily and then extract t... by ericlarsen Path Finder in Splunk Search 06-30-2018 0 4	0	4
Confused with Trigger Conditions - Confused by Documentation I am reading the documentation at the following page: http://docs.splunk.com/Documentation/Splunk/7.1.1/Alert/AlertTr... by rogue_carrot Communicator in Splunk Search 06-30-2018 0 3	0	3
\| tstats to include data enrichment from a lookup Hi, How can I use a tstats search, to match against a result and then OUTPUT additional content from the lookup wher... by jacqu3sy Path Finder in Splunk Search 06-30-2018 0 3	0	3
Alternative of list(x) Is there any alternative to list() function as it has limitation to return only 100 values? i have a multivalue list ... by sindhoo Engager in Splunk Search 06-30-2018 0 5	0	5
If event X then event Y occurred Return no results, If just X occured return results I am trying to perform a search to return only results that are "Broke". Broke means Event 7000 with a specific Messa... by benj851 Explorer in Splunk Search 06-30-2018 0 3	0	3
How can i use a field value from lookup file to set my earliest time for search dynamically ? Hi, I have a PriorityEngines.csv lookup file like this - EngineName,TimePeriod Engine1,5 Engine2,10 Engine3,12 I hav... by Upas02 Path Finder in Splunk Search 06-30-2018 0 3	0	3
How to return events from a different time range dependent upon field value? Completely new to Splunk, and hoping to find help with a search I'm using for a dashboard, but cannot get this workin... by ShaunSutton New Member in Splunk Search 06-30-2018 0 4	0	4
adding multiple fields and value for fillnull Following search is working perfectly fine. If field1 is Null it gets substitute by RandomString1 search \| fillnull ... by ataunk Explorer in Splunk Search 06-30-2018 0 8	0	8
Using streamstats to track currently active values Given input like this: id, action, message 1, add, Adding this thing 2, add, Adding this other thing , ... by vbumgarner Contributor in Splunk Search 06-30-2018 3 19	3	19
How do scheduled searches work? General question about how scheduling searching behaves, we have a 3 node SH cluster and couple of indexers, and th... by perfecto25 Path Finder in Splunk Search 06-30-2018 0 6	0	6
OTHER option in timechart doesn't work Hi Splunkers, I have search like this: index="myindex" host="myhost" \| timechart span=1month latest(all_cnt) as "Num... by amresovci New Member in Splunk Search 06-30-2018 0 1	0	1
How to join two searches? Hi, I am trying to join two of my searches in splunk using a common field uniqueID but I am getting a error in Splunk... by Shashank_87 Explorer in Splunk Search 06-30-2018 0 4	0	4
How to access values from event in Splunk I want to access the values of the events that are coming after splunk search . Data is coming in below format on t... by gauravepi Path Finder in Splunk Search 06-30-2018 0 2	0	2
CIM version check How do you check your CIM version info if you are using Splunk Managed Cloud Service? by kevinleeV New Member in Splunk Search 06-30-2018 0 3	0	3
transaction alternative Have data in the following format ; 1:26:[06/28/2018][08:00:00.149][6959][3868982128][s537565/r17][servername1][filen... by jhnworks New Member in Splunk Search 06-30-2018 0 1	0	1
How to use If and Not statement in one pass? Hello all, What's the best way to use a NOT statement in an if statement. I'm trying to accomplish something simila... by splunker1981 Path Finder in Splunk Search 06-29-2018 0 2	0	2
How to search for a keyword2 with in 10 minutes after keyword1 occured in events? I have a events log something like this, 2018-06-29 03:34:23.090 -5 Thread-55 CM 6107 1 Content Manager is ... by SapthagiriAavik Explorer in Splunk Search 06-29-2018 0 1	0	1
map command usage for a adding a new column I have a SEARCH-1 Which Gives results like -time column1 column2 I want to run a secondary search for each value... by joydeep741 Path Finder in Splunk Search 06-29-2018 0 1	0	1
How can I add where statement but only if something matches Hello experts, I have a search that I am trying to add a where statement to which compares fieldvalueA to fieldvalue... by splunker1981 Path Finder in Splunk Search 06-29-2018 0 4	0	4
Extra indexed field in _meta require * in search query Hi, I have an inputs.conf as below in my UniversalForwarder [monitor::///private/var/log/system.log] _meta = serial... by jeanmatthieu Explorer in Splunk Search 06-29-2018 1 4	1	4
Find duplicate events for a pattern that occurred in the same timestamp My requirement is to find duplicate events for a pattern that occurred in the same 'second' of timestamp after stripp... by gbehl New Member in Splunk Search 06-29-2018 0 4	0	4
How to do system wide search concurreny (Adhoc + Scheduled)? Hello Splunkers, I'am trying to understand the concept of Search head concurrency. I have a SHC with three search h... by ankithnageshshe Path Finder in Splunk Search 06-29-2018 0 1	0	1
Issues with OMS Query Filters Use case: I want to pull a specific set of security events from OMS into Splunk. Within OMS log search, querying for:... by blangrill Explorer in Splunk Search 06-29-2018 1 8	1	8