Splunk Search

Community Activity

In field extraction, how to do the matching between them and increment the result? Hi everyone, I'm looking to have this result: For that I have 2 lines in my file: Question: Service + IdTransac... by omarka New Member in Splunk Search 07-03-2018 0 11	0	11
Translating string in search string In my search strings I often rename columns using "AS". Is there a way I can expose those as parameters so that when ... by derekf Explorer in Splunk Search 07-03-2018 0 3	0	3
where clause evaluates differently with presence of fields in prior table command I am putting a query to findout all SSH connection between internal network and external network. Logic I am trying... by sdesigowda New Member in Splunk Search 07-03-2018 0 4	0	4
How do you turn this test string into a regular expression Hello How do you convert the following test string to a regular expression, if the test string contains spaces? Beca... by Danielle2018V New Member in Splunk Search 07-03-2018 0 2	0	2
How to plot max system load against the actual load? I have the following simple query: index=os sourcetype=vmstat tag=dcv-na \| eval MaxLoad = 28 \| timechart max(loadA... by jackpal Path Finder in Splunk Search 07-03-2018 0 3	0	3
How can I use the value of previous records field as new field value? I have a tabled data set like: ID Assessment Name Workflow Name Phase Name Process Name Step Name Step Owne... by tkwaller_2 Communicator in Splunk Search 07-03-2018 0 2	0	2
How can I concatenate tables from the same search at different time periods ? Hi, I am trying to compare the top sales of the latest week to the top sales of the previous week. I am trying to ge... by Clovisa Path Finder in Splunk Search 07-03-2018 0 2	0	2
Using Lookups in Splunk with CASE statements I am using CASE statements to evaluate value of msgcode variable below. Can this set of CASE-like statements be repla... by JuhiSaxena Explorer in Splunk Search 07-03-2018 0 2	0	2
Rex field extraction Could someone help me extract the two bold words from the following sample SAMPLE EVENT 1 2018-07-02 08:51:44,648 ht... by zacksoft Contributor in Splunk Search 07-03-2018 0 11	0	11
Multiple stats counts on different criteria Hi all, first question on Splunk Answers. I just finished the Fundamentals I training and am now wanting to do some m... by guythomasdavis Explorer in Splunk Search 07-03-2018 0 4	0	4
How to limit runtime for a search? Hi, Is there a setting to limit max runtime for a search? I don't see anything obvious. by a212830 Champion in Splunk Search 07-03-2018 0 4	0	4
Fetch the latest _raw event I have query which goes like this sourcetype="A" host=B \|rex "^(?:[^ \n]* ){2}(?P<user>\w+)"\|rex "^(?:[^... by zacksoft Contributor in Splunk Search 07-03-2018 0 1	0	1
how to see pan and zoom selected in a chart when dashboard is copied Hi, i want to send a dashboard link to someone, after selecting a zoom/pan in a chart and i want that pan to be copie... by monteiroh Explorer in Splunk Search 07-03-2018 0 12	0	12
Is there a function to create MD5 hash? Hi, is there a function to create the MD5 hash of a value? Cheers Heinz by HeinzWaescher Motivator in Splunk Search 07-03-2018 0 1	0	1
Calculate percentage between 2 reports Hello I use 2 reports with the code below index="windows-wmi" sourcetype="wmi:DiskRAMLoad" host="$field1$" (Name="m... by jip31 Motivator in Splunk Search 07-02-2018 0 4	0	4
Event count mismatch when using using `field_name="*"` and `field_name!=""` in tstats query Why is there a difference between the number of events scanned in both these queries? Using below query getting stati... by jshah24 Explorer in Splunk Search 07-02-2018 1 4	1	4
When i add a lookup search, source field goes missing Here is my query > index="test" (source="28q" OR > source="29q") \| bucket _time > span=1d as day \| rex field=_r... by premraj_vs Path Finder in Splunk Search 07-02-2018 0 1	0	1
Missing subsearch results I've created a search that is composed of two subsearches. I have a dashboard where if I search an application name,... by gbwilson Path Finder in Splunk Search 07-02-2018 0 6	0	6
Populate dropdown menu using lookup and tokens with multiple field values I am trying to populate a dropdown menu using a lookup table that contains all my server's hostname in one column and... by johnward4 Communicator in Splunk Search 07-02-2018 0 7	0	7
how to use transaction command for event spanning multiple days I'm trying to show the total HVAC usage during the day using transaction command: name=thermostatoperatingstate \| t... by jassal New Member in Splunk Search 07-02-2018 0 2	0	2
Splunk - How do i build a timeline chart to trace a transaction that has multiple asynchronous processes I would like to create a timeline view that shows the begin/end time of every event for a given transaction. The tran... by eplate New Member in Splunk Search 07-02-2018 0 2	0	2
How to merge one query with another one that has the same field? I currently have this search query: source="C:\Users\ragate\Desktop\splunk\JsonDump.txt" \| eval "LicenseKeyID"=su... by Ragate Explorer in Splunk Search 07-02-2018 0 3	0	3
Can I pass an indexed Date value to the time picker? As far as I know the time picker searches based on the time that the data was indexed in Splunk. I need to search bas... by calarie001 Explorer in Splunk Search 07-02-2018 0 5	0	5
Hybrid Search not working in Splunk Cloud "The searchhead is unable to update the peer information. Error = 'Master has multisite enabled but the search head is missing the 'multisite' attribute' for master" When I join the Hybrid Search Head to Cloud clustermaster I get this error. The searchhead is unable to update the p... by khourihan_splun Splunk Employee in Splunk Search 07-02-2018 0 2	0	2
Why is my scheduled search so much quicker than my adhoc search? Hi, I have a number of scheduled searches which run significantly faster than the same search run from the search-ba... by a212830 Champion in Splunk Search 07-02-2018 0 7	0	7