Splunk Search

Community Activity

How to combine my two searches to match a field from event logs with a lookup via inputcsv to output another field? I am trying to set up a report with a search string that works OK. Unfortunately, only internal Ids are used in the ... by dagnygaard Explorer in Splunk Search 06-28-2018 0 4	0	4
How to compare more that 50 column values for a specific row and so on for the next row in splunk? How to compare more than 50 column values for a specific row and so on for the next row in splunk? I have below colu... by abhi04 Communicator in Splunk Search 06-28-2018 0 5	0	5
Can eval case match a fields value as a substring to another field? Hi All, index="index1" sourcetype="SC1" OR sourcetype="SC2" \| eval Ticket_Main5 = (Ticket,1,5)\| eval Ticket_master ... by Chandras11 Communicator in Splunk Search 06-28-2018 0 10	0	10
How to assign value to a field which is not present in some of the events and compare that value with other values from other events where that field is present? How to assign value to a field which is not present in some of the events and compare that value with other values fr... by abhi04 Communicator in Splunk Search 06-28-2018 0 2	0	2
How to calculate average and percentage for fields with only names? Good Day splunkers. I have a query where i want to calculate the number of times a name came on the field, the averag... by ranjitbrhm1 Communicator in Splunk Search 06-28-2018 0 3	0	3
How to configure an event line break? I have syslog file like this: Mar 21 06:48:23 10.171.134.200 Mar 21 08:10:00 10.171.134.200 AlteonOS : 1.1.1.34 26... by beqanaveriani New Member in Splunk Search 06-28-2018 0 7	0	7
Planned outage graph logic I want to build a logic for SEARCH-2 My SEARCH -1 Gives me start and End time stamp of a Planned Outage. My SEARCH... by joydeep741 Path Finder in Splunk Search 06-27-2018 0 4	0	4
how do I filter the error logs of that particular container? I have configured splunk with http event collector on docker, so I am storing the logs of all the container into splu... by vinodvv Engager in Splunk Search 06-27-2018 0 1	0	1
Using lookup table on multivalue field to exclude events I've found some variations on this issue but nothing exactly the same. Go easy on me... I'm dealing with events that... by jpawloski Path Finder in Splunk Search 06-27-2018 1 1	1	1
How to search losing events as number of events increase? I have a search that compares an expanded multi value field against a lookup table and returns those events where at ... by jpawloski Path Finder in Splunk Search 06-27-2018 0 3	0	3
How would I remove duplicates but add up their counts? I have two sources of data. One that has an Account Name, License Key, and Account Revenue. The other has License Key... by Ragate Explorer in Splunk Search 06-27-2018 0 1	0	1
Corelating independent searches. I have 2 absolutely independent searches. Search-1 gives me the availability of server throughout the day. Sample da... by joydeep741 Path Finder in Splunk Search 06-27-2018 0 2	0	2
change column name with specified new column value in Splunk Hi, I am having correct value in current field and want to use that value as column name which is currently showing ... by vikas_baranwal Path Finder in Splunk Search 06-27-2018 0 6	0	6
How to sort by field? I am trying to get the highest used process percentage by user, however, I am unable to sort by the field I want to. ... by jackpal Path Finder in Splunk Search 06-27-2018 0 3	0	3
How to create a regex to return events with specific usernames in a field? I am trying to create a search that returns only those events that have a specific username (or part of a username) i... by adamfiore Explorer in Splunk Search 06-27-2018 0 4	0	4
Does full key value not extract properly if it starts with a number? I have created a new log message that looks like 2018-06-27 11:28:01,743 WARN TestReporting , id="LJ99YUT5F1K", tra... by msmapper Path Finder in Splunk Search 06-27-2018 0 3	0	3
How to get time between events during a search? Hi everyone, Recently I faced some issues when I try to do an advance search. My problem : I need to create table th... by ayela Engager in Splunk Search 06-27-2018 0 6	0	6
How to filter table results? Hi all! I have a table as a search result: date Country cs_username 2018-06-12 Mexico mendoza 2018-06-12 Mexi... by pierre_weg Path Finder in Splunk Search 06-27-2018 0 2	0	2
How to ignore days with no data in timechart? Hello, I want to be able to ignore days where data was not collected. I am using the following search: index="x" \| ... by tonahoyos Explorer in Splunk Search 06-27-2018 0 3	0	3
can anyone direct me to an autolookup example please? does anyone know where I might be able to find a 'dummies' guide to autolookup, with a simple example if possible? I ... by vincenp2 New Member in Splunk Search 06-27-2018 0 1	0	1
Cannot transform string with regex Hi I am trying to transform a couple of strings that are being capture in my Splunk logs The string are similar to ... by scottkurtosys New Member in Splunk Search 06-27-2018 0 5	0	5
assign value from subsearch to outer search eval I want to get a value from subsearch assigned to outer search. I am trying like this index=OUTER sourcetype=OUTER_ST... by joydeep741 Path Finder in Splunk Search 06-27-2018 0 3	0	3
Enchance search results with subsearch on different sourcetypes? (DNS src ip & timestamp with DHCP ip & timestamp) Hello Splunkers! For some time I'm trying to figure out how to feed results of a DNS blacklist check versus DHCP log... by Neur0mencer Explorer in Splunk Search 06-27-2018 0 3	0	3
How do I remove all 1 and 2 character words from a field? Hello, I have a string field containing many words and I would like to remove all 1 and 2 character words from it. H... by andrewtrobec Motivator in Splunk Search 06-27-2018 0 2	0	2
Parameter passing between 2 searches as input as well as output HI All, I need to give input from search1 to search2 and then get a single result from search 2 with the values from... by Chandras11 Communicator in Splunk Search 06-27-2018 0 7	0	7