Splunk Search

Community Activity

How to assign value to a field which is not present in some of the events and compare that value with other values from other events where that field is present? How to assign value to a field which is not present in some of the events and compare that value with other values fr... by abhi04 Communicator in Splunk Search 06-28-2018 0 2	0	2
How to calculate average and percentage for fields with only names? Good Day splunkers. I have a query where i want to calculate the number of times a name came on the field, the averag... by ranjitbrhm1 Communicator in Splunk Search 06-28-2018 0 3	0	3
How to configure an event line break? I have syslog file like this: Mar 21 06:48:23 10.171.134.200 Mar 21 08:10:00 10.171.134.200 AlteonOS : 1.1.1.34 26... by beqanaveriani New Member in Splunk Search 06-28-2018 0 7	0	7
Planned outage graph logic I want to build a logic for SEARCH-2 My SEARCH -1 Gives me start and End time stamp of a Planned Outage. My SEARCH... by joydeep741 Path Finder in Splunk Search 06-27-2018 0 4	0	4
how do I filter the error logs of that particular container? I have configured splunk with http event collector on docker, so I am storing the logs of all the container into splu... by vinodvv Engager in Splunk Search 06-27-2018 0 1	0	1
Using lookup table on multivalue field to exclude events I've found some variations on this issue but nothing exactly the same. Go easy on me... I'm dealing with events that... by jpawloski Path Finder in Splunk Search 06-27-2018 1 1	1	1
How to search losing events as number of events increase? I have a search that compares an expanded multi value field against a lookup table and returns those events where at ... by jpawloski Path Finder in Splunk Search 06-27-2018 0 3	0	3
How would I remove duplicates but add up their counts? I have two sources of data. One that has an Account Name, License Key, and Account Revenue. The other has License Key... by Ragate Explorer in Splunk Search 06-27-2018 0 1	0	1
Corelating independent searches. I have 2 absolutely independent searches. Search-1 gives me the availability of server throughout the day. Sample da... by joydeep741 Path Finder in Splunk Search 06-27-2018 0 2	0	2
change column name with specified new column value in Splunk Hi, I am having correct value in current field and want to use that value as column name which is currently showing ... by vikas_baranwal Path Finder in Splunk Search 06-27-2018 0 6	0	6
How to sort by field? I am trying to get the highest used process percentage by user, however, I am unable to sort by the field I want to. ... by jackpal Path Finder in Splunk Search 06-27-2018 0 3	0	3
How to create a regex to return events with specific usernames in a field? I am trying to create a search that returns only those events that have a specific username (or part of a username) i... by adamfiore Explorer in Splunk Search 06-27-2018 0 4	0	4
Does full key value not extract properly if it starts with a number? I have created a new log message that looks like 2018-06-27 11:28:01,743 WARN TestReporting , id="LJ99YUT5F1K", tra... by msmapper Path Finder in Splunk Search 06-27-2018 0 3	0	3
How to get time between events during a search? Hi everyone, Recently I faced some issues when I try to do an advance search. My problem : I need to create table th... by ayela Engager in Splunk Search 06-27-2018 0 6	0	6
How to filter table results? Hi all! I have a table as a search result: date Country cs_username 2018-06-12 Mexico mendoza 2018-06-12 Mexi... by pierre_weg Path Finder in Splunk Search 06-27-2018 0 2	0	2
How to ignore days with no data in timechart? Hello, I want to be able to ignore days where data was not collected. I am using the following search: index="x" \| ... by tonahoyos Explorer in Splunk Search 06-27-2018 0 3	0	3
can anyone direct me to an autolookup example please? does anyone know where I might be able to find a 'dummies' guide to autolookup, with a simple example if possible? I ... by vincenp2 New Member in Splunk Search 06-27-2018 0 1	0	1
Cannot transform string with regex Hi I am trying to transform a couple of strings that are being capture in my Splunk logs The string are similar to ... by scottkurtosys New Member in Splunk Search 06-27-2018 0 5	0	5
assign value from subsearch to outer search eval I want to get a value from subsearch assigned to outer search. I am trying like this index=OUTER sourcetype=OUTER_ST... by joydeep741 Path Finder in Splunk Search 06-27-2018 0 3	0	3
Enchance search results with subsearch on different sourcetypes? (DNS src ip & timestamp with DHCP ip & timestamp) Hello Splunkers! For some time I'm trying to figure out how to feed results of a DNS blacklist check versus DHCP log... by Neur0mencer Explorer in Splunk Search 06-27-2018 0 3	0	3
How do I remove all 1 and 2 character words from a field? Hello, I have a string field containing many words and I would like to remove all 1 and 2 character words from it. H... by andrewtrobec Motivator in Splunk Search 06-27-2018 0 2	0	2
Parameter passing between 2 searches as input as well as output HI All, I need to give input from search1 to search2 and then get a single result from search 2 with the values from... by Chandras11 Communicator in Splunk Search 06-27-2018 0 7	0	7
Why am I seeing Incorrect stats with appendcols/append in a pie chart? I have been trying to prepare pie chart with proper stats on types of database errors. For some unknown reasons, I am... by snayani Explorer in Splunk Search 06-27-2018 0 4	0	4
How do I pass in a default value for a single value chart? How do I pass in a default value for a single value chart? As in I am not looking to search anything for now in the ... by angersleek Path Finder in Splunk Search 06-27-2018 0 2	0	2
Search with multiple trivial 'append' commands taking much longer in Splunk 7.1 We have a dashboard that lists a series of events representing alarms that need to be 'cleared' by the user as non-is... by jhigginsmq Path Finder in Splunk Search 06-27-2018 0 0	0	0