Splunk Search

Community Activity

Cannot transform string with regex Hi I am trying to transform a couple of strings that are being capture in my Splunk logs The string are similar to ... by scottkurtosys New Member in Splunk Search 06-27-2018 0 5	0	5
assign value from subsearch to outer search eval I want to get a value from subsearch assigned to outer search. I am trying like this index=OUTER sourcetype=OUTER_ST... by joydeep741 Path Finder in Splunk Search 06-27-2018 0 3	0	3
Enchance search results with subsearch on different sourcetypes? (DNS src ip & timestamp with DHCP ip & timestamp) Hello Splunkers! For some time I'm trying to figure out how to feed results of a DNS blacklist check versus DHCP log... by Neur0mencer Explorer in Splunk Search 06-27-2018 0 3	0	3
How do I remove all 1 and 2 character words from a field? Hello, I have a string field containing many words and I would like to remove all 1 and 2 character words from it. H... by andrewtrobec Motivator in Splunk Search 06-27-2018 0 2	0	2
Parameter passing between 2 searches as input as well as output HI All, I need to give input from search1 to search2 and then get a single result from search 2 with the values from... by Chandras11 Communicator in Splunk Search 06-27-2018 0 7	0	7
Why am I seeing Incorrect stats with appendcols/append in a pie chart? I have been trying to prepare pie chart with proper stats on types of database errors. For some unknown reasons, I am... by snayani Explorer in Splunk Search 06-27-2018 0 4	0	4
How do I pass in a default value for a single value chart? How do I pass in a default value for a single value chart? As in I am not looking to search anything for now in the ... by angersleek Path Finder in Splunk Search 06-27-2018 0 2	0	2
Search with multiple trivial 'append' commands taking much longer in Splunk 7.1 We have a dashboard that lists a series of events representing alarms that need to be 'cleared' by the user as non-is... by jhigginsmq Path Finder in Splunk Search 06-27-2018 0 0	0	0
How to create a regex that removes everything after a second underscore? I have a regex that should remove everything after a second underscore. When I try to search with the regex, it does... by gbwilson Path Finder in Splunk Search 06-27-2018 0 3	0	3
How to split values within a field that are not separated by any characters? Hello everyone, I have this field with values that are retrieved withing "" but not separated by any character, and I... by pstamati Path Finder in Splunk Search 06-27-2018 0 10	0	10
append data from two indexes i have two indexes: index#1 contain raw event log. from this event log i calc for every domain the number of events s... by mcohen13 Loves-to-Learn in Splunk Search 06-26-2018 0 3	0	3
Getting Duplicate message when doing search for User ID (title) This is the search I used: \|rest /services/authentication/users splunk_server=local \|fields title \|rename title ... by nls7010 Path Finder in Splunk Search 06-26-2018 0 2	0	2
How to use radio button choices in case statements? Hi, I have a simple checkbox as shown below - <input type="checkbox" token="eventtype" searchWhenChanged="true"> ... by dhruv101 Path Finder in Splunk Search 06-26-2018 0 1	0	1
How to drop field name from a lookup table similar to the return function? Hi All, To give some context, the return function in Splunk when used with a subsearch allows you to drop the field ... by wills2g New Member in Splunk Search 06-26-2018 0 3	0	3
geostats individual markers (stop binning) I would like to plot all of my locations on a map, with an individual marker for each one. I know there is binspanlat... by eandres Explorer in Splunk Search 06-26-2018 0 0	0	0
How to search for average data indexed over 30, 60, 90 days by index? Splunkers, Looking for a search string that will allow me to use the time picker to see how much data has been index... by matthew_foos Path Finder in Splunk Search 06-26-2018 0 3	0	3
Input multiple values into a dashboard input I want to be able to pass multiple values to a field in a dashboard "Endpoint" . Like in the Endpoint Input I want to... by jkalra Explorer in Splunk Search 06-26-2018 0 2	0	2
Why am I getting "The lookup table '...' does not exist." errors after upgrading from Splunk 6.0.1 to 6.2.1? These are the errors I am getting: The lookup table 'endpoint_change_object_category_lookup' does not exist. It is r... by LVogeding New Member in Splunk Search 06-26-2018 0 9	0	9
Retrieve lookup data with JS Hello splunkers, i'm gonna try to be short, I'm trying to create an HTML homepage for Splunk APP and I've been trying... by ppatrikfr Path Finder in Splunk Search 06-26-2018 0 4	0	4
How to round a millisecond output? Does anyone know how to round a time readout from 00:07:06.53846153846155 to 00:07:06.54? by heybails88 Path Finder in Splunk Search 06-26-2018 0 4	0	4
Avoiding CSV lookup replication errors I've got a medium-sized (50MB) CSV lookup file with two columns (email address and server name) that I want to use. ... by Kenshiro70 Path Finder in Splunk Search 06-26-2018 0 2	0	2
Not able to override default font colour of single-value label field Hi Team, I am using dark.css in y dashboard and everything is becoming black including the lable font of a single v... by smdasim Explorer in Splunk Search 06-26-2018 0 0	0	0
How to configure multivalue field extraction? Hello, I cannot configure multivalue field extraction. I have a following event. the last 4 lines Time Stamp and ... by ninisimonishvil Path Finder in Splunk Search 06-26-2018 0 6	0	6
Count Consecutive Failed Logins Events We have our test environment in which Splunk Enterprise OVA is installed as server and Windows server (with universal... by Sagar0511 Explorer in Splunk Search 06-26-2018 1 2	1	2
Uploaded accelerated data model showing not showing all the data I downloaded an accelerated data model and uploaded it in my other search head but I am only able to see data from 1 ... by RevatiLawrence New Member in Splunk Search 06-26-2018 0 0	0	0