Splunk Search

Community Activity

Can we use wildcard characters in a lookup table? Can I create a lookup table with wildcard character ? I have a lookup like input,output user,USERNAME so anythi... by rakesh_498115 Motivator in Splunk Search 06-14-2018 7 9	7	9
How to create a subsearch which would generate a csv file and use this as input for another search string at same point in time. Hi all, I would like to generate the csv file form one search and use that as lookup file for another query . Here... by Veeruswathi Explorer in Splunk Search 06-14-2018 0 2	0	2
Splunk Query On Selecting The Range Of Vales For dashboard Hi Team, Would like to design the query for the below requirement where we wanted to capture 2 dash boards as below ... by Vigneshprasanna Explorer in Splunk Search 06-14-2018 0 0	0	0
Events count changing on every search HI, I am facing a weird situation. I am executing a query that will give last one day data on hourly basis. base s... by prathapkcsc Explorer in Splunk Search 06-14-2018 0 14	0	14
Regex Query Help: Need to Write a regex query for my log Below given is one section of an event. The event has multiple such sections. I want to write a regex search query so... by mintughosh Path Finder in Splunk Search 06-14-2018 0 6	0	6
input lookup get values for the lookup only Hi, I have a very Basic question. I have an index index1 and sourcetype=ST1 with fields fieldA, fieldB and fieldC. I... by Chandras11 Communicator in Splunk Search 06-14-2018 1 8	1	8
Need help in splunk regex {"runDate":"2018-05-26T02:42:42 BRT","dataDate":"20180524","jobName":"autocompleteIndexerCounters","counterList":[{"c... by pswalia06 Explorer in Splunk Search 06-14-2018 0 2	0	2
How to get only the latest values of a Parameter for each server? I have multiple Parameters and their values lister for each server. I am using the beloq command at last: chart lim... by abhi04 Communicator in Splunk Search 06-14-2018 0 1	0	1
How to convert the values of multiple fields to number? Hi All, Good day! I just want to ask for some help here.  I have multiple fields with the data I'm working on wit... by jvmerilla Path Finder in Splunk Search 06-14-2018 1 5	1	5
Subsearch Not Filtering Results I am trying to pull a list of filtered IPs from one index and then use that list as a reference to see external traff... by jcullins21 New Member in Splunk Search 06-14-2018 0 2	0	2
Line chart does not display the value zero even after setting the code to use one decimal place Hello, Seeking for any assistance on the issue I am encountering. Issue: Line chart does not display the value zer... by marklindo New Member in Splunk Search 06-13-2018 0 8	0	8
How to separate rows as column? I have trouble in manipulating the table Date contains (index, name, date). name ..... date ................ coun... by apple143 Engager in Splunk Search 06-13-2018 0 7	0	7
Why is my search resulting in "Regex: UTF-8 error: isolated byte with 0x80 bit set error" \| tstats count(host) as count WHERE index=* earliest=-1d@d latest=@d by host\|search [\|inputlookup mylast\|fields host... by saisrujan28 Explorer in Splunk Search 06-13-2018 0 6	0	6
How to get value of a field corresponding to max value of another field Hi, I have a table with the fields 'loadtime', 'application', and 'user'. First I want to compute the maximum value o... by ggangwar Path Finder in Splunk Search 06-13-2018 0 7	0	7
Average on a value over time Hi, I have this query (yes I know its ugly but it works  ) . What I need to do is present the current RSSI value (t... by dbcase Motivator in Splunk Search 06-13-2018 0 6	0	6
Returning Non-Duplicates from a table My data tells me if counts on a specific server are timing out, and we are trying to set up an alert for when this oc... by brajaram Communicator in Splunk Search 06-13-2018 0 5	0	5
Retrieve the Data from multiple searches Hi, I have something like this - Search 1 - for media customers - Summary Index A - contains data from 20th May till... by Shashank_87 Explorer in Splunk Search 06-13-2018 0 1	0	1
SPLUNK_BINDIP, web and daemon don't agree I've quickly skimmed through the answers already here, and not found a corresponding answer, although there is a ques... by grijhwani Motivator in Splunk Search 06-13-2018 1 2	1	2
Need to omit events with specific strings (info or debug) in them. I am trying to prevent debug and info events from getting logged into splunk. I created an inputs.conf and used black... by Arpit_S Path Finder in Splunk Search 06-13-2018 0 2	0	2
Eval and match create a new field I have fields like Uid and Case If the case is authentication then then my new field has to show Uid number. Case.... by Splunk_rocks Path Finder in Splunk Search 06-13-2018 0 4	0	4
Search String \| metadata type=sourcetypes index=_internal Search String \| metadata type=sourcetypes index=_internal , what is its meaning here. by lmjoin Explorer in Splunk Search 06-13-2018 0 1	0	1
How do you concatenate strings of two multi-value fields together to make one mv field? I have two multi-value fields, one contains addresses and the other contains the date and time an event occurred at s... by pjdwyer Explorer in Splunk Search 06-13-2018 0 2	0	2
regex for TIME_FORMAT in epoch milliseconds time Hey There ! I have this sort of entry in my event : startedTime: 1528840802983 this is in epoch time I was try... by Mohsin123 Path Finder in Splunk Search 06-13-2018 0 6	0	6
Case condition check issue Application logs execution time for many apis. I am interested in 2 apis with following urls. /apis/deviceservice/2.0... by mugilbala Engager in Splunk Search 06-13-2018 0 6	0	6
query a field with result from another query Hello all, I have query1 looks like below: <query1> \| fields dialog1 \| table dialog1 I want to have query2 to sear... by Cbr1sg Path Finder in Splunk Search 06-13-2018 0 3	0	3