Splunk Search

Community Activity

Eval and match create a new field I have fields like Uid and Case If the case is authentication then then my new field has to show Uid number. Case.... by Splunk_rocks Path Finder in Splunk Search 06-13-2018 0 4	0	4
Search String \| metadata type=sourcetypes index=_internal Search String \| metadata type=sourcetypes index=_internal , what is its meaning here. by lmjoin Explorer in Splunk Search 06-13-2018 0 1	0	1
How do you concatenate strings of two multi-value fields together to make one mv field? I have two multi-value fields, one contains addresses and the other contains the date and time an event occurred at s... by pjdwyer Explorer in Splunk Search 06-13-2018 0 2	0	2
regex for TIME_FORMAT in epoch milliseconds time Hey There ! I have this sort of entry in my event : startedTime: 1528840802983 this is in epoch time I was try... by Mohsin123 Path Finder in Splunk Search 06-13-2018 0 6	0	6
Case condition check issue Application logs execution time for many apis. I am interested in 2 apis with following urls. /apis/deviceservice/2.0... by mugilbala Engager in Splunk Search 06-13-2018 0 6	0	6
query a field with result from another query Hello all, I have query1 looks like below: <query1> \| fields dialog1 \| table dialog1 I want to have query2 to sear... by Cbr1sg Path Finder in Splunk Search 06-13-2018 0 3	0	3
Increase count by 1 for every 10 Minutes Hi All, index="XXX" \|stats latest(_time) as last_seen,values(ID) as ID, count by IP_Add \| eval Filter=if(count%2=... by denamza New Member in Splunk Search 06-13-2018 0 2	0	2
How do I use rex command here? sample event: fullFormattedMessage: Device naa.60000970000297500017533030313231 performance has improved. I/O lat... by harshal94 Engager in Splunk Search 06-13-2018 0 2	0	2
how to convert days,minutes,hours and seconds to just seconds format to obtain the visualization? I have a simple lookup query as follows :- \| inputlookup ABC.csv which gives the result as follows :- Which does... by pavanae Builder in Splunk Search 06-13-2018 0 4	0	4
Calculate Time Difference between multiple event I have a use case to calculate time difference between four events. The first event is when the server receives a req... by chidex New Member in Splunk Search 06-13-2018 0 6	0	6
How to decrease the max size of index without changing data I have an index that contains 151GB data. Now, I want to change the Max Size from 500GB to 50GB. Will I lose some dat... by yxh545869419 New Member in Splunk Search 06-13-2018 0 2	0	2
Running phone uri=/services/broker/phonehome/connection is the only stanza in splunkd logs but not able to get the data Can some one help me, As I am not able to query the logs in my search head console. I dont have any errors in my splu... by RBADAMSU New Member in Splunk Search 06-13-2018 0 3	0	3
Can you combine fields from multiple search in one table? Hi I'm trying to combine fields in multiple search result in one output table as overall result, for example: Searc... by roopasree Engager in Splunk Search 06-13-2018 0 4	0	4
Where _time > 3/22/2018 I have events that only time stamp is the Splunk generated _time and I only need to return events after a certain dat... by griffinpair Path Finder in Splunk Search 06-12-2018 1 2	1	2
Dynamically populate and remove lookup entries We are attempting to replicate ArcSight's 'active list' functionality in Splunk. Is there a straight-forward means o... by dflodstrom Builder in Splunk Search 06-12-2018 0 4	0	4
How to fetch relative fields out of timechart result based on Max(column) ? I have requirement where in i have to display in a timerange, what is the peak number of request per min and correspo... by sangs8788 Communicator in Splunk Search 06-12-2018 0 2	0	2
Create Search, table and drilldown with events multivalues Hi, I have this log with the following structure. 12/06/2018 08.00:58.330 [[ACTIVE] Executetheread: '4' for queue... by Carolina Engager in Splunk Search 06-12-2018 0 5	0	5
Reduce number of searches I have about 20 searches going on in my dashboard which seems to have really slowed down the dashboard. I am trying ... by angersleek Path Finder in Splunk Search 06-12-2018 0 5	0	5
How to only include business days (excl. Sat & Sun) in my following query? Hi everyone! Recently, I got help on a query and it did what it was supposed to perfectly. Basically, I wanted to see... by sharonmok Path Finder in Splunk Search 06-12-2018 0 1	0	1
How to use timechart with counters? HI everyone I have two queries that returns an total accumulated of transactions. host="konecta-marketing" "reques... by cleal New Member in Splunk Search 06-12-2018 0 3	0	3
Dedup Sortby not working? I am trying to exclude duplicate events- first I want to only include the most recent event for each combination of v... by Tedesco1 Path Finder in Splunk Search 06-12-2018 0 8	0	8
How to include an app name as a part of the search query? Is there a way by which I can get the app name as the part of the search query. Something like index=myindex \| eval ... by nibinabr Communicator in Splunk Search 06-12-2018 2 9	2	9
Visualizations: Can eval tag (calculating token values) be used inside init, selection, progress or done? All this is happening in Splunk 6.6.2: I have a relatively complex form, with a timechart and a drilldown from it se... by arkadyz1 Builder in Splunk Search 06-12-2018 0 3	0	3
Getting user count Our logs contain user name and the corresponding agile-board he used. A user might have used multiple agile-boards ; ... by zacksoft Contributor in Splunk Search 06-12-2018 0 5	0	5
Loop to select a Range of values and display. Hi Team, I am trying to design a query here, i have a list of vales as below the requirement is that i wanna... by Vigneshprasanna Explorer in Splunk Search 06-12-2018 0 7	0	7