Splunk Search

Community Activity

How to typecast integer to string and save that to a new field? I have a numeric field that needs to be string to put be CIM compliant. I tried using tostring, but it still shows u... by DEAD_BEEF Builder in Splunk Search 06-07-2018 0 0	0	0
Joining multiple tables - about 3 or more tables I have about 4 different tables that i am trying to join table 1 and table two have a common id, sys_id and when yo... by Bentash Explorer in Splunk Search 06-07-2018 0 2	0	2
I'm not able to exclude maintenance time from my events when I use inputlookup. Any tips? I used this query: index="abc" source="xyz" \| search [inputlookup example] \| eval End=strptime("End_Date_Time","%Y/%... by tchintam Path Finder in Splunk Search 06-07-2018 0 22	0	22
return function on field with spaces Hello - searched, but no answer found. ...\| return 10 "Name of Field" Gives: Name="" of="" Field="" I know that ... by kwanx Explorer in Splunk Search 06-07-2018 0 9	0	9
how to expand multi value fields with different values in column values Dear Experts, Please provide a valuable solution for my problem. I am having the fields from JSON which is having mu... by Rajkumarkbm22 New Member in Splunk Search 06-07-2018 0 3	0	3
Can i use comparations and conditional like function with search Hi team i would like to use something like that \| eval foo=if(like(Description,"%[search index=prueba \| fields u_id_... by evinasco Communicator in Splunk Search 06-07-2018 0 2	0	2
What sort of regular expressions does splunk use? Just curious about this. Most of the regular expressions I see splunk use look nothing like standard/posix regular ex... by msarro Builder in Splunk Search 06-07-2018 4 8	4	8
How to write this type of return query? My query is: search[\|inputlookup abc \| stats count(Numbers) as sum\| eval end=strptime(End_Date_Time,"%Y/%m/%d %H:%M:... by tchintam Path Finder in Splunk Search 06-07-2018 0 4	0	4
Skipped SavedSearches Hi! I get sometimes messages that some savedsearches are skipped. The only information what I get is an event in th... by RobertRi Communicator in Splunk Search 06-07-2018 0 2	0	2
Combine 2 separate searches and display on a single Time Chart I am trying to combine the results from 2 different search queries into a single time chart. I am using "Shared Time ... by angersleek Path Finder in Splunk Search 06-07-2018 0 1	0	1
Data count issues using \| where _time>=info_min_time AND (_time<=info_max_time OR info_max_time="+Infinity") on a .csv to be able to search based on time Using \| where _time>=info_min_time AND (_time<=info_max_time OR info_max_time="+Infinity") on a .csv to be able to se... by Bentash Explorer in Splunk Search 06-07-2018 0 12	0	12
how to expand multi value fields with different formats Hi , I want to expand as erach event for the attached example by Rajkumarkbm2 Explorer in Splunk Search 06-07-2018 0 2	0	2
Search earliest"-10m" based on a datetime field from the event and not from the indexed time Hi, i want to search the events from the last 10 minutes based on the secondary datetime field from a event. Normal... by criedman Explorer in Splunk Search 06-07-2018 0 2	0	2
Show the a particular percentage using Single Value Hello Splunkers, I've been trying to show in a Single Value Visualization 3 different percentage values. My search ... by JRamirezEnosys Explorer in Splunk Search 06-07-2018 0 5	0	5
Chart for Events falling within same time I have events event_starttime, event_endtime, event_duration, event_name I want chart of events falling in common ti... by manuarora12 New Member in Splunk Search 06-07-2018 0 3	0	3
Lookup Tabel with UrLs Looking for assistance in creating a lookup table with UrLs, my syntax below does not work. Any ideas on how to use a... by tmwhitm New Member in Splunk Search 06-07-2018 0 4	0	4
How to form key, value pairs from 2 multivalue fields? Hi I am trying to extract data from 2 multivalue fields and trying to form key value pair, for example, I have data s... by ramki1459 Explorer in Splunk Search 06-07-2018 0 1	0	1
Merge dataset from tstat with data from external *.csv file. Hello, I have to merge dataset with data from csv file. CSV file is well added. Dataset: ACTION, CLASS, CURRENT_PA... by Czakanski Engager in Splunk Search 06-07-2018 0 10	0	10
How to take the values from lookup file as an input to a search query I am trying to take the value of a field from the lookup file and passing that as an input value to a field in my sea... by akarivaratharaj Communicator in Splunk Search 06-07-2018 0 13	0	13
Comparing average to one row Hi, I'm looking for a way to take the average of a bunch of fields and compare one row to that average using a visua... by mstrozyk Engager in Splunk Search 06-07-2018 0 2	0	2
How to search for fields with empty values? I'm trying unsuccessfully to select events with fields with empty values. How can this be accomplished? My events: ... by snemiro_514 Path Finder in Splunk Search 06-07-2018 1 4	1	4
How to retrieve multiple values of a single field in a single table row? I have a few logs in this format: \|preferenceDetails:-preferenceType=BILL_NOTIFICATION,preferenceAction=OPT_IN,prefe... by Nidd Path Finder in Splunk Search 06-07-2018 0 2	0	2
How to use rex to parse Select Query in a log? Hi, I have a log like below "12","select a.a,b.b,c from a,b where a.a = b.a group by xxxx","impala",2017-06-30T00:... by dkarthik16 New Member in Splunk Search 06-06-2018 0 3	0	3
How to summarize a lot of fields with mvappend I am trying to find the standard deviation from the postfix log. I assume the following search sentence. index=postf... by takeru New Member in Splunk Search 06-06-2018 0 3	0	3
How do you pass a case or if statement value to a lookup table search? Background: I have having some issues with LDAP Identities that have the same identity name so I was trying to carve... by doodoodonk Engager in Splunk Search 06-06-2018 0 3	0	3