Splunk Search

Community Activity

How to form key, value pairs from 2 multivalue fields? Hi I am trying to extract data from 2 multivalue fields and trying to form key value pair, for example, I have data s... by ramki1459 Explorer in Splunk Search 06-07-2018 0 1	0	1
Merge dataset from tstat with data from external *.csv file. Hello, I have to merge dataset with data from csv file. CSV file is well added. Dataset: ACTION, CLASS, CURRENT_PA... by Czakanski Engager in Splunk Search 06-07-2018 0 10	0	10
How to take the values from lookup file as an input to a search query I am trying to take the value of a field from the lookup file and passing that as an input value to a field in my sea... by akarivaratharaj Communicator in Splunk Search 06-07-2018 0 13	0	13
Comparing average to one row Hi, I'm looking for a way to take the average of a bunch of fields and compare one row to that average using a visua... by mstrozyk Engager in Splunk Search 06-07-2018 0 2	0	2
How to search for fields with empty values? I'm trying unsuccessfully to select events with fields with empty values. How can this be accomplished? My events: ... by snemiro_514 Path Finder in Splunk Search 06-07-2018 1 4	1	4
How to retrieve multiple values of a single field in a single table row? I have a few logs in this format: \|preferenceDetails:-preferenceType=BILL_NOTIFICATION,preferenceAction=OPT_IN,prefe... by Nidd Path Finder in Splunk Search 06-07-2018 0 2	0	2
How to use rex to parse Select Query in a log? Hi, I have a log like below "12","select a.a,b.b,c from a,b where a.a = b.a group by xxxx","impala",2017-06-30T00:... by dkarthik16 New Member in Splunk Search 06-06-2018 0 3	0	3
How to summarize a lot of fields with mvappend I am trying to find the standard deviation from the postfix log. I assume the following search sentence. index=postf... by takeru New Member in Splunk Search 06-06-2018 0 3	0	3
How do you pass a case or if statement value to a lookup table search? Background: I have having some issues with LDAP Identities that have the same identity name so I was trying to carve... by doodoodonk Engager in Splunk Search 06-06-2018 0 3	0	3
Using lookup table as source for search I am looking for a way to perform a search and produce results matching search results against a lookup table or vice... by tmwhitm New Member in Splunk Search 06-06-2018 0 3	0	3
Timechart grouping I am trying to analyze patterns of heap usage by Java Virtual Machine (JVM) level and 5 jvms grouped as a host. Now I... by kmahamkali New Member in Splunk Search 06-06-2018 0 11	0	11
How to reformat the table output? \| base query with some eval commands \| table a_snake, a_cat, a_dog, b_snake, b_cat, b_dog, c_snake, c_cat, c_dog H... by zacksoft Contributor in Splunk Search 06-06-2018 0 4	0	4
How to get the overall average and average per 5 minutes on a Time Chart? I have a timechart which currently outputs the average value for every 5 minutes over a period of time for the field ... by angersleek Path Finder in Splunk Search 06-06-2018 1 1	1	1
extract fields from csv file preamble I have a csv file where the column header is on the fourth line. Before that are several interesting fields which i w... by dominiquevocat SplunkTrust in Splunk Search 06-06-2018 1 13	1	13
Search shows no results but there is 1 count I have a list of services named Service1, Service2, Service3, Service4. When I do a search as follows over past 60 m... by angersleek Path Finder in Splunk Search 06-06-2018 0 6	0	6
How to work on the latest event only? I have my query ready which essentially extracts some fields and displays in a table. But I want to work on the lates... by zacksoft Contributor in Splunk Search 06-06-2018 0 6	0	6
How to add css to table inside a popup modal Hi all, I have created a dashboard with a pop-up modal, I want to add css on the table inside the pop up modal, the ... by mjlsnombrado Communicator in Splunk Search 06-06-2018 0 7	0	7
Based on the current query need to show data -2weeks and +2weeks Hi All, Need you inputs based on the below query i need to display output such as it should be -2w and +2weeks : \|... by rijinc Explorer in Splunk Search 06-06-2018 0 0	0	0
Missing starting characters in a field Hi , I am facing a strange issue like missing 2 starting characters in a field.My data is coming as a view from data... by umsundar2015 Path Finder in Splunk Search 06-06-2018 0 4	0	4
Need regex help I am runnning below query to get zipCode and Zipcount but the result is not coming. Can somebody help ? index=orion-... by pswalia06 Explorer in Splunk Search 06-05-2018 0 3	0	3
How to change the _time to values inside the event data? I want to make area graphs of data usage on individual servers based on the timestamp given in the event data and not... by twmoffit Explorer in Splunk Search 06-05-2018 0 9	0	9
How to edit my search using a start time and an end time to list the duration in my results? The below query gave me Start time, end time grouped by Job name. I want to also list the duration by subtracting end... by abhi04 Communicator in Splunk Search 06-05-2018 0 12	0	12
Calculate delta of numeric field of events paired together by transaction I am trying to calculate the difference between the values of fields that are grouped together by transaction. I am ... by jkimmel6 Explorer in Splunk Search 06-05-2018 0 7	0	7
How can we include sourcetype in the beginning of subdirectories and still have optimal searches in HUNK? We currently are using MapR and HUNK to index files of the structure: /user/mapr/(sourcetype)/(year)/(month)/(day)/(... by EricLloyd79 Builder in Splunk Search 06-05-2018 0 2	0	2
Can Splunk filter/match events and bring back neighbouring events like GNU grep? Hi, We would like to be able to search a log file for a certain pattern or string, and then be able to return neighb... by Glenn Builder in Splunk Search 06-05-2018 14 18	14	18