Splunk Search

Community Activity

Missing starting characters in a field Hi , I am facing a strange issue like missing 2 starting characters in a field.My data is coming as a view from data... by umsundar2015 Path Finder in Splunk Search 06-06-2018 0 4	0	4
Need regex help I am runnning below query to get zipCode and Zipcount but the result is not coming. Can somebody help ? index=orion-... by pswalia06 Explorer in Splunk Search 06-05-2018 0 3	0	3
How to change the _time to values inside the event data? I want to make area graphs of data usage on individual servers based on the timestamp given in the event data and not... by twmoffit Explorer in Splunk Search 06-05-2018 0 9	0	9
How to edit my search using a start time and an end time to list the duration in my results? The below query gave me Start time, end time grouped by Job name. I want to also list the duration by subtracting end... by abhi04 Communicator in Splunk Search 06-05-2018 0 12	0	12
Calculate delta of numeric field of events paired together by transaction I am trying to calculate the difference between the values of fields that are grouped together by transaction. I am ... by jkimmel6 Explorer in Splunk Search 06-05-2018 0 7	0	7
How can we include sourcetype in the beginning of subdirectories and still have optimal searches in HUNK? We currently are using MapR and HUNK to index files of the structure: /user/mapr/(sourcetype)/(year)/(month)/(day)/(... by EricLloyd79 Builder in Splunk Search 06-05-2018 0 2	0	2
Can Splunk filter/match events and bring back neighbouring events like GNU grep? Hi, We would like to be able to search a log file for a certain pattern or string, and then be able to return neighb... by Glenn Builder in Splunk Search 06-05-2018 14 18	14	18
How to merge two search heads to contain the same apps, alert, reports, dashboards, etc... ? I have two sh(s) both contain different apps, alerts, reports, dashboards, etc. I am going to upgrade SH-A(with 6.3... by Log_wrangler Builder in Splunk Search 06-05-2018 0 6	0	6
How to list all lookup files from an app? There are lots of posts about this topic; however, I used the rest command which was suggested from most of the posts... by splunkrocks2014 Communicator in Splunk Search 06-05-2018 0 1	0	1
How to get the number of events in a timechart query? Hi, I have a question about timechart query. Lets say I have a log line like: "I found XXX matches" How can I query... by niroren New Member in Splunk Search 06-05-2018 0 1	0	1
How to search in the subquery for join? I have a query that is similar to this: index=iot-productiondb source=Showers \| search serial_number="1006055" \| ren... by bshega Explorer in Splunk Search 06-05-2018 0 7	0	7
Event type disabled On the various dashboards created after the upgrade of the last Splunk Enterprice version (6.4.2) a yellow triangle i... by arkonner Path Finder in Splunk Search 06-05-2018 1 5	1	5
How to calculate the duration of a CRITICAL event? Is it possible to be able to calculate the total length of time that this host has had a CRITICAL status for if it? ... by davidcraven02 Communicator in Splunk Search 06-05-2018 0 5	0	5
I am combine two queries and calculating the percentage but. Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time) by rajhemant26 New Member in Splunk Search 06-05-2018 0 3	0	3
How to exclude field values from a column? sourcetype="rocket:access" (host="rocket0.painpoint.com" OR host="rocket5.painpoint.com") date_wday!=saturday AND dat... by zacksoft Contributor in Splunk Search 06-05-2018 0 11	0	11
Time Window feature Override with event time fields I have events that arrive present time but have time fields of something similar to index=idx_1 zone=aws event_type... by liondancer Explorer in Splunk Search 06-05-2018 0 0	0	0
How to extract fields from /services/authentication/current-context? Hello all, The command \| rest /services/authentication/current-context will return some fields like username, email... by Cbr1sg Path Finder in Splunk Search 06-04-2018 0 8	0	8
in Panel result getting unwanted "NaN" in search query getting correct result. in my Splunk query result getting result as "NaN" but i will run my query in search i will get correct result not Na... by anjneesharma New Member in Splunk Search 06-04-2018 0 6	0	6
How to configure Splunk with my python script for an external lookup? Hi, I want to build my own python code that gets parameter IP address, My script using IP2Location and return inform... by yko84108 New Member in Splunk Search 06-04-2018 0 2	0	2
SPL - Hard multisearch with reference to other events Good afternoon, I've got a quite hard task to solve with SPL. Here are JSON data: {"name":"A", "pairs":["A","B"]},... by Kozokkon Engager in Splunk Search 06-04-2018 0 2	0	2
How to use regex to obtain a single string from a string sequence? I have not used regex in my queries much. Any help in resolving this would be much helpful. I have the following lo... by Nidd Path Finder in Splunk Search 06-04-2018 0 4	0	4
Is it possible to use results_preview with a tstats search on a data model? I am running a Splunk query that looks like this below, and runs on an accelerated data model (this is not an exact q... by emiliavanderwer Explorer in Splunk Search 06-04-2018 0 0	0	0
Splunk compare date strings by queries I want to compare date strings by splunk queries please. I have 2 dropdown inputs. StartDate and EndDate I have belo... by h52huang Path Finder in Splunk Search 06-04-2018 0 1	0	1
How can I extract this field using REGEX (rex)? Hi, I have the below raw, I would like to extract MaximumBatchQuantity value, which is 20. Can someone help me with ... by sarathipattam New Member in Splunk Search 06-04-2018 0 7	0	7
Determining dates older than 90 days Hi. I have a Field called "Hire Date" The format for this appears as "4/10/2018 12:00:00 AM" Basically all the dat... by ajdyer2000 Path Finder in Splunk Search 06-04-2018 0 5	0	5