Splunk Search

Community Activity

	Ignore a value in a multivalue if found in another field Good day, Suppose I want to compare the data in Column A and Column B. Column B can be a multivalue field or not. If... by aamer4zangi Path Finder in Splunk Search 06-08-2018 0 6	0	6
	command to find count of specific errors I want to find number of 500 , 200 , 300 error present in the logs . I have already fields extracted for error_code s... by navd New Member in Splunk Search 06-08-2018 0 1	0	1
	Why is the below query not working? I have to list the Job_Name orderid Start_Time End_Time. i am using the below query but not getting the values for En... by abhi04 Communicator in Splunk Search 06-08-2018 0 3	0	3
	Powershell vs WMI Hi I an SPL command i use the Win32_DesktopMonitor WMI class and SPLUNK is able to use all the fields corresponding ... by jip31 Motivator in Splunk Search 06-08-2018 0 1	0	1
	Find the missed id in the Query2 compared with Query1 I have 2 queries producing some results Query1: index=foo* sourcetype="abc_uvw" activity="POST*/test1" source="/log... by arjun_krishna Explorer in Splunk Search 06-08-2018 0 0	0	0
	Spliting multiple events in a transaction column , into seperate columns Hi All, So when im running a transaction based on starts with .... ends with... i'm getting two events of the trans... by Sp3ctre1 New Member in Splunk Search 06-08-2018 0 1	0	1
	How to check if field exists in two indexes Hello, I am looking at two indexes with the same field, "hostname". I am looking to create a table of the hostname... by nkosmas_trainin New Member in Splunk Search 06-08-2018 0 1	0	1
	Extract domain part of list of emails addresses. Hi, My results are a bunch of email address, I want to display them in table grouped by their domains. What's the ... by dhabbal Explorer in Splunk Search 06-07-2018 0 2	0	2
	Maintenance Time query help Hi, I'm using a lookup which stores maintenance periods and can be used to exclude events of downtime from my main q... by tchintam Path Finder in Splunk Search 06-07-2018 0 0	0	0
	Combine and use query results contained in 2 other queries. My data model is like: Key Source Destination 1 a b 1 b c 1 a c 1 ... by h52huang Path Finder in Splunk Search 06-07-2018 0 4	0	4
	Search ID or sid i have extracted this log as i need to get the search id to get the SPL used. this is a search that triggers an alert... by teddyidc1101 Communicator in Splunk Search 06-07-2018 0 4	0	4
	Is it possible to put values of multiple fields in a field in a sequence? Hi, Is this possible to do in spl? For example I have these fields: What I need to do is to arrange it in this ... by jvmerilla Path Finder in Splunk Search 06-07-2018 0 2	0	2
	How to create a field of percentiles of a stats field I have constructed a responsetime field using eval resp=endtime-startime,now I want to get a list of percentiles from... by dragut New Member in Splunk Search 06-07-2018 0 3	0	3
	timechart span value produces different averages for the day Case 1: earliest=-1d@d latest=-0d@d ... \| timechart span=1h count as Samples, avg(duration) as avg vs. Case 2: earlie... by nk-1 Path Finder in Splunk Search 06-07-2018 0 2	0	2
	Check IP against lookup file with IP/CIDRs. Hi all, I am new to using lookups and I'm a bit confused. I've created a lookup file on my splunk instance called c... by zhatsispgx Path Finder in Splunk Search 06-07-2018 0 4	0	4
	Searching multiple indexes to get the ID-Value and other associated columns Hi there, I'm trying to join two indexes to get the id-value and ingest the data into main index. Here is my scenari... by kulsplunk Explorer in Splunk Search 06-07-2018 0 3	0	3
	How do I get host_regex to work for my log file names? Log files are: /audit/files/20180515041511.scc145.audit.log.1 /audit/files/20180515041511.scc145.audit.log.2 /audit/... by jelli5518 Engager in Splunk Search 06-07-2018 0 3	0	3
	Search two fields with same name but different values I'm trying to create a stats table in Splunk that shows the IP of VMs and the IP of the Host that supports those VMs.... by gbwilson Path Finder in Splunk Search 06-07-2018 0 1	0	1
	How to merge the results from two different indexes/sourcetypes. Hi, I have two queries, one gives me the test-case names, test-id details and lsf jobid details. Another query gives... by Maniteja81 New Member in Splunk Search 06-07-2018 0 2	0	2
	Create search with percent of total Hi all, Please help me! How to create a search with the percentage of desktops with outdated antivirus. Since events... by jfeitosa_real Path Finder in Splunk Search 06-07-2018 0 1	0	1
	question about predict so I have this query that detects anomalies in the errors from a specific source based on the mean absolute value of ... by kiamco Path Finder in Splunk Search 06-07-2018 0 1	0	1
	How to sort group by results? For example: raw data is 100,x,info=1,error=1,warn=1 101,x,info=1,error=1,warn=1 101,y,info=1,error=2,warn=1 101,y,... by ramki1459 Explorer in Splunk Search 06-07-2018 0 2	0	2
	How to write a search using my sample test data to get the expected table of results? Hi Team, I'm Facing issue in designing a query for the following requirement : Sample data : Test data : 2017-08... by Vigneshprasanna Explorer in Splunk Search 06-07-2018 0 4	0	4
	How can I chart queries over time? I have a query that end with \| table jra_conn bam_conn bib_conn jra_conn, bam_conn, bib_conn are not Splunk fields... by zacksoft Contributor in Splunk Search 06-07-2018 0 13	0	13
	Search taking much time in different app than the search app I have a Dashboard that when i open in the search app it show the results quickly, but when i open in other one it ta... by Valdemir_Splunk Explorer in Splunk Search 06-07-2018 0 1	0	1