Splunk Search

Community Activity

search same id from different source type and fieldname I have same requestid such req123 that belong to different field name( f1 and f2 ) from two sourcetype A and B I w... by diag New Member in Splunk Search 05-28-2018 0 3	0	3
XML Field Extraction Hi, Here's a sample of my XML data. I want to get the username. I tried a field alias, but that's not working, nor... by mwcooley Explorer in Splunk Search 05-28-2018 0 13	0	13
search records limitation of 800000 records Hi All, Facing one issue with splunk for an search query records getting limited to 800000. The SLR001 total count ... by kishen2018 New Member in Splunk Search 05-27-2018 0 5	0	5
How to remove the field from search time field extraction. Hi Folks, we have on-boarded the aws log and able to see the logs. The field are extracting with key=value pair , in... by lksridhar Explorer in Splunk Search 05-27-2018 0 5	0	5
sub-search and then join with another search Hi, had facing issues in using join command , i have two search (sub-search, search)which needs to be joined togethe... by CryoHydra Path Finder in Splunk Search 05-26-2018 0 8	0	8
Sum function issues: How to convert monetary number to a number? Hi everyone, I'm beginner on Splunk I imported my data from a csv file, all the field is correct, I have 4 columns ... by jelmalem Explorer in Splunk Search 05-25-2018 1 5	1	5
Join multiple fields from xml I want to join these different product_id's from an XML file into one table: <product_detail> <product_id>1003C</... by roblr052 New Member in Splunk Search 05-25-2018 0 1	0	1
Regex quantifier: why is the result of this regex is 'arn' only? I apologize ahead for this as this is a regex question - one that I have struggled with. \| makeresults \| eval ARN="... by brdr Contributor in Splunk Search 05-25-2018 0 6	0	6
Why do the stats table columns don't match? Hi, I have this query that filters the results to a single Premise (8773). It then extracts out the premiseid, maci... by dbcase Motivator in Splunk Search 05-25-2018 0 1	0	1
Assigning User Permissions to Update Forwarders Is there a way to assign permissions to Splunk users that will allow them access to delete old forwarders from Forwar... by bteele New Member in Splunk Search 05-25-2018 0 2	0	2
Improve efficiency of search I want to compare the mailbox size from today to last week but my search is very slow and I am not sure how best to m... by davidcraven02 Communicator in Splunk Search 05-25-2018 0 7	0	7
How to have Field Values represent other field values? Hello all! I apologize for the oddly worded question. Currently, I have extracted fields from two separate log forma... by thomastaylor Communicator in Splunk Search 05-25-2018 0 4	0	4
Comparing different events timestamp Hi! I have 2 events to compare, one always comes first and the second is the result of, I want to present the time ... by pazReshef New Member in Splunk Search 05-25-2018 0 3	0	3
Search Query Limitation displaying only 800000 records Hi All, Facing an issue with splunk search query hitting limitation with 800000 records. On this below query, SLR001... by kishen2017 Path Finder in Splunk Search 05-25-2018 0 0	0	0
How can I convert a text string to a number? I have a field that contains a text string representing time ("900 ms" for example - all values are in milliseconds) ... by ptur Path Finder in Splunk Search 05-25-2018 0 3	0	3
How to show table with highest values in a column Timechart output shows me table with two columns. column one is _time and column two is interger values. example: _ti... by maniu1609 Path Finder in Splunk Search 05-25-2018 0 2	0	2
Why is my search unable to match csv data against indexed events? Hi, I am trying to search a list of IP's against the data being sent by the firewall. Since the number of IP's is la... by att35 Builder in Splunk Search 05-25-2018 0 5	0	5
evaluate mathematical expression in string Hi, Is there a fast way of evaluating the result a string like "42 + 23" as a new field? Background: a log file tha... by knielsen Contributor in Splunk Search 05-25-2018 0 4	0	4
In the job inspection report what does the value 'command.search.expand_search' relate to? Hi, I'm very new to Splunk and I'm looking at a single node instance that's being used in our office to store a lar... by Ruttager Engager in Splunk Search 05-25-2018 1 1	1	1
charting time - using time within a lookup I have a lookup file with about 100K events. What I want to do is use timechart (span each day). There is a time fie... by brdr Contributor in Splunk Search 05-25-2018 0 5	0	5
Check that all executable binary files have matching source code? It shows this error when I package my application. I don't understand what source code I should add. I don't have any... by dnamal Explorer in Splunk Search 05-25-2018 0 0	0	0
Pass a variable form subsearch but it should not be used in parent search. I have two logs. First log contain start date and end date in second log. First log query : index=abc sourcetype=abc_... by max_jay New Member in Splunk Search 05-24-2018 0 0	0	0
How can regex extract multiple values? Hi, I have the below data and query (with Regex), what I'd like to have the Regex do is extract ALL occurrences of M... by dbcase Motivator in Splunk Search 05-24-2018 0 2	0	2
Use lookup and stop matching for each entry in lookup Hi All, I am trying to use a lookup to check how many domains in a white list are actually being used. The CSV has ... by gerald_contrera Path Finder in Splunk Search 05-24-2018 0 1	0	1
Tricky behavior of escaping backslash in regex Hey folks, I am doing some regex stuff by rex command and find some tricky behavior. Error: I tried to use \ to e... by ypeng_splunk Splunk Employee in Splunk Search 05-24-2018 1 2	1	2