Splunk Search

Community Activity

How to override only specific fields using appendcols? Hi, Is there a way to only override specific fields only. When i use appendcols override=true, it is overriding all ... by Maniteja81 New Member in Splunk Search 05-30-2018 0 4	0	4
How does one use REGEX, FORMAT, or something else, at index time, to replace "-" with "_" i.e. application_special-source-type => application_special_source_type? Extracting "_" delimited fields from source file name (regex101.com) ([^\/]+)([^]+)([^]+)([^]+)([^]+)bro([^]+)([^]+)... by mdwecht Path Finder in Splunk Search 05-30-2018 0 3	0	3
Is there a way to apply lookup table in a real time search? Hi all, I just want to ask if there is a way that I can apply a lookup table in a real-time search? I have this colu... by jadengoho Builder in Splunk Search 05-30-2018 0 3	0	3
What is the most efficient way of comparing two indexes. I'm comparing in event1 from indexA is existing in indexB. Currently I am using join in comparing this two indexes bu... by michaelrosello Path Finder in Splunk Search 05-30-2018 0 1	0	1
prediction in splnuk hi all, i am splunk 5.0 and i tried the query below with predict function as given in the document source="hdfs://1... by splunkpoornima Communicator in Splunk Search 05-30-2018 0 16	0	16
10k row limit csv I have looked at various solutions such as editing the conf files for an app to increase the 10K limit on emailed sea... by splunkbacon Explorer in Splunk Search 05-30-2018 0 1	0	1
sort column based on dynamic parameters My table has variable columns size as Id, description, detail1, detail2, detail3, detail4, price1, price2, price3... by krishman23 Explorer in Splunk Search 05-30-2018 0 4	0	4
Parsing a JSON string in search object We changed how our data was getting into splunk instead of dealing with full JSON we're just importing the data strai... by bshega Explorer in Splunk Search 05-30-2018 1 4	1	4
How to change a search query in the Splunk Insights for Infrastructure? Currently I have incoming events (from logs). The predefined charts look like histogram of count of events for a spec... by kvaga Explorer in Splunk Search 05-30-2018 1 3	1	3
How to access a lookup table belonging to another app? I've read the documentation that if permissions are set to Global for a lookup that it can be accessed from within an... by brdr Contributor in Splunk Search 05-30-2018 1 5	1	5
Why do these searches yield such different results? index="xyz" "a.b.c.d"=xyz \| chart count by a.b Yields 232 results. In order to get field names that are more reasona... by csyvenky Path Finder in Splunk Search 05-30-2018 0 2	0	2
How to change table header alignments? The table header's alignments seem completely random. Some are aligned to the left and others are aligned to the righ... by kdimaria Communicator in Splunk Search 05-30-2018 0 2	0	2
Regular expression with lookup Blockquote I have to build a table that lists all the service names that are in particular format for e.g "ABC-*.-<... by stang1234 New Member in Splunk Search 05-30-2018 0 5	0	5
Can one Search Head Cluster search across multiple Indexer Clusters? Hi, I am wondering if one Search Head Cluster can search across multiple Indexer Clusters. I have found this doc htt... by earakam Path Finder in Splunk Search 05-30-2018 1 5	1	5
How to change the conditional by event name? I have this splunk query that returns two fields, "audit_event_name" (the name of the event) and "failureRate" (the r... by mauricio2354 Explorer in Splunk Search 05-30-2018 0 2	0	2
Milliseconds timestamp for syslog udp 514 is not working with no_appending_timestamp=false (default) May 25 15:21:44 192.168.1.1 2097826: T2-D1-BDS LC/0/0/CPU0:May 25 15:21:44.362 GMT: npu_driver[273]: %L2-PLIM_ETHER-2... by deodion Path Finder in Splunk Search 05-30-2018 1 1	1	1
Comparing field value results to values(alphanumeric) in lookup file I am trying to compare the field values of a lookup file(alphanumeric values) to the my search results. Please help m... by harishkothandar Engager in Splunk Search 05-30-2018 0 1	0	1
Average and Max of Timecharted output Hi All, I am trying to find out the average and maximum value from the timechart output but failed. Could you please... by siva_cg Path Finder in Splunk Search 05-30-2018 0 1	0	1
replace values within a chart command I have a search that looks at a index that has the user and a single group they belong to as shown below: I then use ... by bsstewart Explorer in Splunk Search 05-30-2018 0 6	0	6
How to use replace in search? Hi How to replace a character in a field value with another character? I have below field value, I have to replace @... by kiran331 Builder in Splunk Search 05-30-2018 0 2	0	2
subsearch with two events I have two different types of logs and like to combine both and shows Body message. eaxmple logs as below Type1 ... by jayaraj1717 New Member in Splunk Search 05-30-2018 0 1	0	1
How to extract a decimal value, find the difference between them, and generate a report by the hour? Below is the Splunk string and I want to find the difference between Original cost:: and Validation Cost::, plea... by gopalreddyv New Member in Splunk Search 05-30-2018 0 1	0	1
How to show custom message Below is the source of my code. I want to display "A Custom Message" instead of "No results found" I tried many ways ... by splunking1t New Member in Splunk Search 05-30-2018 0 6	0	6
Auto forward logs to Splunk platform Dear all. recently, i am try to use Splunk Free , how can i take the forwarder auto send logs to receiver after inst... by lllidan New Member in Splunk Search 05-30-2018 0 1	0	1
Why am I getting error "The lookup table 'mylookuptable' does not exist. It is referenced by configuration 'my_lookuptype'"? I have this data below and I want a flow chart of start time and end time on the x-axis and cmd1, cmd2......on the y-... by ravigampa New Member in Splunk Search 05-30-2018 0 4	0	4