Splunk Search

Community Activity

How to use the timechart command to get a certain amount of time span in custom field? I have a lookup table with 3 fields: host, user, p_time The events in the lookup table will contain 12 months of dat... by brdr Contributor in Splunk Search 05-10-2018 1 6	1	6
How to highlight values from the iplocation command? I want to setup a search that determines which countries have connected to my network over the past "x" hours, and th... by jon_d_irish_ctr Path Finder in Splunk Search 05-10-2018 0 7	0	7
Missing Fields in events for specific log entries in a log file So, I have this following format for my log entries. FIELD1-FIELD2-FIELD3-FIELD4-FIELD5-FIELD6 and logs are like ..... by skallaje Engager in Splunk Search 05-10-2018 0 2	0	2
Regex not working event after validating in regex101.com This is my regex : Test Name\","value":"(?.*)},{"key" and my test string is : {"key":"Test Name","value":"GET:Corp... by macadminrohit Contributor in Splunk Search 05-10-2018 0 4	0	4
how to extract month date and year and save in a new field from _time I am trying to do field extraction from the _time only the month,date and year but just not getting it.I know strftim... by vrmandadi Builder in Splunk Search 05-10-2018 0 7	0	7
How do I filter successful events since I am getting too many? When I login I get too many logon events. How do I filter successful events? This is the query:- index="wineventlog"... by vikramyadav Contributor in Splunk Search 05-10-2018 2 1	2	1
Why am I getting duplicate logs from a particular index? I am getting duplicate logs from particular index , please let me know how to rectify this. by jyotirmayee_tri New Member in Splunk Search 05-10-2018 0 1	0	1
How to get all users searches and lookups synchronized to both search heads? I have 2 sites configured with a multisite cluster. Site 1: Indexer, manager, independent search head. Site 1: Indexe... by oliverj Communicator in Splunk Search 05-10-2018 0 5	0	5
How to replace/remove a specific character? Hi, I have the below output : "(\|01/01/16\|01/01/18\|01/05/18\|04/02/18\|05/01/17\|05/05/16\|05/08/17\|)" The desired ou... by RRajneesh New Member in Splunk Search 05-10-2018 0 4	0	4
What's wrong with this eval statement? Getting 'Error in 'eval' command: The expression is malformed. Expected ). ' Error. This is the eval statement i am using along with case but getting error. eval total=case(critical>0 AND high>0,criti... by sarwshai Communicator in Splunk Search 05-10-2018 0 10	0	10
Alternatives to Lookup Everyone, The events on splunk for me have data in the following format : ticket_num,actual_start_time,finish_time... by aamirs291 Path Finder in Splunk Search 05-10-2018 0 5	0	5
Configure timespan bucket Hi guys, I have to configure the timespan to roll data to warm, cold and frozen. The question is: How can configur... by wvalente Explorer in Splunk Search 05-10-2018 0 4	0	4
Send Drilldown Search to a New Window I want to click on an entry in a table and see the record or records behind it in a new window. I found one question ... by landen99 Motivator in Splunk Search 05-10-2018 1 17	1	17
assigning datetime field from the input file I have a file to index which has a date field ( currentdate) . How to configure the input regex so as to use this fie... by jiaqya Builder in Splunk Search 05-10-2018 0 2	0	2
update eval token with first row of a dashboard table I have two tables in a dashboard, The top one lists all the WAN links and the bottom one shows the detailed link util... by nabeel652 Builder in Splunk Search 05-10-2018 0 2	0	2
Is there a way to dedup then use a time picker? I am trying to create a report that would tell me if an item that should be available within a certain timeframe (i.e... by jeffsegal Explorer in Splunk Search 05-09-2018 0 7	0	7
Timechart using an epoch timestamp in the row instead of _time Hi, I'm using JSON extract on my rows. I want to use the value that is contained in "message.time" instead of _time... by andrewbeak Path Finder in Splunk Search 05-09-2018 0 11	0	11
splunk eval case statement compare the case-sensitive value or case-insensitive Hi Everyone, I have a very small conceptual doubt. Does the eval case do case insensitive compare or will it compare... by Chandras11 Communicator in Splunk Search 05-09-2018 0 5	0	5
Get 10 minutes before 1 minute If I search, I can see the count value of each field for one minute, and also want to know the sum count value 10 min... by mkoh New Member in Splunk Search 05-09-2018 0 4	0	4
How to calculate the size of the events per field? I have a query as follows index=abc sourcetype=def \| stats count by field_A \| eval mb=round(count/1024/1024,2) whi... by pavanae Builder in Splunk Search 05-09-2018 0 2	0	2
How to create a field with varying lengths of field values? I want to create a field which extract values, however I have some field values that I want to extract which contain ... by gilbxrtx_7 New Member in Splunk Search 05-09-2018 0 12	0	12
Why is the result number not matching? Hi - I have a query where it results in total number of results of number of people logged into an application and I... by rakeshyv0807 Explorer in Splunk Search 05-09-2018 0 8	0	8
How to search and trigger an alert if we are not getting a record for some hosts from a given host list? I have total 12 hosts which are coming through my sourcetype (input) and are below: UK1 App Server 1 UK1 App Server ... by sachinsingh2005 Explorer in Splunk Search 05-09-2018 0 9	0	9
Using conditional sum after case statement .....search \| eval Type=case(like(publishId,"%U"),"unsubscribed",like(publishId,"%S"),"subscribed") \| stats count by... by dwong2 New Member in Splunk Search 05-09-2018 0 4	0	4
timechart ratio by model Hi, below is my query index_ sourcetype=main \| stats count(eval(level="Error")) as ERRORS count(eval(level="Inform... by sarathipattam New Member in Splunk Search 05-09-2018 0 3	0	3