Splunk Search

Community Activity

Addtotals - Percentage of 2 total fields as new field Hi there, i created a table: Date \| Value1 \| Value2 \| Percentage The last line should be: "total" \| total of Valu... by ronnybruska New Member in Splunk Search 05-11-2018 0 2	0	2
How to rex multiple lines Hi there, I am a newbie in Splunk and trying to do some search using the rex. The log body is like: blah blah Dest... by garujoey Engager in Splunk Search 05-10-2018 0 6	0	6
need to replace the value of a field only when other values are present from other fields I'm trying to add more specific data to a particular field by replacing it with another value when other conditions e... by mjones414 Contributor in Splunk Search 05-10-2018 0 1	0	1
How to configure props and transforms.conf based on the rex extractions in my sample search? I need to construct props and transforms for below sample search. index=blaa sourcetype=my_source \| rex field=X__Ed... by Splunk_rocks Path Finder in Splunk Search 05-10-2018 0 11	0	11
File will not be read, seekptr checksum did not match. Last time we saw this initcrc, filename was different. You may wish to use larger initCrcLen for this sourcetype, or a CRC salt on this source. I am getting the following error due to which, the log file is not getting indexed daily. Log file name is like: db... by santosh_hb Explorer in Splunk Search 05-10-2018 0 5	0	5
How to use the timechart command to get a certain amount of time span in custom field? I have a lookup table with 3 fields: host, user, p_time The events in the lookup table will contain 12 months of dat... by brdr Contributor in Splunk Search 05-10-2018 1 6	1	6
How to highlight values from the iplocation command? I want to setup a search that determines which countries have connected to my network over the past "x" hours, and th... by jon_d_irish_ctr Path Finder in Splunk Search 05-10-2018 0 7	0	7
Missing Fields in events for specific log entries in a log file So, I have this following format for my log entries. FIELD1-FIELD2-FIELD3-FIELD4-FIELD5-FIELD6 and logs are like ..... by skallaje Engager in Splunk Search 05-10-2018 0 2	0	2
Regex not working event after validating in regex101.com This is my regex : Test Name\","value":"(?.*)},{"key" and my test string is : {"key":"Test Name","value":"GET:Corp... by macadminrohit Contributor in Splunk Search 05-10-2018 0 4	0	4
how to extract month date and year and save in a new field from _time I am trying to do field extraction from the _time only the month,date and year but just not getting it.I know strftim... by vrmandadi Builder in Splunk Search 05-10-2018 0 7	0	7
How do I filter successful events since I am getting too many? When I login I get too many logon events. How do I filter successful events? This is the query:- index="wineventlog"... by vikramyadav Contributor in Splunk Search 05-10-2018 2 1	2	1
Why am I getting duplicate logs from a particular index? I am getting duplicate logs from particular index , please let me know how to rectify this. by jyotirmayee_tri New Member in Splunk Search 05-10-2018 0 1	0	1
How to get all users searches and lookups synchronized to both search heads? I have 2 sites configured with a multisite cluster. Site 1: Indexer, manager, independent search head. Site 1: Indexe... by oliverj Communicator in Splunk Search 05-10-2018 0 5	0	5
How to replace/remove a specific character? Hi, I have the below output : "(\|01/01/16\|01/01/18\|01/05/18\|04/02/18\|05/01/17\|05/05/16\|05/08/17\|)" The desired ou... by RRajneesh New Member in Splunk Search 05-10-2018 0 4	0	4
What's wrong with this eval statement? Getting 'Error in 'eval' command: The expression is malformed. Expected ). ' Error. This is the eval statement i am using along with case but getting error. eval total=case(critical>0 AND high>0,criti... by sarwshai Communicator in Splunk Search 05-10-2018 0 10	0	10
Alternatives to Lookup Everyone, The events on splunk for me have data in the following format : ticket_num,actual_start_time,finish_time... by aamirs291 Path Finder in Splunk Search 05-10-2018 0 5	0	5
Configure timespan bucket Hi guys, I have to configure the timespan to roll data to warm, cold and frozen. The question is: How can configur... by wvalente Explorer in Splunk Search 05-10-2018 0 4	0	4
Send Drilldown Search to a New Window I want to click on an entry in a table and see the record or records behind it in a new window. I found one question ... by landen99 Motivator in Splunk Search 05-10-2018 1 17	1	17
assigning datetime field from the input file I have a file to index which has a date field ( currentdate) . How to configure the input regex so as to use this fie... by jiaqya Builder in Splunk Search 05-10-2018 0 2	0	2
update eval token with first row of a dashboard table I have two tables in a dashboard, The top one lists all the WAN links and the bottom one shows the detailed link util... by nabeel652 Builder in Splunk Search 05-10-2018 0 2	0	2
Is there a way to dedup then use a time picker? I am trying to create a report that would tell me if an item that should be available within a certain timeframe (i.e... by jeffsegal Explorer in Splunk Search 05-09-2018 0 7	0	7
Timechart using an epoch timestamp in the row instead of _time Hi, I'm using JSON extract on my rows. I want to use the value that is contained in "message.time" instead of _time... by andrewbeak Path Finder in Splunk Search 05-09-2018 0 11	0	11
splunk eval case statement compare the case-sensitive value or case-insensitive Hi Everyone, I have a very small conceptual doubt. Does the eval case do case insensitive compare or will it compare... by Chandras11 Communicator in Splunk Search 05-09-2018 0 5	0	5
Get 10 minutes before 1 minute If I search, I can see the count value of each field for one minute, and also want to know the sum count value 10 min... by mkoh New Member in Splunk Search 05-09-2018 0 4	0	4
How to calculate the size of the events per field? I have a query as follows index=abc sourcetype=def \| stats count by field_A \| eval mb=round(count/1024/1024,2) whi... by pavanae Builder in Splunk Search 05-09-2018 0 2	0	2