Splunk Search

Community Activity

Can I combine eval & latest? Hi, I have scenario were i have the record sets and the number & name will keep changing based on the status Table :... by varunapj New Member in Splunk Search 05-16-2018 0 4	0	4
Remove Wildcard from Field Name I have some ticketing data being imported into Splunk for analysis. There are a couple of field names with an asterix... by makarand13 New Member in Splunk Search 05-16-2018 0 4	0	4
How to compare field values in time? We are gathering data on information tags on servers. We want to know when a specific tag value changes so that we ca... by batsonpm Path Finder in Splunk Search 05-16-2018 0 10	0	10
Multiple eval of the same field Hi all, I got some problems categorizing a custom field according to its content; to do so I am using multiple eval ... by jlelli Path Finder in Splunk Search 05-16-2018 0 2	0	2
How to find all values after a certain label in a field with regex? Hi All, I have a big text field with sample value as: Random text Location:AL432 1)ART: New order ANYTHING Locat... by Chandras11 Communicator in Splunk Search 05-16-2018 0 7	0	7
How do I look for the existence of one field within another field? For example, if I have a proxy log, and it shows User=A, then In the URL field we have "http://somesite.com/parameter... by rwmilligan Explorer in Splunk Search 05-16-2018 0 2	0	2
disable mouse hover on line chart I want to disable hover on line chart, so it should not respond to hover, just a line. I was able to remove tooltip a... by dsiob Communicator in Splunk Search 05-16-2018 3 1	3	1
Splunk maintenance Is there maintenance procedure that Splunk Enterprise/deployment/instance requires periodically to ensure high perfo... by teddyidc1101 Communicator in Splunk Search 05-16-2018 0 4	0	4
How to create a timechart with multiple values? Hello! I'm trying to make a timechart like this one below, but I have some hosts that I need to show their medium cpu... by ppatrikfr Path Finder in Splunk Search 05-16-2018 0 3	0	3
can't extract the field, below error shows up, Argument 'value' contains invalid character : ^[\d+;\d+\w+\s+\d+-\d+-\d+\s+\d+:\d+:\d+,\d+\s+[\w+::\w+.\w+.\w+.\w+.\w... by simranrathi New Member in Splunk Search 05-16-2018 0 4	0	4
Stats Question passing one field common to two sourcetypes where location is in one sourcetype to use field in second sourcetype Where am i going wrong here: I'm trying to get a list of user ID's by location and pass them up to a search which al... by Skins Path Finder in Splunk Search 05-16-2018 0 1	0	1
Error in 'eval' command: The expression is malformed. An unexpected character is reached I was getting when I run the below query, can someone give me the solution pls, below is my query: \| convert num(ac... by sarathipattam New Member in Splunk Search 05-15-2018 0 2	0	2
How do I search for multiple errors found in /var/log/messages? I want to search for the following 3 error combinations and send alert if any, some or all are found: Error #1 - pro... by damonmanni Path Finder in Splunk Search 05-15-2018 0 1	0	1
How to filter and append a value from a subsearch into the primary search? My data is in JSON format split into two different sourcetypes. Between the two sourcetypes exists a linking logID th... by brajaram Communicator in Splunk Search 05-15-2018 0 1	0	1
How to modify my search to check mvindex count before eval? Hello Splunkers, I'm trying to figure out how to apply an if statement to check the count of an index before adding ... by splunker1981 Path Finder in Splunk Search 05-15-2018 0 2	0	2
JOIN to list user per DeviceId Search is trying to show all users within the companyOu that have Mobile Iron setup (Status=Allowed) and those that d... by davidcraven02 Communicator in Splunk Search 05-15-2018 0 7	0	7
What is the best way to handle repeating fields in a single event? Hi all, What would be the best way for Splunk to handle repeating fields in a single event? For instance, one of my ... by bcarr12 Path Finder in Splunk Search 05-15-2018 0 2	0	2
What is a better way of comparing EPOCH times? I have the query below that checks for the expiration date of a certificate, converts it to epoch time, and then basi... by Kendo213 Communicator in Splunk Search 05-15-2018 0 3	0	3
How to report to see how much time a user spends on a PC? I have a search that captures when a user logs in and logs out of his PC: index=win* (EventCode=4800 OR EventCode=48... by vpatsalos New Member in Splunk Search 05-15-2018 0 1	0	1
Unicode characters in dashboards/searches Hi Is it fine to use Unicode characters as a quick way to to set checklist marks & various other formatting/make pr... by stanwin Contributor in Splunk Search 05-15-2018 5 4	5	4
Regex or rex LDAP extraction I keep trying to figure things out myself but my head is getting bruised from hitting it against my desk... I am try... by ccsfdave Builder in Splunk Search 05-15-2018 0 4	0	4
How to edit timestamp to one day previously? I have a report running in SPLUNK on a daily basis. The timestamp for this report is the "Report Date" field (i.e. to... by jackreeves Explorer in Splunk Search 05-15-2018 0 9	0	9
How to format data in a table column to print one entry on a line? Is there a way to format data in a table column to print one entry on a line? In my alert the table data shows up so... by OldManEd Builder in Splunk Search 05-15-2018 0 5	0	5
How to cluster "SMS messages" ? how to do the Grouping of text messages based on the sms content? I have a CSV file with fields mentioned below: Updated Date, SMSMessage,Sender,SMS Date,userID The SMSMessage field ... by simon21 Path Finder in Splunk Search 05-15-2018 0 1	0	1
Extract wrapped field for auto extraction Today we have messages from our application like this: 2018-May-1 12:00:00.000 [Thread=4d2ce108-c322-49ff-bcc0-380d7... by azulcactus New Member in Splunk Search 05-15-2018 0 0	0	0