Splunk Search

Community Activity

What is the order that executes in query when I use both AND, OR in splunk query? I have two different queries like below Query 1 :- field_1!="A" AND field_2="B" OR field_1!="A" AND field_2="C" OR ... by pavanae Builder in Splunk Search 05-09-2018 0 2	0	2
How to extract the last underscore part of a field? I have a value a_b_c. How do I extract the last '_' item. So in this case it'd be 'c'. The number of of underscores i... by Splunkster45 Communicator in Splunk Search 05-09-2018 0 2	0	2
Can you cache report results and use them towards another search? I need to be able to compare report results over the period of a time. The report itself takes minutes to run for a 1... by cdion3537 New Member in Splunk Search 05-09-2018 0 1	0	1
search showing times when raw events were 0 Looking to do a search which shows start time and end time when _raw events were 0 over a say 24hr period. Trying to... by Skins Path Finder in Splunk Search 05-09-2018 0 5	0	5
Deployment architecture I have I want to send windows logs through heavy forwarder to indexer. on windows server, I install universal forwa... by rashid47010 Communicator in Splunk Search 05-09-2018 0 8	0	8
How can I look back 7 days from when an event occurred? Hey Guys, I have a daily report that is showing the # of orders planned and completed for the day. However, sometime... by auaave Communicator in Splunk Search 05-08-2018 0 3	0	3
How does Hunk search data from Hadoop? Can someone please explain in simple layman terms how Splunk SEARCHES Hadoop Data? I understand it doesn't store them... by Harishma Communicator in Splunk Search 05-08-2018 1 2	1	2
Converting smiv1 to smiv2 , cant find module Hi i am having difficulties on doing this one , can someone tell me what should i need to do to make it fix . As i c... by jadengoho Builder in Splunk Search 05-08-2018 0 0	0	0
How can I get the graph that only displays percentage when using timechart? I have a query below that is showing "PriceChangeCount", "Total" and "PriceChangeRate" in graph, How can I get the g... by Min1025 Explorer in Splunk Search 05-08-2018 0 2	0	2
Why do I see a count difference running a saved search via Splunk REST API call and running the search manually? When I run a saved search via Splunk REST API call, I get a count which is entirely different when iI run the same se... by senthilponnuswa New Member in Splunk Search 05-08-2018 0 7	0	7
Compare daily search results against expected table Hello, So I may be the victim of my own good deeds. Built an input form for the Infrastructure team to enter their ... by gabarrygowin Path Finder in Splunk Search 05-08-2018 0 10	0	10
Keep specific events and discard the rest How to filter sets of monitored logs with HF? Hi, I have a number of logs files monitored by UFs and sent to autoL... by Log_wrangler Builder in Splunk Search 05-08-2018 0 3	0	3
Tstats - What factors come into play when deciding to put a field in the beginning or after the GROUPBY section? When analyzing different tstats commands in some apps we've installed, sometimes I see fields at the beginning along ... by kazooless Explorer in Splunk Search 05-08-2018 1 8	1	8
I have a problem in creating regex for below expression? expression: 2018-02-2008:13:44\|ABC1034\|Sumit Martin\|0\|147707\|Amit\|SURESH\|\|19490616\|M\|2030 SQ 16 PERRA\|ABC E-212\|INDIA... by pal_sumit1 Path Finder in Splunk Search 05-08-2018 0 3	0	3
csv file size limit for inputs is there a file size limit for csv files for inputs ? it seems we have issues indexing a csv file which is over 250MB... by jiaqya Builder in Splunk Search 05-08-2018 0 0	0	0
Create output[Site Down] by comparing two hosts that match a field down I'm trying to create a search that will look at hosts over a period time E.G 1 week within period of time(10 - 30 min... by kuroai New Member in Splunk Search 05-08-2018 0 1	0	1
How to get the event details between two different dates? I have a splunk log in the following format: INFO com.tmobile.sfdc.reports.batch.listener.OrderJobListener - ORDER_... by karthi25 Path Finder in Splunk Search 05-08-2018 0 1	0	1
how to re-arrange the column values to corresponding rows in table Hi All, i have created the table & table is in below format... i need to display the table like below format.. Ca... by satish_tblocks New Member in Splunk Search 05-08-2018 0 4	0	4
Feels like "return" command should support argument of 0 (all). Thoughts? When performing subsearches using the return command, I am often disgusted with myself for employing a not-future-pro... by dstaulcu Builder in Splunk Search 05-08-2018 0 0	0	0
Why is sort order skewed with use of table command? Any idea why the sort order (of time) is skewed with use of the table command? Seems like, to reduce repetitive st... by dstaulcu Builder in Splunk Search 05-08-2018 0 0	0	0
How to convert hex timestamp value to index in Splunk Hi , I have the below data to index into splunk Can you advice how can i decode the hex timestamp below (5A8145B4.... by smdasim Explorer in Splunk Search 05-08-2018 0 0	0	0
joining tables miss some values hi, i have 2 tables to join and when i am using outer join, i am able t join 2 tables but not able to join all the va... by smolcj Builder in Splunk Search 05-08-2018 0 6	0	6
How can I exclude a tag from a search result? I am working on a printer log data on job completion and am doing up a search to retrieve only events with tags that ... by gilbxrtx_7 New Member in Splunk Search 05-08-2018 0 0	0	0
How to use subsearch to find which values from a subsearch populated table aren't in another search? I have two seperate sourcetypes. In the first sourcetype, I have a field memberID that also exists in the second sou... by brajaram Communicator in Splunk Search 05-08-2018 0 1	0	1
How to present the date and value not in epoch format and is there a way to add a line to the bubble chart (over the time), in order to show trend? Hi, I created a bubble chart with numeric values on the y-axis and time(epoch) on the x-axis, and the bubble size is... by matansocher Contributor in Splunk Search 05-07-2018 0 3	0	3