Splunk Search

Community Activity

Compare daily search results against expected table Hello, So I may be the victim of my own good deeds. Built an input form for the Infrastructure team to enter their ... by gabarrygowin Path Finder in Splunk Search 05-08-2018 0 10	0	10
Keep specific events and discard the rest How to filter sets of monitored logs with HF? Hi, I have a number of logs files monitored by UFs and sent to autoL... by Log_wrangler Builder in Splunk Search 05-08-2018 0 3	0	3
Tstats - What factors come into play when deciding to put a field in the beginning or after the GROUPBY section? When analyzing different tstats commands in some apps we've installed, sometimes I see fields at the beginning along ... by kazooless Explorer in Splunk Search 05-08-2018 1 8	1	8
I have a problem in creating regex for below expression? expression: 2018-02-2008:13:44\|ABC1034\|Sumit Martin\|0\|147707\|Amit\|SURESH\|\|19490616\|M\|2030 SQ 16 PERRA\|ABC E-212\|INDIA... by pal_sumit1 Path Finder in Splunk Search 05-08-2018 0 3	0	3
csv file size limit for inputs is there a file size limit for csv files for inputs ? it seems we have issues indexing a csv file which is over 250MB... by jiaqya Builder in Splunk Search 05-08-2018 0 0	0	0
Create output[Site Down] by comparing two hosts that match a field down I'm trying to create a search that will look at hosts over a period time E.G 1 week within period of time(10 - 30 min... by kuroai New Member in Splunk Search 05-08-2018 0 1	0	1
How to get the event details between two different dates? I have a splunk log in the following format: INFO com.tmobile.sfdc.reports.batch.listener.OrderJobListener - ORDER_... by karthi25 Path Finder in Splunk Search 05-08-2018 0 1	0	1
how to re-arrange the column values to corresponding rows in table Hi All, i have created the table & table is in below format... i need to display the table like below format.. Ca... by satish_tblocks New Member in Splunk Search 05-08-2018 0 4	0	4
Feels like "return" command should support argument of 0 (all). Thoughts? When performing subsearches using the return command, I am often disgusted with myself for employing a not-future-pro... by dstaulcu Builder in Splunk Search 05-08-2018 0 0	0	0
Why is sort order skewed with use of table command? Any idea why the sort order (of time) is skewed with use of the table command? Seems like, to reduce repetitive st... by dstaulcu Builder in Splunk Search 05-08-2018 0 0	0	0
How to convert hex timestamp value to index in Splunk Hi , I have the below data to index into splunk Can you advice how can i decode the hex timestamp below (5A8145B4.... by smdasim Explorer in Splunk Search 05-08-2018 0 0	0	0
joining tables miss some values hi, i have 2 tables to join and when i am using outer join, i am able t join 2 tables but not able to join all the va... by smolcj Builder in Splunk Search 05-08-2018 0 6	0	6
How can I exclude a tag from a search result? I am working on a printer log data on job completion and am doing up a search to retrieve only events with tags that ... by gilbxrtx_7 New Member in Splunk Search 05-08-2018 0 0	0	0
How to use subsearch to find which values from a subsearch populated table aren't in another search? I have two seperate sourcetypes. In the first sourcetype, I have a field memberID that also exists in the second sou... by brajaram Communicator in Splunk Search 05-08-2018 0 1	0	1
How to present the date and value not in epoch format and is there a way to add a line to the bubble chart (over the time), in order to show trend? Hi, I created a bubble chart with numeric values on the y-axis and time(epoch) on the x-axis, and the bubble size is... by matansocher Contributor in Splunk Search 05-07-2018 0 3	0	3
Two Nearly Identical Inputs But One Doesnt Work (PowerShell) So I have the two below in my inputs.conf the top one works, the bottom one does not. Both commands work fine when ra... by JordanPeterson Path Finder in Splunk Search 05-07-2018 0 3	0	3
Get percentage after case and stats calculations ...search \| eval Type=case(like(publishId,"%U"),"UnSubscribed",like(publishId,"%S"),"Subscribed") \| stats dc(account... by dwong2 New Member in Splunk Search 05-07-2018 0 4	0	4
search does not return anything I have tried to add to monitor several log files but so far search returns nothing I am using trial version with max ... by dvuichor New Member in Splunk Search 05-07-2018 0 7	0	7
stuck on a subsearch Hi, I have this query, what I'm trying to do is pull the mac address out of events with a 405 error dedup them then ... by dbcase Motivator in Splunk Search 05-07-2018 0 4	0	4
map command field not being evaluated I have an issue with a field within the map command not being evaluated appropriately. The scenario is this: do som... by brdr Contributor in Splunk Search 05-07-2018 0 4	0	4
get all events, except for those occurring near time of other events I need to get all the following events EventCode=4733 EXCEPT for any of those which occur within 5 s... by elyp Explorer in Splunk Search 05-07-2018 0 2	0	2
Line chart with different events I have a splunk log in following format: \|\|pool-2-thread-1\|\| INFO SUCCESSFULLY COMPLETED at END_TIME: 2018-05-07T06... by Kaviyap New Member in Splunk Search 05-07-2018 0 2	0	2
How to make this transaction work and find values from one result set that might be related to the other? I am trying to correlate two resultsets. One is a straight search of apache logs. The other is a table that that took... by MonkeyK Builder in Splunk Search 05-07-2018 0 0	0	0
Is it possible to hide, suppress or remove the column header row in a report? I have a report that looks similar to this: Is it possible to hide, suppress or remove the column header row in th... by Gawker Path Finder in Splunk Search 05-07-2018 0 4	0	4
How to find action time stamp particular task? How to find action time stamp of particular task that should come after action time stamp of particular task? by 90509 Engager in Splunk Search 05-07-2018 0 1	0	1