Splunk Search

Community Activity

Summarize field by specific field Hey All, I'm trying to accomplish a search here that seems so simple but I got stucked. I have this one where give ... by WesleyFranklin Explorer in Splunk Search 04-30-2018 0 4	0	4
trim out field using replace I'm reading from a file that has messages like these: Action (0x00000173): x.x.x.x; \|Performed by user "User 1" Acti... by brdr Contributor in Splunk Search 04-30-2018 0 4	0	4
extract fields from XML data showing in fields Hello Splunkers, I have following data showing in one of the field like "info" in Splunk. so my QS is there any wa... by Splunk_rocks Path Finder in Splunk Search 04-30-2018 0 7	0	7
Join is not working correctly for certain values I'm trying to join 3 types of data, we have recordings which belong to a shower which belongs to a user. For some us... by bshega Explorer in Splunk Search 04-30-2018 0 7	0	7
how to customize panel width in a row ? how do I customize or adjust width of panel ? my sample code <row> <panel> <title></title> <html> <p> ... by navd New Member in Splunk Search 04-30-2018 0 2	0	2
We are receving messages on captain in search head cluster like “The maximum number of concurrent historical scheduled searches on this cluster has been reached”. Any inputs on this ? number of searchheads in cluster including captain are 6. Splunk version is 6.6.5 by nilbak1 Communicator in Splunk Search 04-30-2018 0 1	0	1
Show up result only if its continuously coming up for 'n' number of days? I have created a query related to account lockouts, but my criteria is if user is continuously coming over last 3 day... by sarwshai Communicator in Splunk Search 04-30-2018 0 2	0	2
how to get items from a large json file? Hi everyone I´m new in splunk ,I need to get items from a json file but when i search in my file i see this in many ... by cleal New Member in Splunk Search 04-30-2018 0 1	0	1
using multiselect to concatenate fields into a compound key We have a dashboard where the user can select multiple in a multiselect input field. Those values correspond to colu... by mschellhouse Path Finder in Splunk Search 04-30-2018 0 4	0	4
Excel Like Pivot Table I'm trying to figure out how to build an excel-like pivot table using 3 or more columns. As example, I have this dat... by jperry_intact New Member in Splunk Search 04-30-2018 0 2	0	2
If i have 3 column in lookup table like column "A" has 10 entries column "B" has 5 entries and column "C" has 2 entries how can i match in search if i have 3 fields A,B,C and i need to match all entries for that fields index=main \|search [\|inputlookup abc.csv \| f... by rahul_mckc_splu Loves-to-Learn in Splunk Search 04-30-2018 0 2	0	2
Multi level table Hi, I am trying to build a multi-level pivot table in SPLUNK, where you can have multiple rows under one another lik... by jackreeves Explorer in Splunk Search 04-30-2018 0 1	0	1
Multivalue xml field extraction Hi Splunkers, Part of the incoming xml data looks like this, <metaDataSet> <metaData key="DocName">mm12... by jsanjeb Explorer in Splunk Search 04-30-2018 0 8	0	8
How to filter a dashboard search based on a date field that is not the default _time field? Hello, I am having trouble setting up a dashboard to filter based on a date field which isn't the default _time fiel... by jwch Explorer in Splunk Search 04-30-2018 0 4	0	4
How to group by a by Title? Hi guys!! I have this search: index=temp sourcetype=sdc cs_host="mto.ree." WT_dl=0 NOT (cs_uri_stem ="*/es-es/... by mogoj Engager in Splunk Search 04-30-2018 0 4	0	4
Comparing multivalue field with single value field (v6.5.2) I was looking for a way to input multiple text inputs on a dashboard and searching the inputs against a single value ... by esmonder Path Finder in Splunk Search 04-29-2018 0 3	0	3
On-Premises documentation server I run Splunk Enterprise in a distributed cluster architecture, in an offline environment that is completely disconnec... by eden881 Path Finder in Splunk Search 04-29-2018 0 1	0	1
Average command vs count and average command Maybe im just bad in mathematics. but why does splunk docs always take the count of events and then the avg of event... by ranjitbrhm1 Communicator in Splunk Search 04-29-2018 0 2	0	2
Add a blank row in the table I have a search which would give me a table of results and at the end the total count of columns. I want a blank lin... by Navanitha Path Finder in Splunk Search 04-28-2018 0 15	0	15
Source Workstation shows random IP Hi there, I'm looking into why one of our users is getting locked out, but when I run a search to try to find out the... by brosariochan New Member in Splunk Search 04-28-2018 0 2	0	2
how to Configure positional timestamp extraction in log using RegEx? hi All, Am trying to extract the time stamp inside event as index time. We have similar sourcetype of logs from 4 di... by mallempatisreed Explorer in Splunk Search 04-28-2018 0 2	0	2
Help with ending search for rex expression Hi All - I am using the below query index=ABC "XYZ"\| rex field=_raw "\"code\":\"(?.*)\"" \| stats count by errorcode ... by pushpender07 Explorer in Splunk Search 04-28-2018 0 5	0	5
Calculate totals and then sort based on a field and separate out results accountId: 12345678 action: Test publishId: 123 or 456 tile: Tile1 How can I get this result: [accountI... by dwong2 New Member in Splunk Search 04-27-2018 0 2	0	2
Insert a heading between rows and customise it.? How can I add a heading between two rows , my each row on dashboard has three panels . and can i customize it ? by navd New Member in Splunk Search 04-27-2018 0 8	0	8
Mimecast for Splunk not showing Target Threat Protection Data Hello, We've had the Mimecast for Splunk v2 running in our environment for almost a year now and most of the data ha... by summitsplunk Communicator in Splunk Search 04-27-2018 1 0	1	0