Splunk Search

Community Activity

How to lookup value with wildcard? Hi. for example, i have that log: Apr 26 12:04:38 centos7LAB sudo: qweqwe : TTY=pts/4 ; PWD=/home/qweqwe ; USER=root... by test_qweqwe Builder in Splunk Search 04-26-2018 0 6	0	6
Field extraction from host field value Hi, I would like to extract two new fields from the value of the host field at search time. I'd like the first 3 cha... by michaeljorgense Path Finder in Splunk Search 04-26-2018 1 14	1	14
Trendline won't generate I wanted to build a trendline of my hosts response_time over _time. But it won't generate source=my_perf AND (host=... by zacksoft Contributor in Splunk Search 04-26-2018 0 2	0	2
I would like to know the splunk search processing Language command which I need to use to generate the reports as listed in the attachments Report1 and Report2 I would like to know the splunk search processing Language command which I need to use to generate the reports as lis... by sham_suri1 New Member in Splunk Search 04-26-2018 0 2	0	2
Why is my map search returning "No Results Found"? Can anyone help me with this map search? Both the inner and outer searches return what I expect, but when I try to co... by motobeats Path Finder in Splunk Search 04-26-2018 1 3	1	3
Want to split results based on a field value Hi all, We have a field which represets de Offices, and we would like to make 2 different line charts separating bet... by leandrot Explorer in Splunk Search 04-26-2018 0 1	0	1
How to find sum of particular fields by time? We are having search which contain two fields user id and time at which user logged in. We need to print below table... by pal_sumit1 Path Finder in Splunk Search 04-26-2018 0 3	0	3
Regex Help! Hi! First time I am attempting Regex commands and I have got pretty stuck so any help would be much appreciated. I ... by NShimmen New Member in Splunk Search 04-26-2018 0 4	0	4
Query with field from lookup table + concatenate + wildcards I have a lookup file titled airports.csv. In the file, i have several fields, but one is AirportCode. This field has ... by cruzcr Engager in Splunk Search 04-26-2018 0 10	0	10
How to convert function to return epoch time 3 hours later? Here is my date format I would like to convert to epoch for later processing. My date formate is: 3/5/2018 17:03 M... by brdr Contributor in Splunk Search 04-26-2018 0 6	0	6
How to compare two fields in a event and list out the field when one of the fields does not exist? Hello, I have a multiple events in a log file which contains field A and field B but not in all the events, I need t... by bollam Path Finder in Splunk Search 04-26-2018 0 2	0	2
why 2 searches dont return same results This search: index=dev_tsv source="activity" "Organization Name"="NA" "Added a comment" \| rename Action as N... by tkwaller_2 Communicator in Splunk Search 04-26-2018 0 5	0	5
Splunk Trigger alert no transaction inside log file from the directory? I have two directory having two log files Directory: /logs/Test1/ /logs/Test2/ The directory have two log files: ... by karthi2809 Builder in Splunk Search 04-26-2018 0 2	0	2
Is it possible to ignore the last result? good afternoon I have the following query \| dbxquery connection = connection query = "....." \| chart eval (round ... by efaundez Path Finder in Splunk Search 04-26-2018 0 6	0	6
eval IP function - help Hello, I have a search woring which returns single IP addresses as source for certain events. As part of this I want... by griggsy New Member in Splunk Search 04-26-2018 0 1	0	1
Transpose Multiple Column Headers HI, I wonder whether someone can help me please. I'm running the query below which works fine, but I'm having some d... by IRHM73 Motivator in Splunk Search 04-26-2018 1 2	1	2
How to get sum of a column Hello, I am new in Splunk and trying to figure out sum of a column. i run following sql query on database: SELECT c... by singh321 New Member in Splunk Search 04-25-2018 0 14	0	14
how to get events for exact matched string only in the field value I am searching : index=web account_domain="INCCORP" bur getting result which have account_doamain with "INCCORP","... by Meharkant123 New Member in Splunk Search 04-25-2018 0 3	0	3
how to exclucde number of values from search sourcetype="source_traffic" \| stats values(dest_port) by dst_ip Hi I am lookin for result of IP which have more than... by Meharkant123 New Member in Splunk Search 04-25-2018 0 2	0	2
How to create a table for pfsense firewall logs using rex command? I was trying to create a table for pfsense firewall logs using rex command. But it is not creating a table, instead s... by jawadak New Member in Splunk Search 04-25-2018 0 3	0	3
How to use where command to keep only specific rows? My query so far looks like this: sourcetype="type1" OR sourcetype="type2" \|chart count(sales1) over sales2 by source... by summitsplunk Communicator in Splunk Search 04-25-2018 0 1	0	1
How to add a column to the results table based on an existing field? Hello: I am trying to add a column to the results table, the reason for this is so that I can then use that value fo... by ivtashev New Member in Splunk Search 04-25-2018 0 1	0	1
How to extract values from a field instead of _raw? Hi I am getting below log and want to extract the data/values from the field using props.conf / transforms.conf. F... by soumyacharya91 Path Finder in Splunk Search 04-25-2018 0 7	0	7
Calculation using the number of events returned to determine average I have data similiar to this: Account Count TotalSessions abc 4 12 xyz ... by dwong2 New Member in Splunk Search 04-25-2018 0 3	0	3
Using a lookup file to run queries I'm trying to create a search based on error strings in a lookup file and i'd like the output to include stats based... by gferreira New Member in Splunk Search 04-25-2018 0 2	0	2