Splunk Search

Discussions

Thread Info

Why is my search producing "Error in 'eval' command: The expression is malformed"?

I created a macro and used the search string below. After submitting the search, I received the following error messa...

by New Member in

How to place one value in the last column of a table and replace the duplicate values as "N/A"?

| inputlookup Roster.csv Level 1 Manager Level 2 Manager Level 3 Manager Ganesh Ganesh Ganesh ...

by Explorer in

How to edit my search with IF/THEN logic to display usernames existing on a host for a given time range?

Here is my search: | set diff [search index=os_nix sourcetype="Unix:UserAccounts" earliest =-90d@d latest=-30d@d ...

by Path Finder in

How to create a table with duration and job status for jobs that may run more than once a day?

Hi, I have batch job logs that look like below, My output needs to look like this, The chall...

by Path Finder in

What are "SummaryDirectory" processes referring to on an indexer?

Hi, I noticed some processes running on the indexer today with the phrase "SummaryDirector" in the command-line. C...

by Champion in

What is the best way to filter events from a search without running the search again?

I’m looking for a way to run a search on the results of a previous search. Subsearch won't work because I don't know ...

by Path Finder in

How to visually represent Session Creation trend across load balanced Java Virtual Machines (JVMs)?

Splunk newbie here trying to get a nice line graph showing the session creation pattern over a period of time: ......

by Engager in

What does "Size" stands for in Job Manager?

Hi! I would like to know what does "Size" stands for Job Manager in ver 5.0.5. Any help is appreciated! Than...

by Communicator in

How to convert microseconds to date time unit in Splunk?

I have a log event like this: Timestamp: 1477292160453180 537 The number 1477292160453180 is the number of mic...

by New Member in

How to replace multiple field values with the same replacement value in a search?

I am working with a field named product which contains an array of values which I would like to replace with more mea...

by Communicator in

Why is my search for missing events returning results from clients that actually do have events?

SourceName="EBS Check" OR SourceName="EBS Snapshot" | eval hasEBSCheck=1 | append [| metadata type="hosts" | eval has...

by Explorer in

How to modify my search to graph the same 30 minute time period for previous weeks on the same graph?

I have a search to graph the last 30 minutes in 5 minute intervals: index=web_summary report="volumebyminuteweb" e...

by Path Finder in

How to write a search to track system time change in a Linux system?

I need an example search to track system time change in a Linux system. Please help me.

by Explorer in

Why is my search not showing the count in the resulting table?

Hi, I have this query index=cox UCE-|rex "UCE-(?<UCE_Code>(\d+))"|lookup UCECodes.csv UCE-Code as UCE_Code|eval...

by Motivator in

How to transform a string and ignore all tagged parts like {example}

Hi, let's say we have a string with various tagged entries: "This {field1} is {delete_this} the example {tagged...

by Motivator in

How to generate a search to pull Active Directory logons for a specific user and include source IP address?

Hi, I'm struggling with a search string to pull back Active Directory logon times for a specific user and to include ...

by New Member in

How to edit my search to create a time chart with a count and percentage for each day?

Hi, My scenario is to get a time chart with each day's values for a particular period of time (ex: 7 days) and the...

by Path Finder in

Transaction Command

hi all i have taskmanager log files which has the events like Mon Jun 25 00:00:30 CDT 2012,DistributedEvaluati...

by Communicator in

Why am I getting "maximum number of historical searches that can be run concurrently. current=10 maximum=10" for real time searches?

I am running Splunk 6.5 , and I have tried many things for hours, but am still getting: The system is approaching ...

by Explorer in

My two individual searches are working, but why am I unable to combine all extracted fields using append, appendcols, or join?

I have 2 jobs running daily (DailyDayJob, DailyNightJob) that logs to a common file. The logs are as given below: ...

by Path Finder in

How to create a report that displays stats count in a table for x days?

Sorry I am new to Splunk and wondering if can have the report that gives results in a table as below, data as : ...

by Explorer in

How to create a response time graph based on two timestamps?

I have a field in my logs that looks like this: Timestamp: 1477292160636560 1217 The first number is time at w...

by New Member in

How to correlate two JSON objects via a key-value pair?

Imagine there are thousands of JSON entries and I want to correlate object pairs via a key/value pair. Entry #44 ...

by Engager in

How to get my lookup search to return FieldC from a mylookup.csv on match of FieldA?

Hello All, I have a lookup called mylookup based on mylookup.csv containing 3 fields FieldA, FieldB and FieldC. I ...

by Path Finder in

Why does my strftime search not work between midnight and 10 am?

I have this real-time query with a 12 week back fill: host="<some host>" OR host="<some other host>" "<some se...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is my search producing "Error in 'eval' command: The expression is malformed"?

How to place one value in the last column of a table and replace the duplicate values as "N/A"?

How to edit my search with IF/THEN logic to display usernames existing on a host for a given time range?

How to create a table with duration and job status for jobs that may run more than once a day?

What are "SummaryDirectory" processes referring to on an indexer?

What is the best way to filter events from a search without running the search again?

How to visually represent Session Creation trend across load balanced Java Virtual Machines (JVMs)?

What does "Size" stands for in Job Manager?

How to convert microseconds to date time unit in Splunk?

How to replace multiple field values with the same replacement value in a search?

Why is my search for missing events returning results from clients that actually do have events?

How to modify my search to graph the same 30 minute time period for previous weeks on the same graph?

How to write a search to track system time change in a Linux system?

Why is my search not showing the count in the resulting table?

How to transform a string and ignore all tagged parts like {example}

How to generate a search to pull Active Directory logons for a specific user and include source IP address?

How to edit my search to create a time chart with a count and percentage for each day?

Transaction Command

Why am I getting "maximum number of historical searches that can be run concurrently. current=10 maximum=10" for real time searches?

My two individual searches are working, but why am I unable to combine all extracted fields using append, appendcols, or join?

How to create a report that displays stats count in a table for x days?

How to create a response time graph based on two timestamps?

How to correlate two JSON objects via a key-value pair?

How to get my lookup search to return FieldC from a mylookup.csv on match of FieldA?

Why does my strftime search not work between midnight and 10 am?

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown