Splunk Search

Community Activity

Use double eval function for an extracted field Hi All, I have extracted a field from my raw data using eval replace function. Now I want to use the eval split func... by soumyacharya91 Path Finder in Splunk Search 04-24-2018 0 2	0	2
predict command doesent work Hi I want to predict values of a field over time. the result table of my search: In the end of the search I use: ... by matansocher Contributor in Splunk Search 04-24-2018 0 5	0	5
Alert based on comparison between two results of the same search I have the WinHostMon service reporting in every 5 minutes. I want to be alerted if a State changes from one 5 minute... by JordanPeterson Path Finder in Splunk Search 04-24-2018 0 1	0	1
How to compare two dates in format DAY-Mon dd:mm:ss ZZZZ YYYY ? Hello, I have two dates which I need to compare and report if there is difference of more than 1 hour currTime = T... by jagdeepgupta813 Explorer in Splunk Search 04-24-2018 0 2	0	2
How to search and extract values from multiple sourcetypes? Hi Everyone, I am trying to check a certain a ticket-series in Sourcetype_A or Sourcetype_B. If found, I need to che... by Chandras11 Communicator in Splunk Search 04-24-2018 0 7	0	7
How to update my case statement to preserve original field contents Hello Splunk experts, Not sure if I'm going about this the right way, but I'd like to store contents of multiple fie... by splunker1981 Path Finder in Splunk Search 04-24-2018 0 1	0	1
Find the least and most occurrence in a field -- populating in the same row I have three log transactions containing following extracted fields - all joined together by a common transaction id ... by sureshchinta Explorer in Splunk Search 04-24-2018 0 3	0	3
How can I eliminate characters or words from the result? I have an output that looks like this: AV_DATE=Jan-1-2018 I want to be able to just display the date as so: Jan-1-20... by albinortiz Engager in Splunk Search 04-24-2018 0 1	0	1
How to create an interesting field by parsing host name my index has events from many hosts. The hosts names contain information about what environment the host is part of. ... by rileyken Explorer in Splunk Search 04-24-2018 0 6	0	6
Can there be nested multireport commands? I am using the multireport command to help manage some external lookup and caching. When I use one multireport comman... by teresachila Path Finder in Splunk Search 04-24-2018 0 0	0	0
How to to take median of number of users logged in past 1 hour index=XXX sourcetype="XXX-log" opName="LoginUser" earliest=-60m latest=now() \| bucket _time span=10m \| timechar... by Rocky31 Path Finder in Splunk Search 04-24-2018 0 2	0	2
Timechart query with multiple values after "by" I have similar json input as below, every minute similar blocks of data is send to index. I am plotting timechart bu... by sawgata12345 Path Finder in Splunk Search 04-24-2018 0 5	0	5
how to display _time hello I have tow problems 1 I export my search result to csv file but when I open it the time just display... by fzfeng New Member in Splunk Search 04-24-2018 0 3	0	3
how to display time rightly in csv file hello I export my search result to csv file but when I open it the time just display like this 1.52E+09 ... by fzfeng New Member in Splunk Search 04-24-2018 0 6	0	6
How to create a new field and assign value to it on the basis of sub query result? Hi all, I am almost near to my requirement and there is just one issue that I am facing. I am having 2 columns from a... by abhishekroy168 Path Finder in Splunk Search 04-24-2018 0 1	0	1
Need to get latest sets of events I have a dbinput configured to pull data from SQL table on a daily basis. So I am getting few events each day in a in... by santosh_sshanbh Path Finder in Splunk Search 04-23-2018 0 4	0	4
How to create a query for below scenarios? field="URL1 OR URL2 OR URL3" I need to search each URL in . If the search is returns values, count >0 then it's Pass... by lawzuns Explorer in Splunk Search 04-23-2018 0 10	0	10
Most Recent Series of Events Selection I have a series of tests that are performed at random times throughout the week. There are a total of 12 events. Ea... by bseifert14 Engager in Splunk Search 04-23-2018 0 1	0	1
Finding duration, average time, maximum time for specific logs The logging that we do is not perfect hence need some help. Log 1 (request) - {"date":"19-04-2018 21:40:11,221", "t... by pushpender07 Explorer in Splunk Search 04-23-2018 0 7	0	7
Need help creating a regex to grab anything after last comma Hi, Hope someone can help me with creating a regular expression for an extraction. I have a log file and the lines d... by mikehage New Member in Splunk Search 04-23-2018 0 6	0	6
How to find the max value based on the rows? Hi all, I want max value by row wise not max (field name) Date shiftA shiftB *shiftC... by harishalipaka Motivator in Splunk Search 04-23-2018 1 8	1	8
How to search start dot whatever? If I wanted everything with a .wav extension returned how would I format this? index="myindex" AttCnt=* AttNames=* A... by summitsplunk Communicator in Splunk Search 04-23-2018 0 10	0	10
Use different lookups based upon environment in same search How can I use same search for 2 different lookup? For ex: lookup_qa.csv and lookup_prod.csv. I wanna use them in sear... by harry2007gsp Path Finder in Splunk Search 04-23-2018 0 8	0	8
How do I sum the price of a product for repeating XML fields in a single event? Here is a sample section of the XML Data I am attempting to sum: <Product> <ProductItem>1</ProductItem> ... by Tom_Oliveri New Member in Splunk Search 04-23-2018 0 4	0	4
Is it possible to update _raw with a replaced field easily? When I use replace to update a field, it is updated properly (in the interesting fields sidebar) but my search displa... by axelabs Explorer in Splunk Search 04-23-2018 0 3	0	3