Splunk Search

Community Activity

	how to display only those rows with a particular value in a particular value using \|table command I am applying few conditions and logic to come up with values for different fields. I'm then displaying them using te... by sh254087 Communicator in Splunk Search 04-20-2018 0 10	0	10
	Combinding results in fields with mulitple results I have two types of logs in an index. Both can have multiple entries for a ip address. What i need to do is find all... by jerrythoms Explorer in Splunk Search 04-20-2018 0 5	0	5
	eval match with NOT condition I've figured out how to use the match condition to use a wildcard in my eval, however now I need to put at NOT with i... by kmaron Motivator in Splunk Search 04-20-2018 0 6	0	6
	extract fields from rex _raw trying to extract a fields from logfile's text (have both examples in logfile): search sourcetype=apache "/apps/publ... by oustinov New Member in Splunk Search 04-20-2018 0 11	0	11
	Eval and If else value return or else null Hello Splunkers, Im constructing Eval field " user1" actually user field contain 5 digit number so i have to const... by Splunk_rocks Path Finder in Splunk Search 04-19-2018 0 4	0	4
	How to compare multiple fields? Hi All, I want to compare three fields value(may be) to arrive at new field. (mentioned 3 as it may require to compar... by Kwip Contributor in Splunk Search 04-19-2018 0 2	0	2
	What's causing the error message in the extraction of new fields? Why do I get the following error message when I try to extract new fields? The events associated with this job have ... by atemourt Engager in Splunk Search 04-19-2018 0 1	0	1
	How can I replace that field values to another and vice versa? For example, my account number is coming as device number and vice versa and that is expected based on the condition ... by saivardhan New Member in Splunk Search 04-19-2018 0 1	0	1
	How to create a second set of metrics, stats count by the field within the same table? Hi, I wonder whether someone may be able to help me please: I'm using the following query to record customer ratings... by IRHM73 Motivator in Splunk Search 04-19-2018 0 5	0	5
	How can I build a chart that show the difference between two fields? index=app sourcetype=application1 source=server1production with this search I get back two field Baseprice and finalp... by jfallon1 New Member in Splunk Search 04-19-2018 0 2	0	2
	How to show count increase by percent from average of the last X months? Is it possible to index="myindex" mcType=auditLog \| search auditType="*" \| stats count by auditType \| where count ... by summitsplunk Communicator in Splunk Search 04-19-2018 0 5	0	5
	rex field extraction How would I extract account number here, message:Receiving exp from: Long URL /Eex for account(s): 8768 rex field... by swetasoneji New Member in Splunk Search 04-19-2018 0 22	0	22
	Find consecutive duplicates in a field, by terminal Hi, I can't find a similar example already answered, so here goes: The data looks like this - _time, Terminal, ... by markyelland New Member in Splunk Search 04-19-2018 0 7	0	7
	Question on Selected fields in fields side bar Hi, In the selected fields to the left, I have a selected field by name source_address and it looks like below: Top... by muralisushma7 Explorer in Splunk Search 04-19-2018 0 1	0	1
	implement excel countif function in Splunk Hi All, Following is my source table (pelase consider the first 2 fields:- Value and Root_Value only):- I want to ... by Chandras11 Communicator in Splunk Search 04-19-2018 0 1	0	1
	Post process search I have two searches I have a dashboard with two panels. 1st panel has a query search1 join type=outer[search 2 ] ... by akhil36109 New Member in Splunk Search 04-18-2018 0 4	0	4
	Timechart/chart for getting the count of events with specified field value Hi , I want a graph which actually gives me a ratio of count of events by host grouped together in a 15 minute inter... by macadminrohit Contributor in Splunk Search 04-18-2018 0 3	0	3
	Where with subsearch Hi All, I am trying correlate 2 different search queries using where with subsearch it goes like this: host="host1... by nkankur Path Finder in Splunk Search 04-18-2018 0 2	0	2
	How do I edit my rex search to extract a string between two other strings from a sample line of data? Hi, How do I get "x868686@test.com" between "Account:" and "Source Workstation:" from following text: Account: x86... by chlily New Member in Splunk Search 04-18-2018 0 4	0	4
	How to Parse a complicated Field Hello, I have a JSON file with a huge field: It looks like '"outputs": [ { "custom_descriptio... by talal234 Explorer in Splunk Search 04-18-2018 0 8	0	8
	How to add a field to an event, based on a field from another event. I feel like I'm having a brain dead moment. I've been scratching my head over this one... Essentially, I want to per... by adamsmith47 Communicator in Splunk Search 04-18-2018 0 1	0	1
	extract text between two slashes from the end hi I am trying to extract the email id from the text eg: PUT /api/users/usernames/eejuy.alves92%40gmail.com/ PUT /api... by sravani27 Path Finder in Splunk Search 04-18-2018 0 2	0	2
	How to convert String values into factor variable? I have string fields; an example is "URL". I want it to convert it to numeric / factor variable to perform statisti... by zacksoft Contributor in Splunk Search 04-18-2018 0 10	0	10
	timechart return 0 if no results found Hi . I have a sourcetype = Queue and i'm sending the number of messages waiting in the queue . index=monitoring so... by amitdaniel Explorer in Splunk Search 04-18-2018 0 4	0	4
	What is causing the Rex Raw c-ip syntax error? Hi, I'm getting error at search time: Error in 'rex' command: Encountered the following error while compiling the r... by brdr Contributor in Splunk Search 04-18-2018 0 4	0	4