Splunk Search

Community Activity

sum up several fields with integer counts to one Hi, I have several fields which should be summed up to one count. I tried the following but the field is not showing... by mhornste Path Finder in Splunk Search 04-12-2018 0 2	0	2
How to join two indexes in different time ranges? I have two indexes: index 1 contains a list of domains and event_timestamp, index 2 contains a description for every ... by mcohen13 Loves-to-Learn in Splunk Search 04-11-2018 0 5	0	5
how can i get each value for specific filed? index=test host=rider258 APP=TEST \| rex field=_raw "CAR:(?\d+)" \| table CAR this is my query. But whenever i run... by prabhunesanket1 New Member in Splunk Search 04-11-2018 0 2	0	2
Add total at the end of a column in Splunk Hello, I have a splunk query that goes into our AWS bill and outputs totals for various AWS resources: index=prd_aw... by tdunphy_ Explorer in Splunk Search 04-11-2018 0 9	0	9
How to perform aggregations on multiple occurrences of a field inside a single event Hi, I have data something like this: Events in splunk search are as follows 04:30 [timestamp] [text] ty... by hsharma20 Engager in Splunk Search 04-11-2018 1 2	1	2
Pass a variable to fields command in a search - not working Hi, I'm trying to build a mechanism to pre-define a set of fields in my searches. The mechanism normally uses a macr... by cardinalga Explorer in Splunk Search 04-11-2018 0 9	0	9
REX question. Hello, I'm having a really hard time pulling the status code from an HA proxy log using a rex command. there are a n... by fotc1969 New Member in Splunk Search 04-11-2018 0 1	0	1
What is the difference between keeporphans and keepevicted in a transaction? Hi Folks, I'm fairly brand new to splunk, and trying to build a transaction out of cisco ASA data. My search looks ... by robmoser Explorer in Splunk Search 04-11-2018 0 5	0	5
Only show rows from a certain year based on datestamp? I have the following query that looks at data from all-time (according to Splunk date window). My understanding is th... by rkassabov Path Finder in Splunk Search 04-11-2018 0 2	0	2
How to use a lookup table to restrict a search? Hi, I have a lookup table that is just a list of MAC addresses. I need to be able to search a data set that has mac... by dbcase Motivator in Splunk Search 04-11-2018 0 10	0	10
how to get tthe average of a count value ? hi, can someone help me to complete the search to get the average of a count ?? we have a file that has the logins ... by abilis Explorer in Splunk Search 04-11-2018 0 6	0	6
Return string and number before and after equals sign Hi, I am new in splunk and i want to save the value in fields before and after = for example events look like belo... by soumyajk Engager in Splunk Search 04-11-2018 0 1	0	1
How to join two time stamps with different counts? I have a single dataset which contains a couple of variables which are time (date) based. The format for all of them ... by samwatson45 Path Finder in Splunk Search 04-11-2018 0 7	0	7
How to calculate a score based on a field with different values and count the number of identical values by applying a multiplier? Hello, I want to calculate a score based on a field (severity) containing different values (High, Medium, Low). This... by skhedim Explorer in Splunk Search 04-11-2018 0 2	0	2
How to plot a timechart so the values are plotted correctly for the search? I'm trying to plot a timechart with below data. Empty Graph is displayed on the correct X-axis and Y-axis but values ... by prysmuser New Member in Splunk Search 04-11-2018 0 3	0	3
Check the first character of a string with eval case Hi Team, I want to create a new field REGION_ID With following requrirements:- If (TKT_CREATOR ="IP-Z" OR "DEP-IP-Z")... by Chandras11 Communicator in Splunk Search 04-11-2018 0 4	0	4
How to measure time difference between reoccurring events? Hi, I am currently trying to write a search which will accurately measure how long it takes for a customer to log i... by samwatson45 Path Finder in Splunk Search 04-11-2018 0 2	0	2
How to select only the procedure marked in bold through regex Completed executing query test_proc_SelectLatest_PricesBySecurity which took 1 milliseconds. Completed executing quer... by JyotiP Path Finder in Splunk Search 04-11-2018 0 2	0	2
How to index log with table data inside? Hi, I have some logs that contain table data inside - which means there are multiple fields with the same key name. ... by shayhibah Path Finder in Splunk Search 04-11-2018 0 4	0	4
Why is the nodejs unable to perform a number of sequential queries? Hi guys, I have a nodejs service that needs to perform number of sequential queries: e.g: search mysearch from 01/0... by faustf Communicator in Splunk Search 04-11-2018 0 2	0	2
Is there a metric search to define how many times load balanced forwarders switch indexers? Hi Everyone, Is there a metric Search to define how many times load balanced forwarders switch indexers? Thank you. by asabatini85 Path Finder in Splunk Search 04-11-2018 0 1	0	1
Is there support for the latest version of Custom charting Config Axis grid documentation? I am trying to customize charts, from default numeric.Only documentation I found was one for older versions http://do... by buraka New Member in Splunk Search 04-10-2018 0 4	0	4
Anomaly detection using historial event count with help of hour-based time slices Hi, I'm currently searching for a method that will help me alerting anomalies in historial event logs. Let's say; i... by furkan_caliskan New Member in Splunk Search 04-10-2018 0 5	0	5
How to use the dedup command for this search? Hi Team, I have the next source list indexed in Splunk I need to let in only the last source by each factory owne... by evinasco Communicator in Splunk Search 04-10-2018 0 3	0	3
How to overlay a straight line showing the average time taken over an existing timechart? I'm not sure if the title is clear, so hopefully this helps. I've got a dashboard with a search: host=hostname cs_u... by gearmana Explorer in Splunk Search 04-10-2018 0 7	0	7