Splunk Search

Community Activity

Need assistance dedup'ing data I need help figuring out how to correctly dedup the data below. The 10 log messages below represent 4 distinct events... by mjshoaf New Member in Splunk Search 03-20-2018 0 10	0	10
How can I not to iterate ResultsReader if I want to return results to Splunk. Python SDK. This is a part of custom search command (EventingCommand) fro example. I get some input events and start jobs based ... by astarchenkov Explorer in Splunk Search 03-20-2018 0 2	0	2
How to get user limits (quota on searches) from python-sdk? I create search jobs from my customsearch command. How can I get user's (not role's) limits on searches? And is it po... by astarchenkov Explorer in Splunk Search 03-20-2018 0 0	0	0
case command i want case command to match case where abc = hhh and after word should be same as present as it is abc abc efg ffh by DataOrg Builder in Splunk Search 03-20-2018 0 7	0	7
Timechart command in lookup or CSV File Hi Team, I have a scheduled search which generates a lookup file similar to below Whenever i run stats command on... by ashish9433 Communicator in Splunk Search 03-20-2018 0 8	0	8
Joining two tables without common field or key. All rows of 1st table must join with all the rows of the second one I have data as given below in table format A B C D E F 517 2498 186 1000 250 100 399 314 1559 100 100 1000 I want ea... by nkankur Path Finder in Splunk Search 03-20-2018 0 2	0	2
Why does Splunk recognize the timestamp only for specific dates? Hello, I have a csv file with data from 2010 until 2017. Splunk seems to parse the timestamp correctly for most of ... by atemourt Engager in Splunk Search 03-20-2018 0 9	0	9
How to get a string from the INFO statement with an error response in Splunk Hello, I need to get a string which is available in the INFO statement whenever there is an Warning statement in the ... by baburao123 New Member in Splunk Search 03-20-2018 0 4	0	4
Calculate the percentage of a given date_hour I have the following data set with says 1000+ data: Time, Duration in hours, eg. 13:23 2018-2-3, 0.234 15:13 2018-3-1... by patrick_cheung New Member in Splunk Search 03-19-2018 0 3	0	3
How to transaction on two different fields within the same sourcetype? I want to join events within the same sourcetype into a single event based on a logID field. However, this logID fiel... by brajaram Communicator in Splunk Search 03-19-2018 0 2	0	2
what is apiStartTime='ZERO_TIME' I have been investigating excessively expensive searches by querying the audit log, and I came across one that has th... by sansay Contributor in Splunk Search 03-19-2018 1 9	1	9
How can I get a usage count of all the user sessions that are NOT sticking to one host without providing "session id" in search box? index="inx_prod" host="pweb*" "session_id=4w344fbrz5th1pzfatvb0u3u" \| table host, session_id \| stats count by host, s... by Pravinraju New Member in Splunk Search 03-19-2018 0 1	0	1
Is there a way to chain searches? All, A user just asked me this, any ideas on how to do this? Splunkj Q: is the following supported? I create an al... by daniel333 Builder in Splunk Search 03-19-2018 1 4	1	4
How to determine the number of "BAD" transactions Hi, I have this query earliest =-30m index=relay_json host=betamax* relayPairId!="null" \| transaction relayPairId s... by dbcase Motivator in Splunk Search 03-19-2018 0 1	0	1
Adding a column from a subsearch I have this query that i've lightly changed from the winfra app, but i want to add a PID into it, that would be in th... by hatbeard Explorer in Splunk Search 03-19-2018 0 3	0	3
Display table issue Currently I have a table generate by my query as below query: index=a \| stats count by name code signature name ... by samlinsongguo Communicator in Splunk Search 03-19-2018 0 10	0	10
Splunk conditional count/aggregation I have some CSV data about files imported in to Splunk. The data looks like this: "\\domain\path\to\file\","<filenam... by bomran Explorer in Splunk Search 03-19-2018 1 2	1	2
search against a lookup table Need help. How to I obtain the following output? I tried the following SPL but doesn't work. index=car_record \| sear... by linwqg New Member in Splunk Search 03-19-2018 0 6	0	6
Can I use regex to assign a sourcetype? Hello. I new to regex and have been trying to understand how it works. Let say i have a log containing strings of i... by linwqg New Member in Splunk Search 03-19-2018 0 5	0	5
Calculating Source type info indexing rate and EPS Hello Splunkers, I would like to calculate below EPS values for 30 days time period for each source type on one c... by Splunk_rocks Path Finder in Splunk Search 03-19-2018 0 4	0	4
How to do eval and percentage based calculations? I want to calculate the amount of change in between today's score and yesterdays. This is a file with a few days data... by Splunk_rocks Path Finder in Splunk Search 03-19-2018 0 6	0	6
I want to find the difference in count of processes from last 2 months My 1st search: earliest=-2mon@mon latest=-1mon@mon index=linux (host=abc OR host=xyz) COMMAND=LMN\|dedup host,PID\|stat... by shreyasathavale Communicator in Splunk Search 03-19-2018 0 6	0	6
How do I merge events on the basis of time and fields? I want to merge events that are in between state=" STARTED" and state="COMPLETED" i.e. All the following events of st... by pratibha2018 Explorer in Splunk Search 03-19-2018 0 9	0	9
Search Query Help Hi Team, I got a scenario as below: index=* host=A or host=B Type=Info "Service down" In this i want the following... by anandhalagarasa Path Finder in Splunk Search 03-19-2018 0 6	0	6
How to build a multi-level piechart? Hello, I am searching for a possibility to build a multi-level piechart in Splunk. Does anyone knew if the is an bui... by mihenn Path Finder in Splunk Search 03-19-2018 1 5	1	5