Splunk Search

Community Activity

top 10 vendors having high total volume and high failure Hi All, My requirement was we needed to analyse issues with vendors who are failing to perform and for this, I need... by arjitgoswami Explorer in Splunk Search 03-20-2018 0 4	0	4
How many lookup tables can I use in one splunk query? Can anyone please tell how may lookup table can I use in one particular Splunk query? Are there any restrictions? by logloganathan Motivator in Splunk Search 03-20-2018 0 3	0	3
Why does geoIp database for Iplocation command doesn't provide information about country, city etc. for some IP's? Hi, I have a table with list of Ip's and their respective locations but for few Ip's the Country and city regions ar... by rakeshyv0807 Explorer in Splunk Search 03-20-2018 0 5	0	5
Join on one to many with max=0 still only returns 1 row per match This is the query: source=Audit earliest=-2d [search source=Audit \| stats count by persistent_id \| where count > 2... by drpog New Member in Splunk Search 03-20-2018 0 5	0	5
Loop through a particular field counting how many values there are for each value of said field Hello all! I feel like this is a simple query and I just can't wrap my head around it. The data I'm searching throu... by trc29 Engager in Splunk Search 03-20-2018 0 3	0	3
How to create table based on TRUE result? I'm trying to create a query that will show me {stuff} that's happening outside of 'typical' working hours (i.e. Sat/... by bomran Explorer in Splunk Search 03-20-2018 0 5	0	5
How to calculate the difference between two fields from different files? I have two different files abc and abc1. Both have two fields TS1 and TS2. I just want to calculate difference betwee... by rahul_monty New Member in Splunk Search 03-20-2018 0 6	0	6
Need assistance dedup'ing data I need help figuring out how to correctly dedup the data below. The 10 log messages below represent 4 distinct events... by mjshoaf New Member in Splunk Search 03-20-2018 0 10	0	10
How can I not to iterate ResultsReader if I want to return results to Splunk. Python SDK. This is a part of custom search command (EventingCommand) fro example. I get some input events and start jobs based ... by astarchenkov Explorer in Splunk Search 03-20-2018 0 2	0	2
How to get user limits (quota on searches) from python-sdk? I create search jobs from my customsearch command. How can I get user's (not role's) limits on searches? And is it po... by astarchenkov Explorer in Splunk Search 03-20-2018 0 0	0	0
case command i want case command to match case where abc = hhh and after word should be same as present as it is abc abc efg ffh by DataOrg Builder in Splunk Search 03-20-2018 0 7	0	7
Timechart command in lookup or CSV File Hi Team, I have a scheduled search which generates a lookup file similar to below Whenever i run stats command on... by ashish9433 Communicator in Splunk Search 03-20-2018 0 8	0	8
Joining two tables without common field or key. All rows of 1st table must join with all the rows of the second one I have data as given below in table format A B C D E F 517 2498 186 1000 250 100 399 314 1559 100 100 1000 I want ea... by nkankur Path Finder in Splunk Search 03-20-2018 0 2	0	2
Why does Splunk recognize the timestamp only for specific dates? Hello, I have a csv file with data from 2010 until 2017. Splunk seems to parse the timestamp correctly for most of ... by atemourt Engager in Splunk Search 03-20-2018 0 9	0	9
How to get a string from the INFO statement with an error response in Splunk Hello, I need to get a string which is available in the INFO statement whenever there is an Warning statement in the ... by baburao123 New Member in Splunk Search 03-20-2018 0 4	0	4
Calculate the percentage of a given date_hour I have the following data set with says 1000+ data: Time, Duration in hours, eg. 13:23 2018-2-3, 0.234 15:13 2018-3-1... by patrick_cheung New Member in Splunk Search 03-19-2018 0 3	0	3
How to transaction on two different fields within the same sourcetype? I want to join events within the same sourcetype into a single event based on a logID field. However, this logID fiel... by brajaram Communicator in Splunk Search 03-19-2018 0 2	0	2
what is apiStartTime='ZERO_TIME' I have been investigating excessively expensive searches by querying the audit log, and I came across one that has th... by sansay Contributor in Splunk Search 03-19-2018 1 9	1	9
How can I get a usage count of all the user sessions that are NOT sticking to one host without providing "session id" in search box? index="inx_prod" host="pweb*" "session_id=4w344fbrz5th1pzfatvb0u3u" \| table host, session_id \| stats count by host, s... by Pravinraju New Member in Splunk Search 03-19-2018 0 1	0	1
Is there a way to chain searches? All, A user just asked me this, any ideas on how to do this? Splunkj Q: is the following supported? I create an al... by daniel333 Builder in Splunk Search 03-19-2018 1 4	1	4
How to determine the number of "BAD" transactions Hi, I have this query earliest =-30m index=relay_json host=betamax* relayPairId!="null" \| transaction relayPairId s... by dbcase Motivator in Splunk Search 03-19-2018 0 1	0	1
Adding a column from a subsearch I have this query that i've lightly changed from the winfra app, but i want to add a PID into it, that would be in th... by hatbeard Explorer in Splunk Search 03-19-2018 0 3	0	3
Display table issue Currently I have a table generate by my query as below query: index=a \| stats count by name code signature name ... by samlinsongguo Communicator in Splunk Search 03-19-2018 0 10	0	10
Splunk conditional count/aggregation I have some CSV data about files imported in to Splunk. The data looks like this: "\\domain\path\to\file\","<filenam... by bomran Explorer in Splunk Search 03-19-2018 1 2	1	2
search against a lookup table Need help. How to I obtain the following output? I tried the following SPL but doesn't work. index=car_record \| sear... by linwqg New Member in Splunk Search 03-19-2018 0 6	0	6