Splunk Search

Community Activity

	Count number of field value per source and show as table I have a field named "router" that has multiple values and have three sources. I would like to count the router value... by christopheryu Communicator in Splunk Search 03-14-2018 0 5	0	5
	Search for Error only in the latest log file coming from different hosts My original search Query returns results- index="ver_logs" "ERORR detected" \| rex field=source "VerLogs\\\(?.*?)\_... by nmohammed Builder in Splunk Search 03-14-2018 0 11	0	11
	How to extract fields from xml in a lookup table? I have a lookup table where one of the field columns is xml format. I'm trying to extract fields from the xml entries... by matstap Communicator in Splunk Search 03-14-2018 0 4	0	4
	How to search Events on Hosts in Inputlookup File? I have a CSV that I've created via ldapsearch, that contains a single column with 'cn' and then a list of servers. I... by Kendo213 Communicator in Splunk Search 03-14-2018 0 10	0	10
	Error in Eval in Search Command. Please help. \| makeresults \| eval ipaddress=192.168.1.1 \| lookup AM ipaddress OUTPUT hostname \| table ipaddress,hostname This wor... by ReachDataScient Explorer in Splunk Search 03-14-2018 0 7	0	7
	Correlation Events and Discard Events Hello, I need your help to correlation some transactions by a number of reference and responses Input and Output bu... by Carolina Engager in Splunk Search 03-14-2018 0 1	0	1
	Remove the query string from a Url field Need to exclude the query parameters from a URL field. For e.g. the field contains http://www.google.com/india?searc... by gassershaun Engager in Splunk Search 03-14-2018 0 4	0	4
	Why isn't my query working after adding timechart? Greetings All - I have a query that gives me the data I need. However when I tried to add a timechart function to b... by ZigZaggin Explorer in Splunk Search 03-14-2018 0 18	0	18
	How to find users that had only errors for certain event? We have log entries in format like this: LogLevel=info username=some1 eventID=update So in case of error the LogL... by dsnytkine Engager in Splunk Search 03-14-2018 0 7	0	7
	latest date Hello , So my question today is: for my earliest time i have "-1w@w1",so my research start from the last monday.The ... by taha13 Explorer in Splunk Search 03-14-2018 0 7	0	7
	How can I create a query where I can sum the total and then take the percentage and add them in a column? Hello, I need your help for the following: I need to add the Total row and then divide it by the column of funds. E... by Carolina Engager in Splunk Search 03-14-2018 0 7	0	7
	How to compare fieldName from different sourcetypes? I have a field called hostname,domain,ipaddress all my 5 sourcetypes are having same fieldname, I want to compare all... by vemurisurya Path Finder in Splunk Search 03-14-2018 0 3	0	3
	Is there a way to have a list of forwarded files in Splunk? I have multiple xml files which have been forwarded to Splunk from my machine. Each file has its own data which is us... by mawomommoh Path Finder in Splunk Search 03-14-2018 0 4	0	4
	transaction/duration? I have events with a kind of chronological flow. The events contain a ID, status, _time and a time inside the event. ... by Mike6960 Path Finder in Splunk Search 03-14-2018 0 10	0	10
	extracting eval for reuse in other searches Hi I have a dashboard which shows metrics for an API. It has a graph for response times, tables for min max average ... by SimonKof New Member in Splunk Search 03-14-2018 0 2	0	2
	Creating a User profile who has access to monitoring console only Hi All, I checked all the options in Splunk and I am unable to find an option for creating a user with a a role who ... by PhenylVon New Member in Splunk Search 03-14-2018 0 1	0	1
	How to write regex to select specific fields on a search? hi below is my search, when I do search for Error this is what I get; then I run this search to create "Message" f... by carlyleadmin Contributor in Splunk Search 03-14-2018 0 3	0	3
	how to Union 4 searches with 4 field name Hi, Good day! have this search: \| union [\| pivot latest(field0) AS field0 SPLITROW field4 AS field4 \| se... by splunkt0n New Member in Splunk Search 03-14-2018 0 1	0	1
	When using two lookups in a single search, I'm unable to value from the second lookup. How do I do that? \|inputlookup \|eval duration="xyz"\|append[inputlookup \|eval duration2="abc"]\|eval dur3=duration-duration2\| table dur ... by tchintam Path Finder in Splunk Search 03-14-2018 0 4	0	4
	Add a column with a count of unique IP's to a chart Hi@all, i'm new a splunk and been trying to figure out this for a while now. But for me it is not possible to add a ... by markus007 Engager in Splunk Search 03-14-2018 0 6	0	6
	lookup file csv i have a search in splunk search dest_ip=10.10.20.3 OR dest_ip=10.2.3.5 OR dest_ip=10.6.7.4 OR dest_ip=10.0.4.6 . I ... by vumanhtai Path Finder in Splunk Search 03-14-2018 0 1	0	1
	need to show completion percentage with the following query the following produces all of the other stats except completion percentage sourcetype=access_combined \| transaction ... by bluemarvel Path Finder in Splunk Search 03-14-2018 0 3	0	3
	DNS Names in Events Hi there, We are migrating from Kiwi syslog and one of the things Kiwi can do is show hostnames instead of IP addres... by FraserC1 Path Finder in Splunk Search 03-14-2018 0 4	0	4
	"outputlookup" vs "action.populate_lookup"? I'm trying to figure out some discrepancies between the outputlookup search command and the action.populate_lookup sa... by Lowell Super Champion in Splunk Search 03-14-2018 0 4	0	4
	How to count from raw lines? I have a lot of RAW data with this format: date_time,serverA,down date_time,serverB,down date_time,serverA,down date_... by ndiphe13 Engager in Splunk Search 03-13-2018 0 3	0	3