Splunk Search

Community Activity

Is there a way to chain searches? All, A user just asked me this, any ideas on how to do this? Splunkj Q: is the following supported? I create an al... by daniel333 Builder in Splunk Search 03-19-2018 1 4	1	4
How to determine the number of "BAD" transactions Hi, I have this query earliest =-30m index=relay_json host=betamax* relayPairId!="null" \| transaction relayPairId s... by dbcase Motivator in Splunk Search 03-19-2018 0 1	0	1
Adding a column from a subsearch I have this query that i've lightly changed from the winfra app, but i want to add a PID into it, that would be in th... by hatbeard Explorer in Splunk Search 03-19-2018 0 3	0	3
Display table issue Currently I have a table generate by my query as below query: index=a \| stats count by name code signature name ... by samlinsongguo Communicator in Splunk Search 03-19-2018 0 10	0	10
Splunk conditional count/aggregation I have some CSV data about files imported in to Splunk. The data looks like this: "\\domain\path\to\file\","<filenam... by bomran Explorer in Splunk Search 03-19-2018 1 2	1	2
search against a lookup table Need help. How to I obtain the following output? I tried the following SPL but doesn't work. index=car_record \| sear... by linwqg New Member in Splunk Search 03-19-2018 0 6	0	6
Can I use regex to assign a sourcetype? Hello. I new to regex and have been trying to understand how it works. Let say i have a log containing strings of i... by linwqg New Member in Splunk Search 03-19-2018 0 5	0	5
Calculating Source type info indexing rate and EPS Hello Splunkers, I would like to calculate below EPS values for 30 days time period for each source type on one c... by Splunk_rocks Path Finder in Splunk Search 03-19-2018 0 4	0	4
How to do eval and percentage based calculations? I want to calculate the amount of change in between today's score and yesterdays. This is a file with a few days data... by Splunk_rocks Path Finder in Splunk Search 03-19-2018 0 6	0	6
I want to find the difference in count of processes from last 2 months My 1st search: earliest=-2mon@mon latest=-1mon@mon index=linux (host=abc OR host=xyz) COMMAND=LMN\|dedup host,PID\|stat... by shreyasathavale Communicator in Splunk Search 03-19-2018 0 6	0	6
How do I merge events on the basis of time and fields? I want to merge events that are in between state=" STARTED" and state="COMPLETED" i.e. All the following events of st... by pratibha2018 Explorer in Splunk Search 03-19-2018 0 9	0	9
Search Query Help Hi Team, I got a scenario as below: index=* host=A or host=B Type=Info "Service down" In this i want the following... by anandhalagarasa Path Finder in Splunk Search 03-19-2018 0 6	0	6
How to build a multi-level piechart? Hello, I am searching for a possibility to build a multi-level piechart in Splunk. Does anyone knew if the is an bui... by mihenn Path Finder in Splunk Search 03-19-2018 1 5	1	5
How to extract a field from a GET request? Hi All - I am having trouble extracting the following fields from a GET request . GET /TSGene/images/literature... by dmenon84 Path Finder in Splunk Search 03-18-2018 0 8	0	8
how can you run one search and share that data with multiple panels How can or is there a way of running one search and sharing the resulting data amongst multiple panels in a Dashboar... by TDR57 Explorer in Splunk Search 03-18-2018 0 2	0	2
Nested JSON and SPATHING Hi, I have another question similar to the question I asked at https://answers.splunk.com/answers/624148/expanding-n... by BearMormont Path Finder in Splunk Search 03-18-2018 0 4	0	4
Pivot search hello , someone can help me to translate this pivot command in search command \| pivot proofpoint proofpoint_search ... by ALLIACOM New Member in Splunk Search 03-17-2018 0 2	0	2
Creating new fields using already set data I am working with data from an application but the data has been forwarded to Splunk as raw data and appear randomly ... by leagawa New Member in Splunk Search 03-17-2018 0 1	0	1
How to create a real-time map of attacks I want to create a real-time map similar to https://cybermap.kaspersky.com/ that tracks and displays the exact locati... by Shabalala9 New Member in Splunk Search 03-16-2018 0 1	0	1
Can any one help to understand & use of below command in eval Can any one help to understand & use of below command in eval index=_internal \| eval Mahesh=max(1, 3, 6, 7, "foo", fi... by maheshsat Explorer in Splunk Search 03-16-2018 0 1	0	1
Trying to change date index=_internal \| eval Mahesh=replace(date, "^(\d{1,2})/(\d{1,2})/", "\2/\1/") My date 03-16-2018 I need 16-03-2018 by maheshsat Explorer in Splunk Search 03-16-2018 0 2	0	2
CPU Usage by Process Is there a way to pull a list of running processes and the CPU % usage per process via Splunk natively? Using Powers... by Kendo213 Communicator in Splunk Search 03-16-2018 0 2	0	2
Calculate difference between 2 time fields using strptime As an example, I am getting weather data where in each json even I have the sunrise and sunset time for that day. The... by MedralaG Communicator in Splunk Search 03-16-2018 0 10	0	10
How to create a real-time map of attacks by Source IP? I would like to create a live map similar to the one at Norse: http://map.norsecorp.com. Below is the search that I ... by kmedina1 Explorer in Splunk Search 03-16-2018 0 4	0	4
Find percentage between two fields whose name will fall into a naming convention I have a set of fixed fields that define a maximum threshold with the naming convention of "resources_available_[[con... by mjones414 Contributor in Splunk Search 03-16-2018 0 1	0	1