Splunk Search

Community Activity

	How can I create a query where I can sum the total and then take the percentage and add them in a column? Hello, I need your help for the following: I need to add the Total row and then divide it by the column of funds. E... by Carolina Engager in Splunk Search 03-14-2018 0 7	0	7
	How to compare fieldName from different sourcetypes? I have a field called hostname,domain,ipaddress all my 5 sourcetypes are having same fieldname, I want to compare all... by vemurisurya Path Finder in Splunk Search 03-14-2018 0 3	0	3
	Is there a way to have a list of forwarded files in Splunk? I have multiple xml files which have been forwarded to Splunk from my machine. Each file has its own data which is us... by mawomommoh Path Finder in Splunk Search 03-14-2018 0 4	0	4
	transaction/duration? I have events with a kind of chronological flow. The events contain a ID, status, _time and a time inside the event. ... by Mike6960 Path Finder in Splunk Search 03-14-2018 0 10	0	10
	extracting eval for reuse in other searches Hi I have a dashboard which shows metrics for an API. It has a graph for response times, tables for min max average ... by SimonKof New Member in Splunk Search 03-14-2018 0 2	0	2
	Creating a User profile who has access to monitoring console only Hi All, I checked all the options in Splunk and I am unable to find an option for creating a user with a a role who ... by PhenylVon New Member in Splunk Search 03-14-2018 0 1	0	1
	How to write regex to select specific fields on a search? hi below is my search, when I do search for Error this is what I get; then I run this search to create "Message" f... by carlyleadmin Contributor in Splunk Search 03-14-2018 0 3	0	3
	how to Union 4 searches with 4 field name Hi, Good day! have this search: \| union [\| pivot latest(field0) AS field0 SPLITROW field4 AS field4 \| se... by splunkt0n New Member in Splunk Search 03-14-2018 0 1	0	1
	When using two lookups in a single search, I'm unable to value from the second lookup. How do I do that? \|inputlookup \|eval duration="xyz"\|append[inputlookup \|eval duration2="abc"]\|eval dur3=duration-duration2\| table dur ... by tchintam Path Finder in Splunk Search 03-14-2018 0 4	0	4
	Add a column with a count of unique IP's to a chart Hi@all, i'm new a splunk and been trying to figure out this for a while now. But for me it is not possible to add a ... by markus007 Engager in Splunk Search 03-14-2018 0 6	0	6
	lookup file csv i have a search in splunk search dest_ip=10.10.20.3 OR dest_ip=10.2.3.5 OR dest_ip=10.6.7.4 OR dest_ip=10.0.4.6 . I ... by vumanhtai Path Finder in Splunk Search 03-14-2018 0 1	0	1
	need to show completion percentage with the following query the following produces all of the other stats except completion percentage sourcetype=access_combined \| transaction ... by bluemarvel Path Finder in Splunk Search 03-14-2018 0 3	0	3
	DNS Names in Events Hi there, We are migrating from Kiwi syslog and one of the things Kiwi can do is show hostnames instead of IP addres... by FraserC1 Path Finder in Splunk Search 03-14-2018 0 4	0	4
	"outputlookup" vs "action.populate_lookup"? I'm trying to figure out some discrepancies between the outputlookup search command and the action.populate_lookup sa... by Lowell Super Champion in Splunk Search 03-14-2018 0 4	0	4
	How to count from raw lines? I have a lot of RAW data with this format: date_time,serverA,down date_time,serverB,down date_time,serverA,down date_... by ndiphe13 Engager in Splunk Search 03-13-2018 0 3	0	3
	How to build a table from two index sources with a common id I am completely new to splunk so correct me if i am wrong i have 2 sources of data which contains status codes for th... by nottheboss Engager in Splunk Search 03-13-2018 0 1	0	1
	Extract multiple file names from email attachments Trying to extract all email attachments file names. I am no good with Rex/Regex, so I used the automatic extraction i... by biers04 Explorer in Splunk Search 03-13-2018 0 5	0	5
	Upgrade from 6.5.2 to 7.0.2 - Process Just wondering if there is a staged upgrade process for going from 6.5.2 to 7.0.2. Do we have to go to 6.6.0 first ... by dtfinfrastructu New Member in Splunk Search 03-13-2018 0 1	0	1
	How to find queued jobs from audit.log? Hello, is there a way I can find if a particular job was queued by looking at the audit logs? I never see the status ... by arpit_arora Explorer in Splunk Search 03-13-2018 0 3	0	3
	count of values per event Hi All , i have an event as below Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Fl... by suryaavinash Explorer in Splunk Search 03-13-2018 0 12	0	12
	How do I remove specific characters from a string? For example, I have a string "agreementinquiry-web-2.0.3". My result should only have "agreementinquiry". by joachimroshan New Member in Splunk Search 03-13-2018 0 1	0	1
	Counting an event and then averaging it over a month Hello I'm very new to Splunk and have so far been consuming data as .csv files in order to test things out. I have ... by scornell2 Engager in Splunk Search 03-13-2018 0 3	0	3
	How to count a pattern in one cell Hi I have the following data written to one field. When i run source_SERVICES_count=mvcount(source_SERVICES) i ... by robertlynch2020 Influencer in Splunk Search 03-13-2018 0 2	0	2
	How to write the regex to extract a field with optional end anchors? I haven't a clue why I cannot find this particular issue. I would think it would come up all the time. I want to ext... by Cuyose Builder in Splunk Search 03-13-2018 0 5	0	5
	Using search result(s) in a second, separate search Hi All, I am looking to create a dashboard to support ongoing investigations. This dashboard will have many panels ... by MikeElliott Communicator in Splunk Search 03-13-2018 0 4	0	4