Splunk Search

Community Activity

How to calculate moving standard deviation in Splunk? _time, Prev Week(count),Prev 2 week(count),avg,3*Std Dev,Current count,Delta,RAG 1:30 8 7 7.5 2.121320344 8 ... by payal23 Path Finder in Splunk Search 03-10-2018 0 2	0	2
Is there a more efficient way to remove stop words from a text field than using the makemv and mvexpand combo? Hello, I'm currently performing analysis on a free text field and the first step is to remove stop words. This is m... by andrewtrobec Motivator in Splunk Search 03-10-2018 1 2	1	2
eventstats Noob question. What is the different between stats and eventstats commands? by passing Explorer in Splunk Search 03-10-2018 5 5	5	5
How to filter multiple values with pivot command - is the 'in' operator broken? Based on the Splunk pivot command documentation, one should be able to use: \| pivot ..... splitrow fieldname f... by wcooper003 Communicator in Splunk Search 03-09-2018 1 4	1	4
How do i subtract values from the same field and table results by another field in this case Field B How do i subtract values from the same field and table results by another field in this case Field B subtract 400 - ... by Bentash Explorer in Splunk Search 03-09-2018 0 7	0	7
REST endpoints /data/indexes and/data/indexes-extended give different number of event counts I'm trying to obtain the total number of events stored in an index. However, using 2 REST endpoints give me two diffe... by thenhaque Explorer in Splunk Search 03-09-2018 0 1	0	1
Pass a selected value to a join after calculations and other join with the same eventtype This is the question; In general, I have been able to resolve my doubts after the publications here, but I have had p... by ricardocastille New Member in Splunk Search 03-09-2018 0 3	0	3
How to customize stats using simple math? If I wanted a count of all the events in all my indices, I can just do: index=* \| stats count, which just returns a s... by flow2k Explorer in Splunk Search 03-09-2018 0 6	0	6
Why is Splunk Service not starting with 'authDb' error? Hi - any idea why my Splunk service is failing with this error? What is 'authDb'? ~]# service splunk start Starting... by NicholasLeader New Member in Splunk Search 03-09-2018 0 1	0	1
How to combine the output of 2 different fields into one single field? I have two fields I would like to combine into one field. field1 \| field2 \| combined field 1. ... by snix Communicator in Splunk Search 03-09-2018 0 3	0	3
Using `eval` to match all values (or existence) of a field Often, we can use eval(myField=someValue)) with aggregate functions like count and avg, as well as time function like... by flow2k Explorer in Splunk Search 03-09-2018 0 6	0	6
Is there a way to make use of a list of IP addresses for servers which have sensitive information in a Splunk search? Our campus is putting together a database of systems with sensitive or restricted information on them. I'd like to ex... by wrangler2x Motivator in Splunk Search 03-09-2018 0 10	0	10
Search not returning results from lookup table Hi all, Been racking my brain trying to create this search and I can't seem to get it working, so I was hoping you a... by celestekiyoko Explorer in Splunk Search 03-09-2018 0 3	0	3
Wildcard search not producing accurate results Hi I am running a wild card search as i am using an input window (with the default value as a wildcard search that w... by colinmchugo Explorer in Splunk Search 03-09-2018 0 3	0	3
How to move an index to another app? In the Settings->Indexes screen I found one of my indexes is listed as being part of a different app than the one I'm... by richgalloway SplunkTrust in Splunk Search 03-09-2018 1 7	1	7
Signaling a problem with a Splunk Web page (I know this isn't a question, but since the contact page only leads to Sales or to phone numbers, I'm using this pla... by DUThibault Contributor in Splunk Search 03-09-2018 0 2	0	2
Field Extraction If the event has field names and values both separated by pipe, how to do field extraction. Field1\|Value1\|Field2\|Val... by ReachDataScient Explorer in Splunk Search 03-09-2018 0 1	0	1
Can you pipe the output of a transaction command into a rex command? I want to pipe the output of a transaction command into a rex command to parse something out of the result. Is this p... by jbrenner Path Finder in Splunk Search 03-09-2018 0 3	0	3
Multiple Searches with BRO LOGS - Trying to correlate certificate data. In BRO 2.5.X there are about 3 or 4 log files that have SSL Certificate information: x509.log, ssl.log, conn.log an... by baegoon Explorer in Splunk Search 03-09-2018 0 0	0	0
How to run two searches and table the results? Good afternoon Guys, Second question in as many days, but this one is puzzling me and my tiny useless uneducated br... by Barty Explorer in Splunk Search 03-09-2018 0 5	0	5
tstats in macro without pipe Hello, is it normal that tstats must be without pipe \| to run in a macro? The macro is scheduled. Thanks. by splunkreal Motivator in Splunk Search 03-09-2018 0 1	0	1
How can we only see results when they are NOT found? I have a large CSV lookup table operational and working well but would like to run a search on my data that only show... by jtitus3 Explorer in Splunk Search 03-09-2018 0 2	0	2
Subsearch in eval not working I'm trying to get the eval value in subsearch and use it for further searching in the query. I guess there is issue w... by k_harini Communicator in Splunk Search 03-09-2018 0 4	0	4
Increasing the number of ad-hoc searches for the user Is it possible to increase the number of concurrent ad-hoc searches for the user, without increasing the number of sc... by kiril123 Path Finder in Splunk Search 03-09-2018 0 2	0	2
Finding the minimum and maximum value Hi All, I have 3 files in one index, Cycle 10.csv, Cycle 11.csv, and Cycle 12.csv. All of the 3 files have a "Cycl... by jvmerilla Path Finder in Splunk Search 03-09-2018 0 1	0	1