Splunk Search

Community Activity

How do I subtract two fields containing %m%d%y format time values to get the age of an event? I'm trying to create a new field that is the result of the Current Date minus the time stamp when my events were crea... by johnward4 Communicator in Splunk Search 03-08-2018 0 8	0	8
How to add a static value to a table with one column? I'm trying to add a single value to a table I use to dynamically populate a selector in a dashboard. The search I use... by brajaram Communicator in Splunk Search 03-08-2018 0 4	0	4
How to find time range duration or value? In searching, I understand that I can specify the time range using one of the presets (like "Last 4 hours") or set it... by flow2k Explorer in Splunk Search 03-08-2018 0 1	0	1
How do I chart 2 searches on one chart? Searches index=nix sourcetype=cpu host="host a" CPU="all" \| eval Percent_CPU_Load = 100 - pctIdle \| timechart limit... by afamoyib Path Finder in Splunk Search 03-08-2018 0 3	0	3
updating geolocation DB Currently, we are running 6.6.2 and are using the geolite2 DB to do the iplocation mapping. I have read the followi... by wainwrid Engager in Splunk Search 03-08-2018 0 1	0	1
How to extract a field with date string values? I extracted a field SNDateCreated (regex shown below), the values in this field are represented as strings. index="... by ashishlal82 Explorer in Splunk Search 03-08-2018 0 1	0	1
How to trigger map only when variable value exists? This query capture the id from logs and make a search in the database, when there is a id value in logs it works well... by ibob0304 Communicator in Splunk Search 03-08-2018 0 1	0	1
Universal Forwarder blacklist - Can anyone help with a simple regex? Hi everyone, On my Universal Forwarder, I'm able to effectively blacklist Windows event codes when I do it based on ... by baf879 Path Finder in Splunk Search 03-08-2018 1 28	1	28
chart count over in splunk \| rest /services/authentication/users splunk_server=local \| search [\| rest /services/authentication/current-context \|... by surekhasplunk Communicator in Splunk Search 03-08-2018 0 1	0	1
Best way to have the Splunk Indexers handle a CSV log file... by balbano Contributor in Splunk Search 03-08-2018 0 6	0	6
How to find out the event with max duration? How to find out the event with max duration? I used command transaction to group events and I want to find out the ev... by chhawu New Member in Splunk Search 03-08-2018 0 5	0	5
How to find unmatched value present in the list? Let suppose,In a list(owner_name) as owner_name we are having following values, shyam ram Shyam Shyam And we have to... by pal_sumit1 Path Finder in Splunk Search 03-08-2018 0 4	0	4
Match data from items listed in column of csv file I have a .csv file with multiple columns. This is an auto-generated .csv file, and I only need to search against one ... by iomega311 Explorer in Splunk Search 03-08-2018 0 2	0	2
Populating Additional Information on Field Data I'm getting log data from a system that uses codes for each entry and I'd like to replace or add a description of the... by chrisschum Path Finder in Splunk Search 03-08-2018 0 3	0	3
How to Group data by a few factors? Hello, I need to prepare statistics of some events occurrences and this is my data in splunk: 07-03-18;11:55:14;id... by tatery Engager in Splunk Search 03-08-2018 0 12	0	12
Is there something like a "sql database view" in splunk to hide the complexity of a search/report from the end user Is there something like a "sql database view" in splunk to hide the complexity of a search/report from the end user? by emichels Loves-to-Learn in Splunk Search 03-08-2018 0 2	0	2
question involving breaking out multiple multivalue fields into events I'm having issues trying to break out individual events that are combined into multi-value fields When I do a table ... by kmaron Motivator in Splunk Search 03-08-2018 0 4	0	4
Why are my dashboard panels using a base search showing no results, but shows results if opened in search? Hi, I've encountered this problem a couple of times now. I have a dashboard where some of the panels run on a base ... by hettervik Builder in Splunk Search 03-08-2018 6 7	6	7
Syslog-help me How can I transfer data from splunk to syslog? I did not understand the explanation in the link: http://docs.splunk.c... by dabany Engager in Splunk Search 03-08-2018 0 1	0	1
Time format and table sorting issues So, I have this search on events that cover from the 28th of February to the 6th of March, 2018: Some basic search... by jwillaime Explorer in Splunk Search 03-07-2018 0 3	0	3
How to display the data for the last 4 weeks by week number? Hi, I want to create dashboard that displays the 4 weeks data by week number. The database normally have 3 months of... by auaave Communicator in Splunk Search 03-07-2018 0 10	0	10
search to find Bush's stolen watch Does anyone know how to craft a search to find George Bush's stolen watch? by ledion Path Finder in Splunk Search 03-07-2018 3 7	3	7
How to add Currency Symbol ($ dollar sign) to a column with numbers? Hi all, I have a column in splunk that I want to use to show totals. I would like for the dollar sign ($) to appear ... by tdunphy_ Explorer in Splunk Search 03-07-2018 0 2	0	2
How to extract name/value pair from XML datasource? I'm asking this question on behalf of a customer. We are ingesting XML data and it comes in clean. Timestamp is bein... by rvoninski_splun Splunk Employee in Splunk Search 03-07-2018 0 8	0	8
How to get average of all the summed values? Hi, I am trying to sum up all the field values grouped by a field value(suppose fieldA) in my initial query and I g... by rakeshyv0807 Explorer in Splunk Search 03-07-2018 0 1	0	1