Splunk Search

Community Activity

How to get the differece between each events using streamstats? I want to get the difference the events. Please find the below. Eg: Field1 Field2 Field3 Diff ABC 200... by Rajkumarkbm Engager in Splunk Search 02-21-2018 0 1	0	1
regex - remove comma from the result Hello all, I have a problem extracting field using regex. The nearest query I've made is: index=* \| rex field=_raw ... by krusovice Path Finder in Splunk Search 02-20-2018 0 2	0	2
In a stats based on the item selected in the drop down, how can I display two columns in the panel which display the count when Id=* and when Id=number? Hi, I have a query which does the stats count by ID selected through the drop-down query looks like : index=servers... by macadminrohit Contributor in Splunk Search 02-20-2018 0 2	0	2
How can I create this Splunk Query for a specific domain an display the list of the traffic going to that domain address as a table? I have been out of date with building Splunk queries and I would need your help. 1) For a specific domain, let's say ... by ashishlal82 Explorer in Splunk Search 02-20-2018 0 1	0	1
What exactly does splunk.exe clean eventdata -f do? I get the it cleans out the eventdata, my question is where? Is this limited to the server the command was ran from? ... by cboillot Contributor in Splunk Search 02-20-2018 0 6	0	6
How to run operations on values from a main search and sub search? I have a log file that shows the number of jobs that have been started by an application and the jobs that have been ... by kaphie2002 New Member in Splunk Search 02-20-2018 0 2	0	2
How can I create a drill down to list the name ,using the date available from lookup.csv? i want to create a drill down to list the name ,using the date available in lookup.csv please answer, if there is an... by asmafirdous Engager in Splunk Search 02-20-2018 0 1	0	1
Remove non alphanumeric in the datamodel Hi I have datamodel data like below. I have tried to remove all non alphanumeric. So i can put it on a new field in ... by robertlynch2020 Influencer in Splunk Search 02-20-2018 0 1	0	1
How to pivot a search off a subsearch result? Since I couldn't find this anywhere, I'm making my own question and answer, to better help the "next guy" who has thi... by Michael Contributor in Splunk Search 02-20-2018 0 1	0	1
How can I compare static time value in a lookup field with current system time +/- 5 m? I'm just learning splunk so sorry if this is a simple question. I have a lookup with a field that has static time va... by donrtowery New Member in Splunk Search 02-20-2018 0 3	0	3
How to eliminate identical values of two similar fields? Suppose I have a field called TESTS which contains some values. This field changes every day (each day is represented... by vshakur Path Finder in Splunk Search 02-20-2018 0 2	0	2
How to display success rate as 100 if no API calls are invoked? Please help me in the below search query index=Index1 sourcetype="Tablename" CounterName="Number of Successful API ... by rgopal88 New Member in Splunk Search 02-20-2018 0 1	0	1
How can I change color on pie chart with rangemap? I have a pie chart and use \| rangemap field=test1 low=0-1 elevated=2-49 severe=50-100. How can I get these colors to... by chadman Path Finder in Splunk Search 02-20-2018 0 2	0	2
Mounted Bundle path - Search Head How does the search head know the location of the mounted bundle? When you configure the mounted bundle you add this... by mookiie2005 Communicator in Splunk Search 02-20-2018 1 4	1	4
How to search to find a match in lookup file? I have 2 lookup files. Am getting empnumber from one file and then trying to search for the corresponding email id fr... by surekhasplunk Communicator in Splunk Search 02-20-2018 0 5	0	5
Help with extraction of field created at index time? All, Testing an index'd time field extraction in a test environment. It SEEMS to have worked, but randomly the fiel... by daniel333 Builder in Splunk Search 02-20-2018 0 2	0	2
Web Data Model no referrer Can anyone help with the following please. Im looking to run a tstats query against the Web Data Model but exclude re... by jacqu3sy Path Finder in Splunk Search 02-20-2018 0 7	0	7
Need a help in Regex? Hi All, Need a small help in the regex, I am able to match the host name but unable to over write to the host field i... by Hemnaath Motivator in Splunk Search 02-20-2018 0 13	0	13
how can I get the per hour results of the sum of max value per location? Hi Guys, I have 10 locations with around 100 spaces each then every 10 mins a new message is sent to update the curr... by auaave Communicator in Splunk Search 02-20-2018 0 5	0	5
How to get overall stats if in a single log a particular event is missing? Hello There, I am trying to get an overall stats for all the logs with a particular sourcetype, however in some sour... by Matinrokz New Member in Splunk Search 02-20-2018 0 10	0	10
How to join 2 searches using time range? Hi all, We're trying to combine 2 searches: Search 1: application transaction log ...\| transaction connId \| eval ... by stwong Communicator in Splunk Search 02-20-2018 0 3	0	3
How do I use a default value if latest(_time) cannot be found? Hi, I'm trying to create a search that calculates how long a device has been offline, with a maximum of two days. H... by packland Path Finder in Splunk Search 02-19-2018 0 1	0	1
Making multi value field in props/transforms from auto-extracted field I have events that whose fields like this: Name=[name1,name2,name3] Application=[app1,app2,app3] Splunk is auto-e... by _smp_ Builder in Splunk Search 02-19-2018 0 3	0	3
How to filter fields (Stats: Value, List, Latest) I have 5 fields of data I want in a stats table, some of these fields have more than 1 value inside and they all corr... by JoshuaJohn Contributor in Splunk Search 02-19-2018 0 2	0	2
How to join 2 query from different sources? Hi Guys, I have 2 queries that I have to combine. I haven't done this before and I'm really struggling.  1st query:... by auaave Communicator in Splunk Search 02-19-2018 0 11	0	11