Splunk Search

Community Activity

	How to join 2 searches using time range? Hi all, We're trying to combine 2 searches: Search 1: application transaction log ...\| transaction connId \| eval ... by stwong Communicator in Splunk Search 02-20-2018 0 3	0	3
	How do I use a default value if latest(_time) cannot be found? Hi, I'm trying to create a search that calculates how long a device has been offline, with a maximum of two days. H... by packland Path Finder in Splunk Search 02-19-2018 0 1	0	1
	Making multi value field in props/transforms from auto-extracted field I have events that whose fields like this: Name=[name1,name2,name3] Application=[app1,app2,app3] Splunk is auto-e... by _smp_ Builder in Splunk Search 02-19-2018 0 3	0	3
	How to filter fields (Stats: Value, List, Latest) I have 5 fields of data I want in a stats table, some of these fields have more than 1 value inside and they all corr... by JoshuaJohn Contributor in Splunk Search 02-19-2018 0 2	0	2
	How to join 2 query from different sources? Hi Guys, I have 2 queries that I have to combine. I haven't done this before and I'm really struggling.  1st query:... by auaave Communicator in Splunk Search 02-19-2018 0 11	0	11
	First match from end of the line regex Hi Everyone, Trying to get the expression to read first match from the end off the line and not the beginning of the... by subtrakt Contributor in Splunk Search 02-19-2018 0 5	0	5
	Eval count in two searches Hi, I have a search that lists top 50 events based on the following search : index=servers sourcetype=json appName=... by macadminrohit Contributor in Splunk Search 02-19-2018 0 1	0	1
	Does Splunk backup and archive Windows logs on a standalone Windows computer? After installing the free version of Splunk on a standalone Windows 7 PC and configuring Splunk to monitor the window... by codymoore New Member in Splunk Search 02-19-2018 0 1	0	1
	Multiple values - mvexpand not doing what I expect Hi , I have a query that looks like this earliest=-100hr index=blahalarm STATUS=readyArmed OR STATUS=ready OR STATU... by dbcase Motivator in Splunk Search 02-19-2018 0 2	0	2
	grep -f over multiple fields i'm trying to do something similar to grep -f over multiple sourcetypes that i've appended together into one search. ... by murhammr Path Finder in Splunk Search 02-19-2018 0 3	0	3
	How to join multiple sources with common fields and display stats using fields from both tables Hello, I'm new to splunk. I would like to know how to join several sources and have the results stats displayed from ... by Valisha2005 New Member in Splunk Search 02-19-2018 0 1	0	1
	Correct syntax for condition Im trying to perform a condition based on 2 varibles, but I can't seem to get right the expression. I've been trying ... by greggz Communicator in Splunk Search 02-19-2018 0 7	0	7
	How to add icon to a panel instead of table so there are no borders? I want to remove the table headers completely from my dashboard so I can just display values in a table with the head... by kdimaria Communicator in Splunk Search 02-19-2018 0 30	0	30
	Is it possible to convert UID's to usernames while using fschange? While using fschange we would like to see usernames rather than uid's in splunk while searching the audit logs. by joshnicholson99 New Member in Splunk Search 02-19-2018 0 0	0	0
	Create a table from a multivalue field Hi to all, i need to create a table for a multivalue event. Event is like: field1=value1, field2=value2, field3="val... by maurelio79 Communicator in Splunk Search 02-19-2018 0 2	0	2
	Splunk calculate average of events Hi All, Can you please help. I want to create a query whiich could : Calculate average of current events on server. by sahil237888 Path Finder in Splunk Search 02-19-2018 0 11	0	11
	Splunk Intellignent Text pattern matching Hello Folks, part 1 - As far as i know,Splunk can match below users with same pattern "John%" , but all 6 are same u... by premforsplunk Explorer in Splunk Search 02-19-2018 0 1	0	1
	How to get sum of a specific field using eval index=sampleidx \|stats count(eval(value="1")) as total1 How to do this using eval? by mjlsnombrado Communicator in Splunk Search 02-18-2018 0 5	0	5
	How to only display the lowest value of field per group Hello I am tabling a bunch of data. In the table there is a field called Workflow Sort Order which orders the the da... by tkwaller_2 Communicator in Splunk Search 02-18-2018 0 4	0	4
	How can I get this field value in my table? Hello Im trying to get the contents of a field What I am wanting is the date from a field called "Past Due Step Due D... by tkwaller_2 Communicator in Splunk Search 02-18-2018 0 4	0	4
	How to convert decimal numbers to percentage? Hi guys, With my below query, how can I convert the value of %Empty and %Occupied to Percentage instead of decimal? ... by auaave Communicator in Splunk Search 02-18-2018 0 6	0	6
	X-label -> only appear hour I did this search on splunk: index=esi_svc svc_top=1 earliest=10/19/2017:0:0:0 latest=10/19/2017:23:59:0 \|eval erro... by assuncao New Member in Splunk Search 02-17-2018 0 1	0	1
	How to split Json array using Splunk Search commands?? My Query is : \|inputlookup geo_jj \| eval types = "{\"geom\": " + geom + "}" \| spath input=types i got output i... by ajayabburi508 Path Finder in Splunk Search 02-17-2018 0 4	0	4
	How can I limit the results to only users that have more than 3 EventCode=4625? How can I limit the results to only users that have more than 3 EventCode=4625? I am trying to show only users that h... by AbelCruz Path Finder in Splunk Search 02-16-2018 0 3	0	3
	How to compare dates for expiration purposes? Greetings, I am trying to create a panel that helps me track expired trainings. What I am trying to do is to take the... by albinortiz Engager in Splunk Search 02-16-2018 0 13	0	13