Splunk Search

Community Activity

	i am unable to search the data with sourcetype name but i can search data by index name. i am unable to search the data with sourcetype name but i can search data by index name.Please tell what can i do to ... by Utkarsh_Singh New Member in Splunk Search 01-31-2018 0 2	0	2
	How to make a bar chart from stats and divide it according to a field? I have counts of aging tickets which we have divided into different ranges .But I want to show it as chart which will... by chitreshakumar Communicator in Splunk Search 01-31-2018 0 8	0	8
	Why is there a big difference in performance of searches run admin vs splunk system users? I have been investigating into searches for both admin user and splunk system user. Searched conducted by System User... by anupkpal New Member in Splunk Search 01-31-2018 0 1	0	1
	How to view my error name in where clause? Now i am getting only count i need error messages and host index=test "java.nio.channels.ClosedChannelException"... by karthi2809 Builder in Splunk Search 01-31-2018 0 2	0	2
	Can I add a priority field value as P3 for all the output? Hi I want to add a priority as P3 for the below output. Query index=nonprod sourcetype=port_availability \| de... by Mayanakhan Explorer in Splunk Search 01-31-2018 0 5	0	5
	regex to find domain\account This is the regex I have, though not finding anything..: \|rex "(?<account>\w{2,6}\\.{3,15})" example of domain and... by zaynaly Explorer in Splunk Search 01-31-2018 0 3	0	3
	How to sort results in a search by using a lookup table? So here is what I want to do. I want to be able to search an index and sort the results via subnet/location containe... by dbturner New Member in Splunk Search 01-31-2018 0 1	0	1
	How to use calculated timeframe in splunk query? Hello, I am trying to write a query which results in the subtraction of $datetimepicker value events counts & $datet... by shehenshah14 New Member in Splunk Search 01-31-2018 0 2	0	2
	"stats count" and other summary commands report ~2x the actual counts We have a new sourcetype that's using the AWS Add-on to grab data from S3 (SQS-based). Whenever we do a stats count ... by tschrantz New Member in Splunk Search 01-31-2018 0 4	0	4
	How do I get the avg for each column in a Totals row at the bottom? Hello My base search uses CSV data and is very basic, simple field renames index=fp_dev_csv sourcetype=fp:dev:csv \|... by tkwaller_2 Communicator in Splunk Search 01-31-2018 0 2	0	2
	I need an alert that triggers when it can't find a certain message in the logs within the last hour It always brings up no results. Here is my query: index=abc host = "123" OR host = "456" OR host = "789" OR host = ... by rgarbac1 New Member in Splunk Search 01-31-2018 0 5	0	5
	Another Regex Question I'm trying to rex out a new field from the message.Exception field. What I'm trying to extract is in the brackets be... by kwkeefer Explorer in Splunk Search 01-31-2018 0 5	0	5
	how to write an "if" statement for a value in all the fields? Hi, Is there a way of writing an if condition that basically says, "if value x exists in all of tabled fields, then ... by mahbs Path Finder in Splunk Search 01-31-2018 0 4	0	4
	How to create an If/Else statement inside an eval statement? Hello All, I am running the following search: index="ledata_2017" NOT Project="60*" \| stats sum(ActualPTDCostsAMT) ... by tonahoyos Explorer in Splunk Search 01-31-2018 0 7	0	7
	Help with field extraction I'm failing miserably at this. I'm hoping someone can help me out so I can build my knowledge for future extractions ... by mcollins42 New Member in Splunk Search 01-31-2018 0 6	0	6
	How can I search for a file and then use the name of that file to drive the next search? I have a collection of hundreds of files. I want to write a search that (1) finds which file has a certain keyword a... by dmoulais New Member in Splunk Search 01-31-2018 0 1	0	1
	How to calculate the "Moving" sum of the last 52 weeks? Splunkers! I have a new problem I'm not able to solve, I hope you can help me... Basically, I'm counting the number ... by CarmineCalo Path Finder in Splunk Search 01-31-2018 0 3	0	3
	How to convert Hourly Stats into daily? Hi, I am a Splunk User and been using it for a few months now, I have created a query which creates a table of count... by varunghai Engager in Splunk Search 01-31-2018 0 2	0	2
	How to add a flat, single value line to a graph? Is there any way I can manually add another line to a chart, which is just a single value that I can decide? All I ... by samwatson45 Path Finder in Splunk Search 01-31-2018 0 6	0	6
	compare a search results Hi all, There are 2 fields, A and B... Values of A apple ora nge kite drink mask Values of B are orange.12 orang... by vinoth12 New Member in Splunk Search 01-31-2018 0 2	0	2
	Only show percentages when using pie chart Hi All, My requirement is to display only percentages in the pie chart not the label names. I tried below two optio... by bharathkumarnec Contributor in Splunk Search 01-31-2018 0 9	0	9
	How can I create categories and sub categories from a data field and use keywords from the field to compare it to another excel file? Hello fellow Splunkers,, I have a two fold question. I have a field called Call_DESCRIPTION_Text, which contains is... by shiv1593 Communicator in Splunk Search 01-31-2018 0 0	0	0
	Timestamp creation- index time from csv file Hi All, I have a situation where the data is in csv format and first two columns have date and time information, my ... by sidhantbhayana Path Finder in Splunk Search 01-30-2018 0 5	0	5
	Total occurrences within a column I am pulling Windows event logs for software updates. There's a column for successRatio that is either Success or Fai... by dmarcantonionw Engager in Splunk Search 01-30-2018 0 2	0	2
	Split transaction by new line I have a query like this: 213123123-231231230342 \| transaction startswith="user login process start" endswith="user ... by thomasreggi New Member in Splunk Search 01-30-2018 0 1	0	1