Splunk Search

Community Activity

How to get an average value in timechart with time format? I want an average answering duration of each HR persons in hh:mm format rep_duration is the time taken to answer and... by SapthagiriAavik Explorer in Splunk Search 01-29-2018 0 9	0	9
How to extract values from all fields? Hi Team, I want to extract the values like left side(LABEL on of the fileds) all fields and values should take from a... by senthamilselvan Engager in Splunk Search 01-29-2018 0 5	0	5
How to find the totals of status codes per uri per day? I am using the following search: ( sourcetype=iis ) sc_status=500 \|stats count by uri_path sc_status date but tha... by Arjang Explorer in Splunk Search 01-29-2018 0 4	0	4
Auto extracted field with kv_mode is overriding my default source and sourcetype Hi Not sure this question has been asked before, I didn't seem to find that particular one, so here goes: I'm using... by llacoste Path Finder in Splunk Search 01-29-2018 0 4	0	4
Search Schedule Window option not there Hi all, I have a 6.3.0 enterprise clustered installation with several alerts running with 5min intervals. Most of th... by dkoops Path Finder in Splunk Search 01-28-2018 0 2	0	2
Anybody have an idea for base64 decoding of fields in Splunk 6.5 Hi. I have upgraded to Splunk 6.5, and have a new source, with some base64 encoded values. I have tried looking at t... by las Contributor in Splunk Search 01-28-2018 2 2	2	2
Compare data from Yesterday and today without Weekend host=somehost sourcetype=somesource earliest=@d+9h latest=now\| timechart span=15m dc(UserId) \| appendcols [search hos... by manapuna New Member in Splunk Search 01-28-2018 0 6	0	6
is the stats count is count of event or count of word? For example I have a query like below index=ABC \| stats count by host Does stats is the word count of all the eve... by pavanae Builder in Splunk Search 01-28-2018 0 3	0	3
In a time limited table, I'd like to indicate which field values are unique across the whole data set? Hi there, I have this dashboard that displays a table of field values from a data set. At the top are some filters, ... by jezwebb New Member in Splunk Search 01-27-2018 0 1	0	1
Match value from lookup table to values of specific fields Hi, How to match lookup table of ip addresses with the existing field value of host_ip I want to display IP addres... by onkarkore1 Explorer in Splunk Search 01-27-2018 0 4	0	4
How to extract field from data like this? Hi All, I am working on some weather RSS indexing, some of the data look like this. King's Park\| 17 degrees ; Wong... by cflam Splunk Employee in Splunk Search 01-27-2018 0 5	0	5
How to search what values are missing in my lookup table? How to write a search to get a list of items which are not matching. Example : I have a list of devices : A B C D... by raomu Explorer in Splunk Search 01-27-2018 1 8	1	8
Search to display the first instance of a particular field I have a search which extracts some values into a table including the date. For one of the fields, e.g. src_ip, I wan... by jsc7 New Member in Splunk Search 01-27-2018 0 1	0	1
Head scratcher regex Hi I have the below data and need to extract three things, 2 of which are pretty easy (method (GET or POST) and resp... by dbcase Motivator in Splunk Search 01-26-2018 0 5	0	5
How to create a transaction that startswith=(something!="(null)") endswith=(something="(null)") My goal is to create a transaction that ends with customerId being "(null)" and starts with customerId being somethin... by ib_321 New Member in Splunk Search 01-26-2018 0 6	0	6
How to filter out IPs from being indexed? I am not good at regex, so I need help filtering some IPs from being indexed. raw event looks like this: 192.168.18... by mcbradford Contributor in Splunk Search 01-26-2018 0 3	0	3
How to extract events from multi-level json? Please believe me  that I have searched for an answer until my index finger bled (pun intended, but seriously...I ha... by mgallacher Engager in Splunk Search 01-26-2018 0 1	0	1
How to get different results for strptime on different laptops? I've to run a count difference for a query over a period of time. For example. I need the difference of counts for my... by skomaravelli Engager in Splunk Search 01-26-2018 0 0	0	0
How do I use a lookup table to resolve ips to their hosts, when some ip's have hosts and some don't, but I want to show both? I am trying to make a pie chart with a breakdown of ip's that have been resolved to their hosts, if they have one, or... by ResurgoSplunkKn New Member in Splunk Search 01-26-2018 0 8	0	8
Need help with TIME_PREFIX Given a representative sample of my logs: Jan 25 14:19:20 1.1.1.1 64: Jan 25 22:19:19.281: %LINK-3-UPDOWN: xxxxxxxxx... by reswob4 Builder in Splunk Search 01-26-2018 0 6	0	6
Differentiate between environments in a search I am building our new dashboards and alerts in our Acceptance environment, later we will move the whole app to Produc... by Bob_Bard Explorer in Splunk Search 01-26-2018 0 8	0	8
How can I order events based on how they appear in a file? I have an XML file which is in this format: <?xml version="1.0"?> <EvaluateMethods xmlns:xsi="http://www.w3.org/2001... by mawomommoh Path Finder in Splunk Search 01-26-2018 0 5	0	5
What is the scope of the FILLNULL command? A co-worker has a macro that generates a new field TIME by first testing if the field value is null then converts the... by RickCurry Explorer in Splunk Search 01-26-2018 0 7	0	7
Does frozenTimePeriodInSecs work in [default]? I have a local indexes.conf file on all my indexers: [default] frozenTimePeriodInSecs = 63072000 # 2 yr... by wsanderstii Path Finder in Splunk Search 01-26-2018 1 3	1	3
Can you add a search peer with expired license? I am running in to some problems adding search peers and have a question. Does the free version of Splunk with an ex... by mhouse3 Path Finder in Splunk Search 01-26-2018 0 1	0	1