Splunk Search

Community Activity

how to search for a field containing timedate relative to todays date? I have a field named "Expiry date" that contains future dates. I want to make a search that list will all entries tha... by zaynaly Explorer in Splunk Search 01-29-2018 0 5	0	5
What is the search range given for beginning and end query? Given the following log lines: Alpha Beta Gamma Hello World Soup I would like to query ` \| first="Beta" \| last="W... by thomasreggi New Member in Splunk Search 01-29-2018 0 1	0	1
How to fix the mismatched bracket in regex? Hi, I have the below regex and Splunk keeps telling me I have a mismatched "[" and for the life of me I can't figure... by dbcase Motivator in Splunk Search 01-29-2018 0 2	0	2
How to pair values of the "FIELD" with values of the "VALUE" field? I'm trying to figure out the best way to extract values currently displayed under the field name "FIELD", for example... by johnward4 Communicator in Splunk Search 01-29-2018 0 6	0	6
How to keep the original start time, but continuously update the end time using the dedup command? So the query that is currently in use is: index=name source=source_name \| fields start_time end_time src subject cat... by rebeccaweaver New Member in Splunk Search 01-29-2018 0 3	0	3
transform field in sha256 before indexation is there a way to transform a field in sha256 before indexation? in the sourcetype ? I can do that after using \| e... by splunkLPN Path Finder in Splunk Search 01-29-2018 0 1	0	1
How to create a search to make a table of count of failed logins by user with fields in other columns? A table with the count of failed login by a user for a day over the period of 7 days with the columns date, sourceip,... by supreetsingh75 New Member in Splunk Search 01-29-2018 0 7	0	7
How to get a single value subtraction from two Timecharts? Hi, I have two searches Total Memory and Available memory and I want to subtract this two queries result, so that ... by mujahidsof New Member in Splunk Search 01-29-2018 0 6	0	6
How to use tstats and get raw last event? Hello, I would like to get raw last event for each source listed by tstats, how to do? I've tried tstats ... \| join ... by splunkreal Motivator in Splunk Search 01-29-2018 0 9	0	9
How to exclude values from evaluation ? I have a list of values for trans_time field ranging from 0 to 45000 (not continious values). I am performing some c... by zacksoft Contributor in Splunk Search 01-29-2018 0 3	0	3
Why are the values showing wrong stats? earliest=-32d@d \| search Mode="GoNoGo" \| stats dc(source) by Number \| eval A=if(source= "faulty.csv", "Fail", "Pass"... by LH_SPLUNK Explorer in Splunk Search 01-29-2018 0 2	0	2
Why IQR shows me only 10,000 results ? I'm trying to find outlier using IQR method suggested by Splunk. I wonder why the statistics only shows 10,000 result... by zacksoft Contributor in Splunk Search 01-29-2018 1 8	1	8
Applying a search filter (srchFilter) conditionally Hello, I'm working on a Splunk system where we want to restrict users to certain data behind the scenes based on the... by caseyra Explorer in Splunk Search 01-29-2018 0 9	0	9
How to get an average value in timechart with time format? I want an average answering duration of each HR persons in hh:mm format rep_duration is the time taken to answer and... by SapthagiriAavik Explorer in Splunk Search 01-29-2018 0 9	0	9
How to extract values from all fields? Hi Team, I want to extract the values like left side(LABEL on of the fileds) all fields and values should take from a... by senthamilselvan Engager in Splunk Search 01-29-2018 0 5	0	5
How to find the totals of status codes per uri per day? I am using the following search: ( sourcetype=iis ) sc_status=500 \|stats count by uri_path sc_status date but tha... by Arjang Explorer in Splunk Search 01-29-2018 0 4	0	4
Auto extracted field with kv_mode is overriding my default source and sourcetype Hi Not sure this question has been asked before, I didn't seem to find that particular one, so here goes: I'm using... by llacoste Path Finder in Splunk Search 01-29-2018 0 4	0	4
Search Schedule Window option not there Hi all, I have a 6.3.0 enterprise clustered installation with several alerts running with 5min intervals. Most of th... by dkoops Path Finder in Splunk Search 01-28-2018 0 2	0	2
Anybody have an idea for base64 decoding of fields in Splunk 6.5 Hi. I have upgraded to Splunk 6.5, and have a new source, with some base64 encoded values. I have tried looking at t... by las Contributor in Splunk Search 01-28-2018 2 2	2	2
Compare data from Yesterday and today without Weekend host=somehost sourcetype=somesource earliest=@d+9h latest=now\| timechart span=15m dc(UserId) \| appendcols [search hos... by manapuna New Member in Splunk Search 01-28-2018 0 6	0	6
is the stats count is count of event or count of word? For example I have a query like below index=ABC \| stats count by host Does stats is the word count of all the eve... by pavanae Builder in Splunk Search 01-28-2018 0 3	0	3
In a time limited table, I'd like to indicate which field values are unique across the whole data set? Hi there, I have this dashboard that displays a table of field values from a data set. At the top are some filters, ... by jezwebb New Member in Splunk Search 01-27-2018 0 1	0	1
Match value from lookup table to values of specific fields Hi, How to match lookup table of ip addresses with the existing field value of host_ip I want to display IP addres... by onkarkore1 Explorer in Splunk Search 01-27-2018 0 4	0	4
How to extract field from data like this? Hi All, I am working on some weather RSS indexing, some of the data look like this. King's Park\| 17 degrees ; Wong... by cflam Splunk Employee in Splunk Search 01-27-2018 0 5	0	5
How to search what values are missing in my lookup table? How to write a search to get a list of items which are not matching. Example : I have a list of devices : A B C D... by raomu Explorer in Splunk Search 01-27-2018 1 8	1	8