Splunk Search

Community Activity

How to exclude values from evaluation ? I have a list of values for trans_time field ranging from 0 to 45000 (not continious values). I am performing some c... by zacksoft Contributor in Splunk Search 01-29-2018 0 3	0	3
Why are the values showing wrong stats? earliest=-32d@d \| search Mode="GoNoGo" \| stats dc(source) by Number \| eval A=if(source= "faulty.csv", "Fail", "Pass"... by LH_SPLUNK Explorer in Splunk Search 01-29-2018 0 2	0	2
Why IQR shows me only 10,000 results ? I'm trying to find outlier using IQR method suggested by Splunk. I wonder why the statistics only shows 10,000 result... by zacksoft Contributor in Splunk Search 01-29-2018 1 8	1	8
Applying a search filter (srchFilter) conditionally Hello, I'm working on a Splunk system where we want to restrict users to certain data behind the scenes based on the... by caseyra Explorer in Splunk Search 01-29-2018 0 9	0	9
How to get an average value in timechart with time format? I want an average answering duration of each HR persons in hh:mm format rep_duration is the time taken to answer and... by SapthagiriAavik Explorer in Splunk Search 01-29-2018 0 9	0	9
How to extract values from all fields? Hi Team, I want to extract the values like left side(LABEL on of the fileds) all fields and values should take from a... by senthamilselvan Engager in Splunk Search 01-29-2018 0 5	0	5
How to find the totals of status codes per uri per day? I am using the following search: ( sourcetype=iis ) sc_status=500 \|stats count by uri_path sc_status date but tha... by Arjang Explorer in Splunk Search 01-29-2018 0 4	0	4
Auto extracted field with kv_mode is overriding my default source and sourcetype Hi Not sure this question has been asked before, I didn't seem to find that particular one, so here goes: I'm using... by llacoste Path Finder in Splunk Search 01-29-2018 0 4	0	4
Search Schedule Window option not there Hi all, I have a 6.3.0 enterprise clustered installation with several alerts running with 5min intervals. Most of th... by dkoops Path Finder in Splunk Search 01-28-2018 0 2	0	2
Anybody have an idea for base64 decoding of fields in Splunk 6.5 Hi. I have upgraded to Splunk 6.5, and have a new source, with some base64 encoded values. I have tried looking at t... by las Builder in Splunk Search 01-28-2018 2 2	2	2
Compare data from Yesterday and today without Weekend host=somehost sourcetype=somesource earliest=@d+9h latest=now\| timechart span=15m dc(UserId) \| appendcols [search hos... by manapuna New Member in Splunk Search 01-28-2018 0 6	0	6
is the stats count is count of event or count of word? For example I have a query like below index=ABC \| stats count by host Does stats is the word count of all the eve... by pavanae Builder in Splunk Search 01-28-2018 0 3	0	3
In a time limited table, I'd like to indicate which field values are unique across the whole data set? Hi there, I have this dashboard that displays a table of field values from a data set. At the top are some filters, ... by jezwebb New Member in Splunk Search 01-27-2018 0 1	0	1
Match value from lookup table to values of specific fields Hi, How to match lookup table of ip addresses with the existing field value of host_ip I want to display IP addres... by onkarkore1 Explorer in Splunk Search 01-27-2018 0 4	0	4
How to extract field from data like this? Hi All, I am working on some weather RSS indexing, some of the data look like this. King's Park\| 17 degrees ; Wong... by cflam Splunk Employee in Splunk Search 01-27-2018 0 5	0	5
How to search what values are missing in my lookup table? How to write a search to get a list of items which are not matching. Example : I have a list of devices : A B C D... by raomu Explorer in Splunk Search 01-27-2018 1 8	1	8
Search to display the first instance of a particular field I have a search which extracts some values into a table including the date. For one of the fields, e.g. src_ip, I wan... by jsc7 New Member in Splunk Search 01-27-2018 0 1	0	1
Head scratcher regex Hi I have the below data and need to extract three things, 2 of which are pretty easy (method (GET or POST) and resp... by dbcase Motivator in Splunk Search 01-26-2018 0 5	0	5
How to create a transaction that startswith=(something!="(null)") endswith=(something="(null)") My goal is to create a transaction that ends with customerId being "(null)" and starts with customerId being somethin... by ib_321 New Member in Splunk Search 01-26-2018 0 6	0	6
How to filter out IPs from being indexed? I am not good at regex, so I need help filtering some IPs from being indexed. raw event looks like this: 192.168.18... by mcbradford Contributor in Splunk Search 01-26-2018 0 3	0	3
How to extract events from multi-level json? Please believe me  that I have searched for an answer until my index finger bled (pun intended, but seriously...I ha... by mgallacher Engager in Splunk Search 01-26-2018 0 1	0	1
How to get different results for strptime on different laptops? I've to run a count difference for a query over a period of time. For example. I need the difference of counts for my... by skomaravelli Engager in Splunk Search 01-26-2018 0 0	0	0
How do I use a lookup table to resolve ips to their hosts, when some ip's have hosts and some don't, but I want to show both? I am trying to make a pie chart with a breakdown of ip's that have been resolved to their hosts, if they have one, or... by ResurgoSplunkKn New Member in Splunk Search 01-26-2018 0 8	0	8
Need help with TIME_PREFIX Given a representative sample of my logs: Jan 25 14:19:20 1.1.1.1 64: Jan 25 22:19:19.281: %LINK-3-UPDOWN: xxxxxxxxx... by reswob4 Builder in Splunk Search 01-26-2018 0 6	0	6
Differentiate between environments in a search I am building our new dashboards and alerts in our Acceptance environment, later we will move the whole app to Produc... by Bob_Bard Explorer in Splunk Search 01-26-2018 0 8	0	8