Splunk Search

Community Activity

iplocation/geostats to show events from statistics tab. Hi, I'm trying to view event related to a specific country or city based on the source ip,so i ran the following quer... by prithvi08 Engager in Splunk Search 01-17-2018 0 4	0	4
How can I compare values from a lookup file with the indexed data? Hi, A lookup file, with a single column, was configured for comparing the data that it's already indexed. The lookup... by Yaichael Communicator in Splunk Search 01-17-2018 0 6	0	6
Comparing results from two different dates Hello all, Search string: index=blahblah host=blahblah \| fields host, EventCode \| stats count by host, EventCode \| s... by matthew_foos Path Finder in Splunk Search 01-17-2018 0 3	0	3
Removed index from indexes.conf but still getting errors about index I tried removing an index from /opt/splunk/etc/master-apps/_cluster/local/indexes.conf as per https://answers.splunk.... by wsanderstii Path Finder in Splunk Search 01-17-2018 0 2	0	2
EVALstatement not working My eval statement below is to check if 'Action is Required' only if the below conditions are met, I have also used ca... by davidcraven02 Communicator in Splunk Search 01-17-2018 0 1	0	1
Need to exract amountTendered EWS Response Content:{_ "responseHeader" : {_ "success" : "true",_ "serviceName" : "payment",_ "resourceNam... by yograjpatel New Member in Splunk Search 01-17-2018 0 9	0	9
EVAL statement not correct My eval statement below is to check if 'Action is Required' only if the below conditions are met, I have also used ca... by davidcraven02 Communicator in Splunk Search 01-17-2018 0 3	0	3
fieldset input depends not valid Hi, I'm trying to add conditional form inputs, but I just get an error even though the docs say it's supported??? DO... by cdstealer Contributor in Splunk Search 01-17-2018 0 18	0	18
Subsearch vs. stats = different results. Why? Here are two searches, which I think are logically equivalent, yet they return different results in Splunk. Option 1... by lguinn2 Legend in Splunk Search 01-16-2018 0 5	0	5
How to add sub totals to a table Suppose I have the following table: comonent \| count \| --------------\|---------\| a1 \| 3 \| ... by vshakur Path Finder in Splunk Search 01-16-2018 0 2	0	2
Splunk instance disappeared, 404 Just started a trial yesterday, restarted splunk and can't access my instance. Hopefully someone checks their own sup... by NYCNFC New Member in Splunk Search 01-16-2018 0 2	0	2
simple moving average hi , i am analysing the daily data of product which has a closing price. i wish to find all products which has clos... by himpor Engager in Splunk Search 01-16-2018 0 1	0	1
time chart / stats for each type of request and time in log file. Hi All, I have a weird log file which I have parsed using regex to extract fields.(attached screenshot). Now I want... by vamsi199 Engager in Splunk Search 01-16-2018 0 1	0	1
How to group events to recreate the detail of a session I have some events representiong a customer’s interaction with one of my company’s applications. The typical flow is... by mikeydee77 Path Finder in Splunk Search 01-16-2018 0 7	0	7
stats count by not working I want to use stats count (machine) by location but it is not working in my search. Below is my current query displ... by davidcraven02 Communicator in Splunk Search 01-16-2018 0 3	0	3
Calculate percentage in every row \| adding two search results into one I am fairly new to Splunk and I have a Two fold question. I am running a query to find the top issues reported in the... by shiv1593 Communicator in Splunk Search 01-16-2018 1 8	1	8
Percentage Difference between 2 indexes I have 2 searches from 2 different indexes. The first search is index="softwareimport" Product_Name="ActiveX" \|... by willadams Contributor in Splunk Search 01-16-2018 0 9	0	9
assign filed value to _time index=level3 host=Test \| table "Opened D" _time How to get Opened D time value into _time field so that I can use ti... by surekhasplunk Communicator in Splunk Search 01-16-2018 0 6	0	6
How to rex using sed rex command? How to rex using sed rex command? index = main \| rex field=URI "^(?.+?)(\?\|\z)" \|rex field=New_APIName mode=sed "... by karthi2809 Builder in Splunk Search 01-16-2018 1 3	1	3
How write a search to alert when a SiteMinder policy server or LDAP connection goes down? We need to develop an alert when the SiteMinder policy server or ldap connection goes down. Can any one help with t... by krishnacasso Path Finder in Splunk Search 01-16-2018 0 3	0	3
Recommended maximum concurrent searches? whats the recommended maximum concurrent searches overall can be performed if we have 40 indexers in a cluster. There... by ankithreddy777 Contributor in Splunk Search 01-16-2018 0 4	0	4
How extract URI using regex? I need to extract fields which mentioned in yellow? by karthi2809 Builder in Splunk Search 01-15-2018 0 4	0	4
Using Data as Fields I’m currently working with some production line data, where each tag value represent a field. Example like below: Ta... by leonheart78 Explorer in Splunk Search 01-15-2018 0 4	0	4
How to calculate limits for agents based on their activity? I want to receive notifications if agents lower or exceed their normal activity for the current day of the week and h... by exmuzzy Explorer in Splunk Search 01-15-2018 0 2	0	2
How to use "collect" and keep the timestamp and field extractions of the event? So I have used collect to save some events into a summary index. The problem is all of the timestamp information is l... by jameshgibson Path Finder in Splunk Search 01-15-2018 2 2	2	2