Splunk Search

Community Activity

Help with regex to extract a string? Need to fetch API name from URL. e.g. base_url/products_support/system_name/api-name?parameters Here I need to fet... by Pramodkuber Engager in Splunk Search 12-13-2017 0 2	0	2
Search for total browsing time by user Hi Splunkers, I need a search query for browsing time by user. I have one query : \| stats sum(duration) AS session_... by jibin1988 Path Finder in Splunk Search 12-12-2017 0 5	0	5
i just want to extract the number from the below sentance and replace with xxxx . Help me the Information in service : ID R1-7857hi75 is duplicated i want to make it as the Information in service : ID R1-*... by DataOrg Builder in Splunk Search 12-12-2017 0 4	0	4
Values from inputlookup file not captured in syslog Hello All, I wrote below query to get the URLs from inputlookup file that is not captured in syslog.But didnt give m... by Maverick904 Explorer in Splunk Search 12-12-2017 0 4	0	4
Create a summary table with usernames /last 7 days /last 30 days Hi Everyone, I am trying to create a report where I am able to get the list of username's / number for calls for las... by raviteja029 Explorer in Splunk Search 12-12-2017 0 5	0	5
Dedup within a MV field I need the ability to dedup a multi-value field on a per event basis. Something like values() but limited to one even... by pkashou Explorer in Splunk Search 12-12-2017 3 6	3	6
formatting query onto multiple lines in search bar I'm trying to format the query in the search bar so it appears on multiple lines (for easier readability). From this... by bdesatnik New Member in Splunk Search 12-12-2017 0 4	0	4
How Can I get a table of distinct errors? I am looking to create a table for distinct errors we have. Unfortunately I had this working at one point and am unab... by aohls Contributor in Splunk Search 12-12-2017 1 5	1	5
Issues with appendcols Hi everybody, I have a problem with an "appendcols" command. I have a query which needs to count how many times a fi... by netanelm7 Path Finder in Splunk Search 12-12-2017 0 3	0	3
Pie chart syntax for disk use I have the values I just don't have the syntax. host="app-1" source="df" \| stats max(storage_used) as storage_used b... by fsrodriguez New Member in Splunk Search 12-12-2017 0 3	0	3
Search log for alert Have good day for Everybody Pls help me to search exactly the content. My input log is: status system replication si... by dangtran Explorer in Splunk Search 12-12-2017 0 5	0	5
Compare the output of two searches and timechart the latest output only if different than the the older output I have two timecharts that only hit on http status code of 500 (one for the past hour and one for the same hour but l... by robrang558 Explorer in Splunk Search 12-12-2017 0 8	0	8
Running Specific Query Based on Radio Button Selection? Hello, I'm attempting to use a Splunk view to edit a Lookup table based on an input field and a radio button selecti... by meechy85 New Member in Splunk Search 12-12-2017 0 3	0	3
how to Combine results of a lookup and an index? Hi There. I have a lookup like below. end_date activity description start_date 1496325600 run XYZ ... by snipedown21 Path Finder in Splunk Search 12-12-2017 0 1	0	1
joining multiple select statements in dbxquery How to join multiple select statements in dbxquery Need to display output as Total Defects 532 Open defects 147 Close... by kishen2017 Path Finder in Splunk Search 12-12-2017 0 5	0	5
Time picker doesn't pass time to search? Hey everyone, I'm building a simple dashboard to show some info about SFTP traffic. I'm using a time picker to pick t... by belle501 Path Finder in Splunk Search 12-12-2017 0 2	0	2
How to make a line chart that shows 6 months of data with each datapoint being a sum of the previous 6 months? Im trying to show a trend in event data by platform. I want to create a line chart showing the last 6 months with on... by glenngermiathen Path Finder in Splunk Search 12-12-2017 0 2	0	2
Search Query Total Browsing time per user in a month. Hi Splunkers, I want to generate a catogery wise Browsing time report per user. Here is my search given below : hos... by jibin1988 Path Finder in Splunk Search 12-12-2017 0 3	0	3
Percentage calculation based on derived value and show it is as new row My data looks something like below, here first two rows are indexed data and 3,4th rows are derived data and added as... by deepa_purushoth Engager in Splunk Search 12-12-2017 0 1	0	1
Having trouble with field extractor on 7.0 I have ton a couple of events like this: Mime.stuff.1 = 10 Mime.pop = "blabla" Basically I want to create a field "... by greggz Communicator in Splunk Search 12-12-2017 0 5	0	5
How to combine WinHostMon and Perfmon data to get CPU usage per MSSQL server instance? The goal here is to get CPU usage per SQL instance. As far as I can tell there is no perfmon counter that will give y... by kamgineer Explorer in Splunk Search 12-12-2017 0 1	0	1
What is the regex for the following output ? Query : "POST" "200" "api/platform/v1/Session" FirmName Output: Level="INFO", Date="2017-12-12 04:06:26,200", Messag... by JyotiP Path Finder in Splunk Search 12-12-2017 0 2	0	2
How to get all field values from large "\| stats values(field)" command? Any search that has many field values and ends in "\| stats values(field)" will show a short list of field values foll... by woodcock Esteemed Legend in Splunk Search 12-12-2017 1 2	1	2
How to hide a field from the legend in a bar chart? Hi, My current search I'm using to populate the value is given below. source= transaction.csv \| stats values(A... by Shan Builder in Splunk Search 12-12-2017 0 7	0	7
How to build a query from 2 different multivalue inputs I have a bunch of indexes in the format of <environment>-<machineType> This is something like test-manager, staging-... by ByteFlinger Engager in Splunk Search 12-12-2017 0 2	0	2