Splunk Search

Community Activity

Deduping Results But Preserving Most Recent Value I'm running a query to pull data on some agents, which have each have a unique "aid". For example, my computer would... by cgalligan Explorer in Splunk Search 12-08-2017 0 2	0	2
Regular expression for international characters Hi, I've written a regular expression to capture international characters, the only trouble I'm having with it now i... by mahbs Path Finder in Splunk Search 12-08-2017 0 3	0	3
Counting regex matches only if another field is unique I've got a ordering log that includes two fields, order_id and shipped_date. I am playing with Splunk to see how har... by splunknoob408 Explorer in Splunk Search 12-08-2017 0 5	0	5
Error in eval command Hi everyone i am runnig the following search and getting an error.i am sure it is something so simple that i am mi... by carlyleadmin Contributor in Splunk Search 12-08-2017 0 2	0	2
Create a new field and populate it with normalized data? Hi, I have a field in my existing data set called mso. Within that field are company names Example CompanyA Compa... by dbcase Motivator in Splunk Search 12-08-2017 0 7	0	7
Subsearch 2 fields with Match and 1 mismatch index =ttt beforeController [search index = ttt beforeController \| fields pnr, bnr, NOT(gnr)] How can I achieve tha... by rsharma1984 Explorer in Splunk Search 12-08-2017 0 5	0	5
How to save practice data into the Splunk Enterprise as a student? Hello Spluksters, I installed the Splunk enterprise. I am also reading the free Splunk e-book. Chapter 2 talks of i... by LionKing18 Explorer in Splunk Search 12-08-2017 0 9	0	9
Regex not accepted when searching Hi guys, I am trying to get a regex to just match if a process has been run from the C drive, root folder. I tried ... by robettinger Explorer in Splunk Search 12-08-2017 0 5	0	5
Convert field values (e.g 15/12) to date format understandable to SPLUNK , and then check if the date is older than 5 working. I have field with values such as "06/12", "13/01", "20/05" i/e human readable dd/mm. I dont know weather splunk under... by alfiyashaikh New Member in Splunk Search 12-08-2017 0 9	0	9
Insert "%" symbol to a number without converting it to string Hi, Is it possible to add a "%" character/symbol to a number without converting it to a string? I tried to use this... by jvmerilla Path Finder in Splunk Search 12-08-2017 0 1	0	1
Drilldown query doesn't start automatically I'm fairly new at this, but I have done a LOT of Googling before asking here...  I have a dashboard that has singl... by papipaco Engager in Splunk Search 12-08-2017 0 1	0	1
How to count the number of columns in a file Hi, I'm trying to do a comparison, wherein I want to verify that the number of columns in file X matches the number ... by mahbs Path Finder in Splunk Search 12-08-2017 0 2	0	2
How to calculate percentage deviation Hi, I have logs which looks similar to the sample data attached. In my current scenario I have 30 days hourly data f... by MousumiChowdhur Contributor in Splunk Search 12-08-2017 2 1	2	1
How to count rows that have non-zero values Hi, I'm trying to count the number of rows in a field that have a non-zero value. I've used replace to do that, but ... by mahbs Path Finder in Splunk Search 12-07-2017 0 3	0	3
lookup with _row Can I use _row when matching with lookup? It seems to me that it can not be done. Can you give me some hints? by oda Communicator in Splunk Search 12-07-2017 0 2	0	2
How do I merge lookup table and index results? Hi. To start with, I have a lookup table like so. keyValue.csv date key value 01/01/2017 EE ... by snipedown21 Path Finder in Splunk Search 12-07-2017 0 4	0	4
How can I create a ranking based on a count per week by a field I am looking to do the following: 1) Create a table based on a count of blocks by week number and zone I have the f... by jwalzerpitt Influencer in Splunk Search 12-07-2017 0 17	0	17
Merge 2 queries based on month One query give me data as Month Closed-Issues Jan 100 Feb 110 Mar ... by ninadbhaskarwar Path Finder in Splunk Search 12-07-2017 0 2	0	2
Setting up visual for Disk Space or Free Disk Space/Radial Gauge for Disk Space Hi, This task was harder than i think or i do not know what i am doing(most likely).Basically i want to put up a nic... by carlyleadmin Contributor in Splunk Search 12-07-2017 0 4	0	4
Search for fields that match a value versus fields that contain a value I'm going to go mad trying to get splunk to return only field values that are a given value and don't start or contai... by nrohbock Explorer in Splunk Search 12-07-2017 0 3	0	3
Condition value NOT equal to....whatever Hi, I have this XML code. What I'm trying to do is when the value = *, run a separate query and when the value is a... by dbcase Motivator in Splunk Search 12-07-2017 1 2	1	2
Field Extraction With Backslash I am attempting to extract a user field from a log file using the following regex: (?=[^v](?:virtual address: \|v.v... by michaeldeck Engager in Splunk Search 12-07-2017 0 9	0	9
Drilldown - pass the earliest and latest from a timechart Hi everyone, Im having a problem passing the earliest and latest from a timechart. On the main graph, im showing a t... by netanelm7 Path Finder in Splunk Search 12-07-2017 0 23	0	23
Can I use foreach to measure the time taken between creating a ticket and a specific action/update? Hi, I am looking at IT ticket logging data & trying to create compliance measures between different updates being ad... by jackreeves Explorer in Splunk Search 12-07-2017 0 6	0	6
How to get a substr from a fields name Hi everyone, I want to deliver 2 fields with 1 parameter to a destination panel. I deliver the string JNL_, the fir... by netanelm7 Path Finder in Splunk Search 12-07-2017 0 15	0	15