Splunk Search

Community Activity

Compare standard deviation results for two sets of results I have a query that uses stdev on the field value "queue_length" by field "queue_name". I need a query that gives me ... by gauravg_cvent Engager in Splunk Search 11-28-2017 0 2	0	2
Duration of two events by status! hi, my raw data look like this: 12:01:11:000 ip: "123.456.789" = "1" 12:01:12:000 ip: "123.456.789" = "1" 12:01:13:0... by reschal Explorer in Splunk Search 11-28-2017 0 7	0	7
How can i search for a host wich must have 3 letters at the begin of the dns name ? Hi, i want to search for hosts which always have 3 letters at the begin of the dns name. search: index="myindex" h... by criedman Explorer in Splunk Search 11-27-2017 0 6	0	6
Troubleshooting timebased lookup table HI Everyone Is there a way you can see how lookup table examed each value and make the call whether it is match or no... by samlinsongguo Communicator in Splunk Search 11-27-2017 0 8	0	8
Need to compare fields in a csv I want to create a search that will use a csv to ignore results if the result of the search has fields equal to a row... by gerrydevenney Engager in Splunk Search 11-27-2017 0 5	0	5
declaring a variable in splunk dasboard and make available to all searches I have a splunk dashboard with multiple panels/searches. My sample dashboard below. I want to be able to declare a v... by HattrickNZ Motivator in Splunk Search 11-27-2017 2 5	2	5
search event base on given time I have two information door swipe card record and user logon record door swipe card record user swipetime result user... by samlinsongguo Communicator in Splunk Search 11-27-2017 0 5	0	5
Combine events based on shared session field value efficently in verbose log source I have an index with an excessive amount of logs from an application. The application divides these by event types co... by JSkier Communicator in Splunk Search 11-27-2017 0 3	0	3
How to search for a event then check ocurrence during a period of time using another SPL Ok, so here is my question These 3 lines denote possible values for scheduled downtime MSG WHEN DOWNTIME START ST... by zanoefel New Member in Splunk Search 11-27-2017 0 1	0	1
Need help with rex extraction including double quotes and slashes Hi, I am currently trying to extract the numbers from this field example: message.data ... {\"MyID\":\"111111\", ... by gamerkhang New Member in Splunk Search 11-27-2017 0 3	0	3
How to combine continuous values within 5 minutes? Hi Experts, I'd like to filter the record when the "delta_value" has the same value within 15 seconds (or repeats 3 t... by syokota_splunk Splunk Employee in Splunk Search 11-27-2017 0 10	0	10
How to remove zeros from appearing on my stacked column chart? I am trying to get a stacked column chart with items sold by agent at each location. I have the below search: stats... by chintan_shah Path Finder in Splunk Search 11-27-2017 1 2	1	2
Parse a string into multiple fields for my App - Custom Parser I have a custom log as below: 1 2017-11-27T09:42:05.449123+00:00 generus0002 Sonahock - - [timeQuality tzKnown="1" i... by rajim Path Finder in Splunk Search 11-27-2017 0 2	0	2
Find call duration I am trying to find the amount of time people are on the phone to the help desk but are not getting any results back ... by DanielASG Explorer in Splunk Search 11-27-2017 0 8	0	8
Search and Alert produce different results When I type this search in the normal Splunk search app, I get normal expected results: "usb" \| transaction host sta... by jlbark Explorer in Splunk Search 11-27-2017 0 4	0	4
Got this error "Unable to initialize modular input" from indexer after deploy a Splunk_TA_paloalto to indexer The error message that I got is this one. But I found that it is a general error and would like to know the root caus... by daniel_splunk Splunk Employee in Splunk Search 11-27-2017 4 4	4	4
Using non timestamp field to produce search for yesterday I have a date field called "Closed date" in following format "%Y/%m/%d" that IS NOT my timestamp field & want to crea... by jackreeves Explorer in Splunk Search 11-27-2017 0 5	0	5
Splunk refuses to ingest particular variable I am attempting to retrieve the SNMP metrics ifHCInOctet and ifHCOutOctet. I have a Python script that does this. Wh... by EricLloyd79 Builder in Splunk Search 11-27-2017 0 38	0	38
How to calculate time between events within a session I have events like session_id = 1 device_time = 2017-11-26T12:13:32 session_id = 1 device_time = 2017-11-26T12:13:35... by jy190 New Member in Splunk Search 11-27-2017 0 5	0	5
Pattern: loopable lookup table to bypass map subsearch limits - looking for feedback This is not so much a question. But I don't see a solutions.splunk.com, so I will post this solution here, improve i... by MonkeyK Builder in Splunk Search 11-27-2017 1 10	1	10
Query for Splunkd Status Hi Guys, There's any query in the splunk web that I'm able to see if the splunkd is not running in a forwarder? Tks... by wvalente Explorer in Splunk Search 11-27-2017 0 4	0	4
Arithmatic operations based on selected rows Hi, I am a beginer My data something like this CategoryGroup \| Category \|Price A\|A1\|1 B\|B1\|2 B\|B2\|3 C\|C1\|1 C\|C2\|2 C\|C... by deepa_purushoth Engager in Splunk Search 11-27-2017 0 9	0	9
how to find equal values In my data I have event which contain requests and answers for that requests In the initial request i have a field "R... by Mike6960 Path Finder in Splunk Search 11-27-2017 0 19	0	19
eval command after stats command not working Hi, I'm having a problem with this search: index="pcmm" "Technical Proficiency"!=NA \| stats count("Resource Name")... by jvmerilla Path Finder in Splunk Search 11-26-2017 0 8	0	8
How to assign value for muliselect option with another token? Hi , I have a token $hosstype$ which will get values as 'web', 'rpt' etc. If All option is selected the value to be p... by sangs8788 Communicator in Splunk Search 11-26-2017 0 5	0	5