Splunk Search

Community Activity

Append a column based on conditions I have a log file as below: Time Event_Type Event_Name ----------------------------------------------... by rojit Explorer in Splunk Search 11-28-2017 0 2	0	2
Comparing values of fields without specifying field names Hi, I have three fields, lets call them: x = 6 y = 6 z = 0 What I want to be able to do is compare each of the fie... by mahbs Path Finder in Splunk Search 11-28-2017 0 6	0	6
Why am I getting jms_ta errors? Unable to initialize modular input "jms" defined inside the app "jms_ta": Introspecting scheme=jms: script running fa... by sbattista09 Contributor in Splunk Search 11-28-2017 0 6	0	6
Event by Event Math I have a data stream that produces a series of values at a series of times. I need to do running calculations based ... by DanielAlt New Member in Splunk Search 11-28-2017 0 7	0	7
Compare standard deviation results for two sets of results I have a query that uses stdev on the field value "queue_length" by field "queue_name". I need a query that gives me ... by gauravg_cvent Engager in Splunk Search 11-28-2017 0 2	0	2
Duration of two events by status! hi, my raw data look like this: 12:01:11:000 ip: "123.456.789" = "1" 12:01:12:000 ip: "123.456.789" = "1" 12:01:13:0... by reschal Explorer in Splunk Search 11-28-2017 0 7	0	7
How can i search for a host wich must have 3 letters at the begin of the dns name ? Hi, i want to search for hosts which always have 3 letters at the begin of the dns name. search: index="myindex" h... by criedman Explorer in Splunk Search 11-27-2017 0 6	0	6
Troubleshooting timebased lookup table HI Everyone Is there a way you can see how lookup table examed each value and make the call whether it is match or no... by samlinsongguo Communicator in Splunk Search 11-27-2017 0 8	0	8
Need to compare fields in a csv I want to create a search that will use a csv to ignore results if the result of the search has fields equal to a row... by gerrydevenney Engager in Splunk Search 11-27-2017 0 5	0	5
declaring a variable in splunk dasboard and make available to all searches I have a splunk dashboard with multiple panels/searches. My sample dashboard below. I want to be able to declare a v... by HattrickNZ Motivator in Splunk Search 11-27-2017 2 5	2	5
search event base on given time I have two information door swipe card record and user logon record door swipe card record user swipetime result user... by samlinsongguo Communicator in Splunk Search 11-27-2017 0 5	0	5
Combine events based on shared session field value efficently in verbose log source I have an index with an excessive amount of logs from an application. The application divides these by event types co... by JSkier Communicator in Splunk Search 11-27-2017 0 3	0	3
How to search for a event then check ocurrence during a period of time using another SPL Ok, so here is my question These 3 lines denote possible values for scheduled downtime MSG WHEN DOWNTIME START ST... by zanoefel New Member in Splunk Search 11-27-2017 0 1	0	1
Need help with rex extraction including double quotes and slashes Hi, I am currently trying to extract the numbers from this field example: message.data ... {\"MyID\":\"111111\", ... by gamerkhang New Member in Splunk Search 11-27-2017 0 3	0	3
How to combine continuous values within 5 minutes? Hi Experts, I'd like to filter the record when the "delta_value" has the same value within 15 seconds (or repeats 3 t... by syokota_splunk Splunk Employee in Splunk Search 11-27-2017 0 10	0	10
How to remove zeros from appearing on my stacked column chart? I am trying to get a stacked column chart with items sold by agent at each location. I have the below search: stats... by chintan_shah Path Finder in Splunk Search 11-27-2017 1 2	1	2
Parse a string into multiple fields for my App - Custom Parser I have a custom log as below: 1 2017-11-27T09:42:05.449123+00:00 generus0002 Sonahock - - [timeQuality tzKnown="1" i... by rajim Path Finder in Splunk Search 11-27-2017 0 2	0	2
Find call duration I am trying to find the amount of time people are on the phone to the help desk but are not getting any results back ... by DanielASG Explorer in Splunk Search 11-27-2017 0 8	0	8
Search and Alert produce different results When I type this search in the normal Splunk search app, I get normal expected results: "usb" \| transaction host sta... by jlbark Explorer in Splunk Search 11-27-2017 0 4	0	4
Got this error "Unable to initialize modular input" from indexer after deploy a Splunk_TA_paloalto to indexer The error message that I got is this one. But I found that it is a general error and would like to know the root caus... by daniel_splunk Splunk Employee in Splunk Search 11-27-2017 4 4	4	4
Using non timestamp field to produce search for yesterday I have a date field called "Closed date" in following format "%Y/%m/%d" that IS NOT my timestamp field & want to crea... by jackreeves Explorer in Splunk Search 11-27-2017 0 5	0	5
Splunk refuses to ingest particular variable I am attempting to retrieve the SNMP metrics ifHCInOctet and ifHCOutOctet. I have a Python script that does this. Wh... by EricLloyd79 Builder in Splunk Search 11-27-2017 0 38	0	38
How to calculate time between events within a session I have events like session_id = 1 device_time = 2017-11-26T12:13:32 session_id = 1 device_time = 2017-11-26T12:13:35... by jy190 New Member in Splunk Search 11-27-2017 0 5	0	5
Pattern: loopable lookup table to bypass map subsearch limits - looking for feedback This is not so much a question. But I don't see a solutions.splunk.com, so I will post this solution here, improve i... by MonkeyK Builder in Splunk Search 11-27-2017 1 10	1	10
Query for Splunkd Status Hi Guys, There's any query in the splunk web that I'm able to see if the splunkd is not running in a forwarder? Tks... by wvalente Explorer in Splunk Search 11-27-2017 0 4	0	4