Splunk Search

Community Activity

Arithmatic operations based on selected rows Hi, I am a beginer My data something like this CategoryGroup \| Category \|Price A\|A1\|1 B\|B1\|2 B\|B2\|3 C\|C1\|1 C\|C2\|2 C\|C... by deepa_purushoth Engager in Splunk Search 11-27-2017 0 9	0	9
how to find equal values In my data I have event which contain requests and answers for that requests In the initial request i have a field "R... by Mike6960 Path Finder in Splunk Search 11-27-2017 0 19	0	19
eval command after stats command not working Hi, I'm having a problem with this search: index="pcmm" "Technical Proficiency"!=NA \| stats count("Resource Name")... by jvmerilla Path Finder in Splunk Search 11-26-2017 0 8	0	8
How to assign value for muliselect option with another token? Hi , I have a token $hosstype$ which will get values as 'web', 'rpt' etc. If All option is selected the value to be p... by sangs8788 Communicator in Splunk Search 11-26-2017 0 5	0	5
Search string to filter filed not updated in last 24 hours Hi, I use the below search to filer the source which were not updated on current day(Today) index=index sourcetype=... by Gowtham0809 New Member in Splunk Search 11-26-2017 0 3	0	3
How to ignore failed seq ids? Hello Seniors, I have the below log snippet 11/7/17 8:37:25 PM [INFO] \|Send\|staring to send\|seq id "234567" 11/7/17 ... by Deepz2612 Explorer in Splunk Search 11-25-2017 0 10	0	10
"Join" information from two log sources I have two sourcetypes with data as follows: First sourcetype: tx_id=1, event=error, extra=foo tx_id=1, event=erro... by mpdude Explorer in Splunk Search 11-25-2017 0 4	0	4
Not using chartTime or bucket -- I want this search to display the trend for daily, week and monthly in signal query Mongo Collection Data : - Id : 1 StartDate : some date EndDate : Some Date X : Foo : “foo1’ Count : 1... by jw44250 New Member in Splunk Search 11-25-2017 0 6	0	6
corresponding cell addition column wise for each row in splunk dashoard. Hi, Do we have a feature in splunk to add 1st row.field1 from 2 different panels and sum it in another panel. i ha... by surekhasplunk Communicator in Splunk Search 11-25-2017 0 3	0	3
How to find difference in field total over time? I have event data in below format: Sep 15 2017 07:06:07 app=yahoo dataconsumed=50 Sep 15 2017 08:16:07 app=... by sohaibomar Explorer in Splunk Search 11-25-2017 0 4	0	4
Is there any more accurate way to correlate it? Good moring,everyone. I have some events. They come from the same sourcetype.I want to get a detailed registration i... by xsstest Communicator in Splunk Search 11-25-2017 0 2	0	2
Stats table manipulation I created the following search to audit the changes made to our network infrastructure: (index=ise Protocol=Tacacs ME... by _smp_ Builder in Splunk Search 11-25-2017 0 12	0	12
Align the first column of the table Hi Team, I have a table in the dashboard, wherein i want first column to be left aligned and rest all the columns to... by ashish9433 Communicator in Splunk Search 11-25-2017 0 4	0	4
Rex to optionally extract several fields I have the need to extract fields between single quotes ( '192.168.0.1', '192.168.0.2') in a field that may contain s... by christoffertoft Communicator in Splunk Search 11-24-2017 0 6	0	6
Displaying Search peer Hi Splunkers , In my environment , I have three indexers and two search head in which one is master license server. ... by kannu Communicator in Splunk Search 11-24-2017 0 2	0	2
Why does the Splunk Java SDK always return 500k results, but I get 800k results in Splunk Web? The job returns 800k results in Splunk Web, whereas the Java API always returns 500k. by DataWarehousing Explorer in Splunk Search 11-24-2017 1 7	1	7
Need help with a complicated field-extraction via regex want to extract a field in splunk however Splunk Regex won't work so I am writing my own Regex. However I am struggli... by AnujaJadhav2 Explorer in Splunk Search 11-24-2017 0 4	0	4
How to distribute an event among many time buckets taking into account the duration of the event? I have a group of entries that has start_time, end_time , duration and name. Some of them are concurrent some of the... by nadid Path Finder in Splunk Search 11-24-2017 1 10	1	10
Dashboard Title - Display date as DD/MM/YYYY Hello there, idk how to display the date in the title of the dashboard format as DD/MM/YYYY, not in epoch format H... by marziaolla Path Finder in Splunk Search 11-23-2017 0 3	0	3
Chart Help index="all_eqt" \| stats sum(TotalSquareYards) as TSY by ShopOrder DefectDescription\| table ShopOrder DefectDescriptio... by Hppjet Path Finder in Splunk Search 11-23-2017 0 5	0	5
Bar chart with single bar does not display We have horizontal bar charts on our dashboards and when SPL is filtered down to single bar the bar is not displayed.... by simpkins1958 Contributor in Splunk Search 11-23-2017 0 5	0	5
Writing reqular expressions Please help me in writing the regular expression for the below: 2017-11-17 14:20:03 DueDate="11/17/2017", Identifier... by Deepz2612 Explorer in Splunk Search 11-23-2017 0 2	0	2
When should I use search_optimization? I don't understand when "search_optimization" will be used. And like below situation, there is the scene that search ... by yutaka1005 Builder in Splunk Search 11-23-2017 0 3	0	3
How to use timebased lookup table? I defined a lookup table as timebased config in transforms.conf as below [swipeR.csv] batch_index_query = 0 case_se... by samlinsongguo Communicator in Splunk Search 11-23-2017 0 2	0	2
How to timechart requests count with SLA and latency How to timechart requests count with SLA and latency based on the time mentioned in the logs. I need to know how many... by panandshah New Member in Splunk Search 11-23-2017 0 1	0	1