Splunk Search

Community Activity

Can we categorize the into fields based on the value of the field? Hello, I have the below field with values Source abc_hd xyz_hd ppp sqr_sd aaa_sd I want to create a new field cal... by vrmandadi Builder in Splunk Search 11-16-2017 0 12	0	12
How and where to start learning AWS to build and Manage the Splunk Platform? Hi All, I'm a Splunk admin who build and manages the on premises Splunk platform, now I have to build a Splunk platf... by yu94 New Member in Splunk Search 11-16-2017 0 3	0	3
Comparing last 2 weeks average against yesterday's events I am trying to get last 2 weeks data and avg over week day's and compare that against event count of yesterday to de... by dpatiladobe Explorer in Splunk Search 11-15-2017 0 6	0	6
Difference between Start and End Time I have a event, where starttime and endtime are coming as string. I am using below query. .... \| transaction startsw... by twh1 Communicator in Splunk Search 11-15-2017 0 3	0	3
Realtime clock of Splunk server time on dashboard? Hi All, A client has requested we give them a realtime clock on a dashboard showing the current server time. I have ... by phoenixdigital Builder in Splunk Search 11-15-2017 0 16	0	16
How to detect two consecutive lines with same pattern I wanted to detect the pattern with two consecutive lines with Received x messages , In ideal scenario it should be R... by dpatiladobe Explorer in Splunk Search 11-15-2017 0 7	0	7
How to compare field values from this year vs last year by date and calculate the percentage change? Hi, I have data in 2 fields in table: one is date and the other is some value, for each year respectively. Now I wa... by puneetkharband1 Path Finder in Splunk Search 11-15-2017 0 6	0	6
Substring lookup to enhance DB query results? Hello, I am VERY new to Splunk. I have built some basic dashboards using DB queries, because the data is not (yet) ... by sarge338 Path Finder in Splunk Search 11-15-2017 0 5	0	5
deduping ans eliminating the duplicate vales from 2 different sourcer Hi, we are using a session ID to comparing the Client side server side data with diffrent names (session_c session_S... by svemurilv Path Finder in Splunk Search 11-15-2017 0 2	0	2
query for the count basedo the server Hi, Below is the sample logs and I want to see the how many events generated from each server. Since there are diffe... by kteng2024 Path Finder in Splunk Search 11-15-2017 0 4	0	4
Is it possible to use commands like makemv or nomv in data models? Is it possible to use the commands like makemv or nomv in data models? I am using regular expressions while building... by visa87 Explorer in Splunk Search 11-15-2017 4 2	4	2
How to block the unusual url Hi team, I want to block unusual Url... could please suggest query for that Example www.abcd.com www.ykui.com www.... by 10306629 New Member in Splunk Search 11-15-2017 0 4	0	4
How to find the duration of overlapping transactions Ok, I have two or more transactions like this: Host:abc123_01 start:08:00 end:10:00 Host:abc123_02 start:09:05 end... by raynold_peterso Path Finder in Splunk Search 11-15-2017 0 5	0	5
How can I convert a naive timechart command to an efficient one? The following works fine for me - sourcetype=<sourcetype> index=<index> \| timechart span=1d count How can I conv... by ddrillic Ultra Champion in Splunk Search 11-15-2017 0 2	0	2
How to group rows together in a table and calculate the sum for each group? Hi, I need to create table as shown in this screenshot: I have written this search for that: index=em7_srm_summary... by asaste Path Finder in Splunk Search 11-15-2017 0 6	0	6
How to combine two fields in a subsearch and return them together Hey guys, I have the next query: index=idx_rtd_prc sourcetype=rbt_rtd_src_type TIPO_ENTIDAD=PROVISION_COMISION MONED... by ivykp New Member in Splunk Search 11-15-2017 0 1	0	1
How to use the where command source="mhn-splunk.log" \| where dest like "88ea2fb8-b579-11e7-8239-ce584c37994e" replace 127.0.0.1 WITH 37.139.29.33 ... by nielsfranken198 Engager in Splunk Search 11-15-2017 0 6	0	6
Issues with Case statement I have reviewed a number of already answered questions related to case statements but none that seem to address the i... by tgrogan_stack Explorer in Splunk Search 11-15-2017 0 5	0	5
Counting duplicate values Situation : I have fields sessionId and personName. This session ID has many-to-may mapping with personName. Need is... by ataunk Explorer in Splunk Search 11-15-2017 0 15	0	15
Regex field extraction question Hi I have this log format for extracting Sep 01 09:55:11 @ipdest HSL: @ip1:port1 <-> @ip2:port2 \| @ip3:port3 <-> @i... by MAMAOUI Explorer in Splunk Search 11-15-2017 0 3	0	3
Splunk removes all items from chart apart from OTHER I have a timechart that shows timechart span=5s fixedrange=f limit=20 perc90(time_taken) by request over 70 minut... by bowesmana SplunkTrust in Splunk Search 11-15-2017 2 5	2	5
How to filter columns in a search query splunk Hi Guys, I have a simple question. I have a search query, and it basically outputs lots of fields. Is there a way of... by mahbs Path Finder in Splunk Search 11-15-2017 0 3	0	3
Search for a random IP then place it in a variable Currently I have many logs in most of which there are random IPs. I want to perform e search which will filter all ... by tsvetan Explorer in Splunk Search 11-15-2017 0 2	0	2
How to set time frame for base search as 30 minute interval? Hi Everyone, Need your help in order to resolve issue. I need time frame for the base search of my dashboard as 30 ... by nilaksh92 Path Finder in Splunk Search 11-15-2017 0 3	0	3
How to replace the value when another field has "error"? If the "delta_value" is more than 2 then I'd like to replace the value1 to "error" Raw data No, _time, value1, de... by syokota_splunk Splunk Employee in Splunk Search 11-14-2017 0 8	0	8