Splunk Search

Community Activity

Problem with using stats for a count, and also to pull additional data So, I am going through windows logs, and have output that works for me with something like: index=windows sourcetype... by stakor Path Finder in Splunk Search 11-16-2017 0 1	0	1
Find difference between time now and last event time I am not sure why I am not getting results with this query, any suggestions? index= ______ \| stats max(_time) as las... by JoshuaJohn Contributor in Splunk Search 11-16-2017 1 1	1	1
Site name from lookup table based on IP address Hi splunk guru's. I'm trying to find a way (using SPL only - i am not an admin) to do the following: My vulnerability... by eransh10 New Member in Splunk Search 11-16-2017 0 2	0	2
Find all greater, after 5 mins subtract different columns Hi I want to calculate/simulate a data to analysis price difference, my data set in picture, left is my data set, r... by abdulvehhaba Path Finder in Splunk Search 11-16-2017 0 6	0	6
Join events and evaluate difference price Hi I have data like this I am joined uuid over market data together like that But there is 4 times date column... by abdulvehhaba Path Finder in Splunk Search 11-16-2017 0 5	0	5
Compare firewall action to track network flow changes Hello guys, I'd like to check changes on the Checkpoint firewall logs but I haven't any result : index=xxx host=yyy... by splunkreal Motivator in Splunk Search 11-16-2017 0 1	0	1
How to properly evaluate integer list from inputlookup subsearch? I'm attempting to use a subsearch to extract a number of integers in order to transpose those integers as columns. He... by oneillryan93 New Member in Splunk Search 11-16-2017 0 1	0	1
How can I add two new fields to my logs? Hello, On my servers I used combined Apache logs, but I added two other fields at the end of the logs : SSL_PROTOCOL... by romgo75 New Member in Splunk Search 11-16-2017 0 2	0	2
Splunk search interface for non-technical users? Hi, This question may be a bit unusual. While I know SPL is already kind of "simple" enough to get a hang of for mos... by yoyu777 Explorer in Splunk Search 11-16-2017 0 4	0	4
How can I use an if or eval statement to run a custom search command Hello Splunkers - Can't figure out for the life of me how to use eval or if statement to call a custom search comma... by splunker1981 Path Finder in Splunk Search 11-16-2017 0 3	0	3
map over makecontinuous not working ... I'm trying to fill in the gaps in a set of data, where there are different gaps for each of the types. I've tried: ... by JeToJedno Explorer in Splunk Search 11-16-2017 0 7	0	7
Purpose of the "AS" statement in SPLUNK Hi, What is the purpose of the AS statement in splunk? I thought, when used, it creates an alias of a column/field... by mahbs Path Finder in Splunk Search 11-16-2017 0 1	0	1
Can we categorize the into fields based on the value of the field? Hello, I have the below field with values Source abc_hd xyz_hd ppp sqr_sd aaa_sd I want to create a new field cal... by vrmandadi Builder in Splunk Search 11-16-2017 0 12	0	12
How and where to start learning AWS to build and Manage the Splunk Platform? Hi All, I'm a Splunk admin who build and manages the on premises Splunk platform, now I have to build a Splunk platf... by yu94 New Member in Splunk Search 11-16-2017 0 3	0	3
Comparing last 2 weeks average against yesterday's events I am trying to get last 2 weeks data and avg over week day's and compare that against event count of yesterday to de... by dpatiladobe Explorer in Splunk Search 11-15-2017 0 6	0	6
Difference between Start and End Time I have a event, where starttime and endtime are coming as string. I am using below query. .... \| transaction startsw... by twh1 Communicator in Splunk Search 11-15-2017 0 3	0	3
Realtime clock of Splunk server time on dashboard? Hi All, A client has requested we give them a realtime clock on a dashboard showing the current server time. I have ... by phoenixdigital Builder in Splunk Search 11-15-2017 0 16	0	16
How to detect two consecutive lines with same pattern I wanted to detect the pattern with two consecutive lines with Received x messages , In ideal scenario it should be R... by dpatiladobe Explorer in Splunk Search 11-15-2017 0 7	0	7
How to compare field values from this year vs last year by date and calculate the percentage change? Hi, I have data in 2 fields in table: one is date and the other is some value, for each year respectively. Now I wa... by puneetkharband1 Path Finder in Splunk Search 11-15-2017 0 6	0	6
Substring lookup to enhance DB query results? Hello, I am VERY new to Splunk. I have built some basic dashboards using DB queries, because the data is not (yet) ... by sarge338 Path Finder in Splunk Search 11-15-2017 0 5	0	5
deduping ans eliminating the duplicate vales from 2 different sourcer Hi, we are using a session ID to comparing the Client side server side data with diffrent names (session_c session_S... by svemurilv Path Finder in Splunk Search 11-15-2017 0 2	0	2
query for the count basedo the server Hi, Below is the sample logs and I want to see the how many events generated from each server. Since there are diffe... by kteng2024 Path Finder in Splunk Search 11-15-2017 0 4	0	4
Is it possible to use commands like makemv or nomv in data models? Is it possible to use the commands like makemv or nomv in data models? I am using regular expressions while building... by visa87 Explorer in Splunk Search 11-15-2017 4 2	4	2
How to block the unusual url Hi team, I want to block unusual Url... could please suggest query for that Example www.abcd.com www.ykui.com www.... by 10306629 New Member in Splunk Search 11-15-2017 0 4	0	4
How to find the duration of overlapping transactions Ok, I have two or more transactions like this: Host:abc123_01 start:08:00 end:10:00 Host:abc123_02 start:09:05 end... by raynold_peterso Path Finder in Splunk Search 11-15-2017 0 5	0	5