Splunk Search

Community Activity

Substring lookup to enhance DB query results? Hello, I am VERY new to Splunk. I have built some basic dashboards using DB queries, because the data is not (yet) ... by sarge338 Path Finder in Splunk Search 11-15-2017 0 5	0	5
deduping ans eliminating the duplicate vales from 2 different sourcer Hi, we are using a session ID to comparing the Client side server side data with diffrent names (session_c session_S... by svemurilv Path Finder in Splunk Search 11-15-2017 0 2	0	2
query for the count basedo the server Hi, Below is the sample logs and I want to see the how many events generated from each server. Since there are diffe... by kteng2024 Path Finder in Splunk Search 11-15-2017 0 4	0	4
Is it possible to use commands like makemv or nomv in data models? Is it possible to use the commands like makemv or nomv in data models? I am using regular expressions while building... by visa87 Explorer in Splunk Search 11-15-2017 4 2	4	2
How to block the unusual url Hi team, I want to block unusual Url... could please suggest query for that Example www.abcd.com www.ykui.com www.... by 10306629 New Member in Splunk Search 11-15-2017 0 4	0	4
How to find the duration of overlapping transactions Ok, I have two or more transactions like this: Host:abc123_01 start:08:00 end:10:00 Host:abc123_02 start:09:05 end... by raynold_peterso Path Finder in Splunk Search 11-15-2017 0 5	0	5
How can I convert a naive timechart command to an efficient one? The following works fine for me - sourcetype=<sourcetype> index=<index> \| timechart span=1d count How can I conv... by ddrillic Ultra Champion in Splunk Search 11-15-2017 0 2	0	2
How to group rows together in a table and calculate the sum for each group? Hi, I need to create table as shown in this screenshot: I have written this search for that: index=em7_srm_summary... by asaste Path Finder in Splunk Search 11-15-2017 0 6	0	6
How to combine two fields in a subsearch and return them together Hey guys, I have the next query: index=idx_rtd_prc sourcetype=rbt_rtd_src_type TIPO_ENTIDAD=PROVISION_COMISION MONED... by ivykp New Member in Splunk Search 11-15-2017 0 1	0	1
How to use the where command source="mhn-splunk.log" \| where dest like "88ea2fb8-b579-11e7-8239-ce584c37994e" replace 127.0.0.1 WITH 37.139.29.33 ... by nielsfranken198 Engager in Splunk Search 11-15-2017 0 6	0	6
Issues with Case statement I have reviewed a number of already answered questions related to case statements but none that seem to address the i... by tgrogan_stack Explorer in Splunk Search 11-15-2017 0 5	0	5
Counting duplicate values Situation : I have fields sessionId and personName. This session ID has many-to-may mapping with personName. Need is... by ataunk Explorer in Splunk Search 11-15-2017 0 15	0	15
Regex field extraction question Hi I have this log format for extracting Sep 01 09:55:11 @ipdest HSL: @ip1:port1 <-> @ip2:port2 \| @ip3:port3 <-> @i... by MAMAOUI Explorer in Splunk Search 11-15-2017 0 3	0	3
Splunk removes all items from chart apart from OTHER I have a timechart that shows timechart span=5s fixedrange=f limit=20 perc90(time_taken) by request over 70 minut... by bowesmana SplunkTrust in Splunk Search 11-15-2017 2 5	2	5
How to filter columns in a search query splunk Hi Guys, I have a simple question. I have a search query, and it basically outputs lots of fields. Is there a way of... by mahbs Path Finder in Splunk Search 11-15-2017 0 3	0	3
Search for a random IP then place it in a variable Currently I have many logs in most of which there are random IPs. I want to perform e search which will filter all ... by tsvetan Explorer in Splunk Search 11-15-2017 0 2	0	2
How to set time frame for base search as 30 minute interval? Hi Everyone, Need your help in order to resolve issue. I need time frame for the base search of my dashboard as 30 ... by nilaksh92 Path Finder in Splunk Search 11-15-2017 0 3	0	3
How to replace the value when another field has "error"? If the "delta_value" is more than 2 then I'd like to replace the value1 to "error" Raw data No, _time, value1, de... by syokota_splunk Splunk Employee in Splunk Search 11-14-2017 0 8	0	8
how do I rank nodality from kmeans data I have been trying to do kmeans analysis of some data. I see some of my evaluation points falling into lots of clust... by MonkeyK Builder in Splunk Search 11-14-2017 0 2	0	2
Events from Docker do not have proper field extractions We are sending test data from a docker container to splunk via the splunk logging driver. I am able to vie the data b... by rwardwell Explorer in Splunk Search 11-14-2017 0 1	0	1
Windows Event Log 4625 - Eval Account_Name Search Issue Hello, I have the following search: index=security_wineventlog EventCode=4625 \| table _time, Workstation_Name, Sour... by zward Path Finder in Splunk Search 11-14-2017 0 2	0	2
Using Stats List to get multiple UserIDs into a single field by IP. Need to sort by UserID Might have trouble explaining this in an understandable way, might be why I was unable to google my answer. I'm usi... by GenericSplunkUs Path Finder in Splunk Search 11-14-2017 0 6	0	6
Why does geostats represent one and two arguments differently? Im trying to represent som values with geostats, when I do this: \| geostats values(OK) by name geostats present th... by snorri Path Finder in Splunk Search 11-14-2017 0 1	0	1
Can I do "add to search" without kicking off a new search? Sometimes when I am looking at search results, I would like to add several field's values to my search terms. Ideally... by MonkeyK Builder in Splunk Search 11-14-2017 1 1	1	1
Combine events based on timestamps in event I have events as following Category=a starttime="2017-11-14 05:25:22" Category=b starttime="2017-11-14 05:29:22" Cate... by manuarora12 New Member in Splunk Search 11-14-2017 0 2	0	2