Splunk Search

Community Activity

How can I convert a naive timechart command to an efficient one? The following works fine for me - sourcetype=<sourcetype> index=<index> \| timechart span=1d count How can I conv... by ddrillic Ultra Champion in Splunk Search 11-15-2017 0 2	0	2
How to group rows together in a table and calculate the sum for each group? Hi, I need to create table as shown in this screenshot: I have written this search for that: index=em7_srm_summary... by asaste Path Finder in Splunk Search 11-15-2017 0 6	0	6
How to combine two fields in a subsearch and return them together Hey guys, I have the next query: index=idx_rtd_prc sourcetype=rbt_rtd_src_type TIPO_ENTIDAD=PROVISION_COMISION MONED... by ivykp New Member in Splunk Search 11-15-2017 0 1	0	1
How to use the where command source="mhn-splunk.log" \| where dest like "88ea2fb8-b579-11e7-8239-ce584c37994e" replace 127.0.0.1 WITH 37.139.29.33 ... by nielsfranken198 Engager in Splunk Search 11-15-2017 0 6	0	6
Issues with Case statement I have reviewed a number of already answered questions related to case statements but none that seem to address the i... by tgrogan_stack Explorer in Splunk Search 11-15-2017 0 5	0	5
Counting duplicate values Situation : I have fields sessionId and personName. This session ID has many-to-may mapping with personName. Need is... by ataunk Explorer in Splunk Search 11-15-2017 0 15	0	15
Regex field extraction question Hi I have this log format for extracting Sep 01 09:55:11 @ipdest HSL: @ip1:port1 <-> @ip2:port2 \| @ip3:port3 <-> @i... by MAMAOUI Explorer in Splunk Search 11-15-2017 0 3	0	3
Splunk removes all items from chart apart from OTHER I have a timechart that shows timechart span=5s fixedrange=f limit=20 perc90(time_taken) by request over 70 minut... by bowesmana SplunkTrust in Splunk Search 11-15-2017 2 5	2	5
How to filter columns in a search query splunk Hi Guys, I have a simple question. I have a search query, and it basically outputs lots of fields. Is there a way of... by mahbs Path Finder in Splunk Search 11-15-2017 0 3	0	3
Search for a random IP then place it in a variable Currently I have many logs in most of which there are random IPs. I want to perform e search which will filter all ... by tsvetan Explorer in Splunk Search 11-15-2017 0 2	0	2
How to set time frame for base search as 30 minute interval? Hi Everyone, Need your help in order to resolve issue. I need time frame for the base search of my dashboard as 30 ... by nilaksh92 Path Finder in Splunk Search 11-15-2017 0 3	0	3
How to replace the value when another field has "error"? If the "delta_value" is more than 2 then I'd like to replace the value1 to "error" Raw data No, _time, value1, de... by syokota_splunk Splunk Employee in Splunk Search 11-14-2017 0 8	0	8
how do I rank nodality from kmeans data I have been trying to do kmeans analysis of some data. I see some of my evaluation points falling into lots of clust... by MonkeyK Builder in Splunk Search 11-14-2017 0 2	0	2
Events from Docker do not have proper field extractions We are sending test data from a docker container to splunk via the splunk logging driver. I am able to vie the data b... by rwardwell Explorer in Splunk Search 11-14-2017 0 1	0	1
Windows Event Log 4625 - Eval Account_Name Search Issue Hello, I have the following search: index=security_wineventlog EventCode=4625 \| table _time, Workstation_Name, Sour... by zward Path Finder in Splunk Search 11-14-2017 0 2	0	2
Using Stats List to get multiple UserIDs into a single field by IP. Need to sort by UserID Might have trouble explaining this in an understandable way, might be why I was unable to google my answer. I'm usi... by GenericSplunkUs Path Finder in Splunk Search 11-14-2017 0 6	0	6
Why does geostats represent one and two arguments differently? Im trying to represent som values with geostats, when I do this: \| geostats values(OK) by name geostats present th... by snorri Path Finder in Splunk Search 11-14-2017 0 1	0	1
Can I do "add to search" without kicking off a new search? Sometimes when I am looking at search results, I would like to add several field's values to my search terms. Ideally... by MonkeyK Builder in Splunk Search 11-14-2017 1 1	1	1
Combine events based on timestamps in event I have events as following Category=a starttime="2017-11-14 05:25:22" Category=b starttime="2017-11-14 05:29:22" Cate... by manuarora12 New Member in Splunk Search 11-14-2017 0 2	0	2
How to group results from two rex together into one Column Chart? I am doing a search query where there will be a dynamic client ID with either a success or a failure result code -- ... by lordhans Explorer in Splunk Search 11-14-2017 0 2	0	2
eval to create temporary field for sorting I have a filed1 whose values are like below TS - asfdfe sdrerw TS - ieirrrr werr TS - ierr werflll BS - errriowr ere... by surekhasplunk Communicator in Splunk Search 11-14-2017 0 6	0	6
Can I custom code a Splunk table to include JSON in a cell (without having the line feeds/endings removed)? I have a Splunk application I am developing where I must put a pretty-print formatted JSON into the cell of a Splunk ... by jimdiconectiv Path Finder in Splunk Search 11-14-2017 0 7	0	7
Search for users logons from different geo locations I have build a query so far to look at users who log on from 2 different geo locations, however index=microsoft \|... by ecanmaster Explorer in Splunk Search 11-14-2017 0 1	0	1
Iist IPs from different columns Is it an easy way to list IP's from different columns into one? For instance, header ip1 ip2 ip3 ... by splunkrocks2014 Communicator in Splunk Search 11-14-2017 0 2	0	2
How can I write a search to find hosts that are not sending logs to Splunk or show the last time a host sent logs to Splunk? Hi we have list of hosts that are logging splunk and sending logs to splunk .Since when i created the lookup to check... by splunker969 Communicator in Splunk Search 11-14-2017 1 9	1	9