Splunk Search

Community Activity

Using MVZip and MVExpand on MultiValue fields where one node sometimes exists Hello friendly Splunk community, May I ask your assistance in dealing with a multivalue field that sometimes contain... by blairmd New Member in Splunk Search 11-13-2017 0 4	0	4
How do I create a piechart visualization with the count of two field values and the sum of both displayed? I have a query that gives me the count of certain events with keyword 'ab' OR with keyword 'pq'. The query is like th... by zacksoft Contributor in Splunk Search 11-13-2017 0 7	0	7
How can I get the count of two different field values in the same search? My splunk query is , host=x OR host=y OR host=z nfs1 \| stats count as nfs1_count In the above case nfs1 field is s... by zacksoft Contributor in Splunk Search 11-13-2017 0 34	0	34
counting combination of fields Hi, How would I count a combination of fields in splunk? For example, I have a "from_ip_addr" and a "to_ip_addr" in ... by a212830 Champion in Splunk Search 11-12-2017 0 6	0	6
How to get percentages of value pairs I have a very large set of retail data. The significant fields for this query are store_no, transaction_amt, zip, eth... by behudelson Path Finder in Splunk Search 11-12-2017 0 3	0	3
Difference calculation different time in different column Hi I want to calculate/simulate a data to analysis price difference, my data set in picture, Process like this ... by abdulvehhaba Path Finder in Splunk Search 11-12-2017 0 5	0	5
Top 10 values for each field value Hi, I have a data that contains the field 'regression_target'. I want to get the top 10 rows by 'regression_tests' f... by matansocher Contributor in Splunk Search 11-12-2017 0 3	0	3
Nested Splunk Query - Time of event within consolidate events Hello All, Sorry relativly new to splunk - and so this query may be a pile of garbage! To sumerise, i have a query ... by JgTheGreat Engager in Splunk Search 11-12-2017 0 3	0	3
Maximum output of fieldsummary (or table *) Hi All, I have a large data set with lots of fields and I want that in a table. However this is not working correctl... by FrankSPL Path Finder in Splunk Search 11-12-2017 0 3	0	3
Usernames Failed to Login against an IP Address \| which other IP Addresses has that Username Failed to login against? Hello, I'm looking for a query, which looks for successful [ or unsuccessful ] brute force attempts, and then to ta... by JgTheGreat Engager in Splunk Search 11-11-2017 0 3	0	3
How do I search within results of a search that has already run? Sometimes I write a brutal search that takes a very long time to run and then realize that I need to do something mor... by MonkeyK Builder in Splunk Search 11-10-2017 0 2	0	2
filter by duplication of records \|tlp\|lasttime\|reporttime\|count\|itype\|indicator\|cc\|asn\|asn_desc\|confidence\|description\|tags\|rdata\| provider .... i ha... by kunalpatil111 New Member in Splunk Search 11-10-2017 0 2	0	2
populating input dropdown with regex search Hi splunk community, am trying to populating input dropdown with results from regex search and i'm fairly sure it's m... by eddychuah Path Finder in Splunk Search 11-10-2017 0 4	0	4
Using Splunk query with transaction 1) I want to count the number of occurences of the HTTP URL with p(95) response time for url invocation: https://exam... by gvanjre New Member in Splunk Search 11-10-2017 0 2	0	2
Splunk Search Log SearchOperator:kv When I use the Job Inspector to view the Search Log of a completed search, I find hundreds of entries tagged: SearchO... by pkeller Contributor in Splunk Search 11-10-2017 3 5	3	5
How do you display the # of requests per 24 hours of log access (Between 00:00:00 and 23:59:59) for set of keywords? I have a set of keywords which I need to search and generate the output similar to https://answers.splunk.com/answer... by saifullakhalid Explorer in Splunk Search 11-10-2017 0 8	0	8
What causes unioned data sets to be truncated? Hi Splunk Experts-- I'm confused about the union command and am hoping you can help. Specifically, I'm struggling to... by jsinnott_ Explorer in Splunk Search 11-10-2017 1 4	1	4
Question about the metrics index in Splunk 7.0.0 and search efficiency In the splunk system we developed, we have 2.8 billion records as of now. The problem is that it's a single configur... by ako_y New Member in Splunk Search 11-10-2017 0 1	0	1
metadata search in a macro doesnt seem to work Hi, I am trying to put a metadata search into a macro, but having trouble making it work. The macro is something li... by pj Contributor in Splunk Search 11-10-2017 1 4	1	4
lookup two csv pattern match query I have a requirement like this from file1.csv lookup file i am getting 2 fields field1 ... by surekhasplunk Communicator in Splunk Search 11-10-2017 0 3	0	3
Why are the legend and stacking order of this bar chart opposites? When creating a stacked bar chart and putting the legend definitions on top, the legend order is reverse of the stack... by Rolthers Engager in Splunk Search 11-10-2017 0 13	0	13
updating a lookup after query result returned I have a lookup table that looks like this _time,action,source <time>,completed,<source> <time>,completed,<source> <... by proylea Contributor in Splunk Search 11-10-2017 0 12	0	12
Use wildcard in source? I have a directory C:\logs in this directory I have multiple files: 1: logging-projectname-0.log (There can be mult... by nishantjiit New Member in Splunk Search 11-10-2017 0 9	0	9
How do you display the # of requests per 24 hours of log access (Between 00:00:00 and 23:59:59)? How to write a query which displays all the requests count for every hour in 24 hours access logs. The log timings ar... by saifullakhalid Explorer in Splunk Search 11-10-2017 0 15	0	15
Incomplete lookup results Hi everyone! We've been randomly facing with rather annoying and critical issue while working with lookups: sometime... by iKate Builder in Splunk Search 11-10-2017 0 7	0	7