Splunk Search

Community Activity

Using Splunk query with transaction 1) I want to count the number of occurences of the HTTP URL with p(95) response time for url invocation: https://exam... by gvanjre New Member in Splunk Search 11-10-2017 0 2	0	2
Splunk Search Log SearchOperator:kv When I use the Job Inspector to view the Search Log of a completed search, I find hundreds of entries tagged: SearchO... by pkeller Contributor in Splunk Search 11-10-2017 3 5	3	5
How do you display the # of requests per 24 hours of log access (Between 00:00:00 and 23:59:59) for set of keywords? I have a set of keywords which I need to search and generate the output similar to https://answers.splunk.com/answer... by saifullakhalid Explorer in Splunk Search 11-10-2017 0 8	0	8
What causes unioned data sets to be truncated? Hi Splunk Experts-- I'm confused about the union command and am hoping you can help. Specifically, I'm struggling to... by jsinnott_ Explorer in Splunk Search 11-10-2017 1 4	1	4
Question about the metrics index in Splunk 7.0.0 and search efficiency In the splunk system we developed, we have 2.8 billion records as of now. The problem is that it's a single configur... by ako_y New Member in Splunk Search 11-10-2017 0 1	0	1
metadata search in a macro doesnt seem to work Hi, I am trying to put a metadata search into a macro, but having trouble making it work. The macro is something li... by pj Contributor in Splunk Search 11-10-2017 1 4	1	4
lookup two csv pattern match query I have a requirement like this from file1.csv lookup file i am getting 2 fields field1 ... by surekhasplunk Communicator in Splunk Search 11-10-2017 0 3	0	3
Why are the legend and stacking order of this bar chart opposites? When creating a stacked bar chart and putting the legend definitions on top, the legend order is reverse of the stack... by Rolthers Engager in Splunk Search 11-10-2017 0 13	0	13
updating a lookup after query result returned I have a lookup table that looks like this _time,action,source <time>,completed,<source> <time>,completed,<source> <... by proylea Contributor in Splunk Search 11-10-2017 0 12	0	12
Use wildcard in source? I have a directory C:\logs in this directory I have multiple files: 1: logging-projectname-0.log (There can be mult... by nishantjiit New Member in Splunk Search 11-10-2017 0 9	0	9
How do you display the # of requests per 24 hours of log access (Between 00:00:00 and 23:59:59)? How to write a query which displays all the requests count for every hour in 24 hours access logs. The log timings ar... by saifullakhalid Explorer in Splunk Search 11-10-2017 0 15	0	15
Incomplete lookup results Hi everyone! We've been randomly facing with rather annoying and critical issue while working with lookups: sometime... by iKate Builder in Splunk Search 11-10-2017 0 7	0	7
How to compare a field from one sourcetype with another sourcetype then return the result in a new field? Hello, Hoping someone can help, I'm new to Splunk. Lets say I have the following source types: "event_alert" - cont... by Zerophage New Member in Splunk Search 11-10-2017 0 1	0	1
inputlookup csv two files get the data Hi, I have two input lookup files. input1.csv and input2.csv Am getting "Maintenance for application" as value for ... by surekhasplunk Communicator in Splunk Search 11-09-2017 0 3	0	3
Timechart in the same table based on column Hi, I have the below 2 searches, which work fine. I need to put the output of both the searches in a single table so... by archananaveen Explorer in Splunk Search 11-09-2017 0 2	0	2
How do I use the latest/newest value to be used as a value? I am trying to use the latest "Value" from the last Added/Updated Registry Key but however it took in the oldest resu... by Kitteh Path Finder in Splunk Search 11-09-2017 0 3	0	3
Join 2 sourcetype on on field if time difference between 2 records is less than 3 seconds So I have 2 different source types which I can join using DEVICE field. But I wan to join records if and only if time... by anujshah Engager in Splunk Search 11-09-2017 1 3	1	3
What do I need to alter in my search to get these fields? Hi , We have two lists of CSV files. Each one has 500 hosts and for each we need to figure out among hosts which are... by splunker969 Communicator in Splunk Search 11-09-2017 1 13	1	13
Dashboard: Replacing default text for empty reports I'm developing a dashboard to display the results of several saved searches and everything's looking nice. I just wa... by AndreasBalster Explorer in Splunk Search 11-09-2017 0 6	0	6
Get last 3 events based on time in 1 index when an error happens in a different index I have the below search where i get an errot and then i want to pull through the last 3 events prior to that error bu... by Sfry1981 Communicator in Splunk Search 11-09-2017 0 3	0	3
How to see all values in a field It says 41 values exist, but it's only showing 10. How do I see the rest, and select from them with checkboxes? This ... by tmontney Builder in Splunk Search 11-09-2017 1 2	1	2
Delta over Multiple SIDs In my raw data I have a lot of values for a field called "sid". For each of those values I want to calculate the del... by markschoonover Explorer in Splunk Search 11-09-2017 0 2	0	2
How can I search for events that match two subsearches? I'm trying to pull back events that have a specific field value, but should only return events that match that field ... by spohara79 Explorer in Splunk Search 11-09-2017 0 5	0	5
How to group uri strings inside a case statement based on a substring portion of a uri I have three types of uris stored in a field called uri. The uris are as follows: First type: /a/b/c/1/d /a/b/c/2/d ... by gokadroid Motivator in Splunk Search 11-09-2017 0 4	0	4
Get last login time based upon a list of accounts in a CSV lookup file I have a list of accounts that I wish to monitor in a csv file, say accounts.csv. The file looks like: userid,name,d... by pfhendr Explorer in Splunk Search 11-09-2017 0 2	0	2