Splunk Search

Community Activity

How to find min and max per hour during day by host ? If I use such SPL index=_internal \| timechart span=1h count by host \| stats max() AS ."max", min() as ."min" ... by exmuzzy Explorer in Splunk Search 10-16-2017 0 5	0	5
MultiValue Table from Json array Hello everyone, I search a very longtime on internet and splunk doc and i didn't get what i want well i have this Js... by OualidAn Engager in Splunk Search 10-16-2017 1 2	1	2
How can I extract this pattern from my raw data using rex command? \"ProductAccountNumber\":\"5342534253425342\" Hi, Can someone able to help me please. I'm very new to using Splunk and most certainly to the rex command and regu... by tanvi1g New Member in Splunk Search 10-15-2017 0 2	0	2
Splunk Hunkのジョブ調査結果取得無効方法について Splunk Hunk(splunk analytics for hadoop)を使用しています。バージョンは6.6.1です。「ジョブの調査」をクリックすると表示される実行コストなどの情報取得を無効にする方法を教えてください。 by kazuhiro_yamada Explorer in Splunk Search 10-15-2017 0 2	0	2
How to match values within a multi-value column I'm putting together a search that lists all of the IP addresses associated with scanning my firewall. Due to the fac... by joeldavideng Path Finder in Splunk Search 10-15-2017 0 2	0	2
Chart question i have a table like date. prduct, price 171015, abc, 10 171015, CDE, 15 171014, abc, 8 171014 CDE, 9 how can i put i... by kennethyeung New Member in Splunk Search 10-15-2017 0 5	0	5
Fill into multiselect input by clicking a table element (drill down) Hi folks, I have tried to create a table drill down to insert elements into a multiselect input, that are already s... by BMacher Path Finder in Splunk Search 10-15-2017 0 4	0	4
Function startSearch() is not a function. Facing issues to run a search using SearchManager. The error says that function startSearch() is not a function. I am... by danillopavan Communicator in Splunk Search 10-15-2017 0 3	0	3
Return a custom table with empty results when no results on base search Hi, I have the following search, and sometimes it doesn't get any results. When there are no values to return, I want... by matansocher Contributor in Splunk Search 10-15-2017 0 1	0	1
Add sum events in separate column it is my search host="splunk.local"\|bucket _time span=1mon \| stats count by event my question is : To sum the total... by khanlarloo Explorer in Splunk Search 10-15-2017 0 2	0	2
Regex in query Hi, Can anyone help with a regex to extract into a new field anything contained within raw data after a #? For exam... by jacqu3sy Path Finder in Splunk Search 10-15-2017 0 5	0	5
Need a little help converting seconds to days, hours, minutes Hi all, Windows reports everything in really long seconds uptime fields. I want to convert that to days, hours, min... by gabarrygowin Path Finder in Splunk Search 10-14-2017 0 14	0	14
Searching for matches during specific times My search is something like: index=foo "get /foo/bar"\| eval a=_time+1s\| eval b=_time+10m \| table a,b,ip, field1, fie... by jfarns New Member in Splunk Search 10-14-2017 0 1	0	1
Which command or stanza can be used to decide which fields are extracted at search time to improve performance? As far as I know, fields- does not improve performance, and I'm looking for a better option. by dannyzen Explorer in Splunk Search 10-14-2017 0 6	0	6
How can I fix my double timechart graphs? I want to see 2 timecharts that each 1 contains different counter my search is: source="perfmon:test" counter="Priva... by netanelm7 Path Finder in Splunk Search 10-14-2017 0 10	0	10
Streamstats Question Using this query below could you help me identify servers that were added on a daily basis? example today is friday 1... by jhayIV Engager in Splunk Search 10-14-2017 0 1	0	1
My values are not showing on map Hello, Im very new with Splunk. Can you please tell me what is missing on my search string eventtype=security * use... by bryso25 New Member in Splunk Search 10-14-2017 0 2	0	2
Is it possible to use a single rex command to deal with multiple scenarios? Hello All, I am trying to write a single rex command that will handle a number of different field entires. Basicall... by andrewtrobec Motivator in Splunk Search 10-14-2017 0 2	0	2
How can I find values within a specific range/ make sure each value meets the criteria of a particular range? Hello, We have the following search: index="blah" \| stats values(Change), values(Volume), values(Price) by Symbol... by agoktas Communicator in Splunk Search 10-13-2017 0 2	0	2
Why is my eval if() not working consistantly I'm having a difficult time getting what I believe is a simple eval command to work as I would expect. What I'm tryi... by rrustong Explorer in Splunk Search 10-13-2017 0 3	0	3
Matching two expressions to one field I am trying to extract a field from logs that look like this: Apr 28 07:45:22.992 On [2:18]20.5.4.1:5070 sent to 102... by markmcd Path Finder in Splunk Search 10-13-2017 1 5	1	5
How to use streamstats to calculate device availability I have some device logs and am trying to determine the outage (downtime) duration. Problem I have here is that event... by vasud New Member in Splunk Search 10-13-2017 0 1	0	1
How can I run stats sum as command on same search for two different values? I have the following search: index="data_integration" host="sampledata" sourcetype="csv" Object_Account="4*" OR Obje... by tonahoyos Explorer in Splunk Search 10-13-2017 0 12	0	12
Use count from first search in the Where Clause of the subsearch I want to use the count from the first search "FilesImported" as criteria in the where clause of the subsearch. Files... by griffinpair Path Finder in Splunk Search 10-13-2017 0 2	0	2
Re-assigning or deleting the orphaned searches What is the best way to delete or re-assign the orphaned searches?. I have around more than 100 orphaned searches whi... by splunkgk Path Finder in Splunk Search 10-13-2017 0 2	0	2