Splunk Search

Community Activity

How do I break into multiple events just by space? I want the one event in the picture to be broken into many events with the spaces in between. How do I do so with pro... by Kitteh Path Finder in Splunk Search 10-12-2017 0 7	0	7
How do you write a search for an incremental count for a field evaluating success vs. failure? My output is Success Success Success Failure Failure Faliure Success Success Success Failure Success Success Succes... by karthikeyan_k14 New Member in Splunk Search 10-12-2017 0 1	0	1
How to subset top N records from the number generated from eventstats Hi Splunk friends, I am new to Splunk community and currently facing a question. I have below table which was gene... by zztc2004 Explorer in Splunk Search 10-12-2017 0 6	0	6
Using regex to extract a string where the following string may or may not exist Hi, I am trying to extract some fields which are generally bound by other strings (eg Some Text 1 Some Text 2). I h... by rhysjones Path Finder in Splunk Search 10-12-2017 0 13	0	13
Extract string and place in new field Trying to extract a string into a new field. A sample of log is as follows: productName = Special Day Argyle Socks f... by sogeniusio Path Finder in Splunk Search 10-12-2017 0 3	0	3
How to convert Week of Year number to a standard Date format? Hi, I have a set of data where the date is stored as Year/Week of Year. For example: this week would be 14/43 while... by mrfredman Path Finder in Splunk Search 10-12-2017 0 6	0	6
How much data is indexed over 12 months Hello, I'm looking for a report that shows the currenct size of my Splunk Indexer and how much of that data is over 1... by fmpa_isaac Path Finder in Splunk Search 10-12-2017 0 2	0	2
Sum and average of values present in two columns of an output Hi All, I would like to get the average for Failed_Attempts and Passed_Authentications of the below table, _time ... by yashwanth_g_pra Observer in Splunk Search 10-12-2017 0 2	0	2
unable to start the splunk on my mac os High Sierra system I install the splunk to my mac for several times, but I still cannot be able to start it. Here is screenshoot when I... by jasonq551 Engager in Splunk Search 10-12-2017 0 2	0	2
How do I chart rare values? Hello! I'm fairly new to Splunk, and I'm using my Minecraft server logs to chart some data. I am having a hard time ... by jonkeiser Engager in Splunk Search 10-12-2017 0 2	0	2
Which command works better to see lookup fields in fields sidebar? In order to view lookup fields in the fields sidebar which command would be used to get faster results. I know to use... by dannyzen Explorer in Splunk Search 10-12-2017 0 2	0	2
Search query that filters results by geolocation Simply put i index a logon log to one of our services. I would like to create a table that would show me results base... by ptur Path Finder in Splunk Search 10-12-2017 0 2	0	2
How to combine a search with a data model without the JOIN operator? Hi experts, I try to combine a normal search with a data model without the JOIN operator, because of the slow proces... by christopherwern New Member in Splunk Search 10-12-2017 0 1	0	1
stats sum command dosen't works Hi guys, I already used the "stats sum" command several time but I just noticed that for one particular index, the c... by adecroix New Member in Splunk Search 10-12-2017 0 14	0	14
Splitting stats count results into 2 sepereate Columns hi can someone please help me with this, ive been trying and searching but no luck. i want to split the "Delivered" f... by nic28 New Member in Splunk Search 10-12-2017 0 4	0	4
Merge similar field values Running the following query gives me a result with different field values. index="XXXX" host="POLO*" \| stats count b... by koushiknandan New Member in Splunk Search 10-12-2017 0 4	0	4
Reached the subsearch limits, so I'm trying to use stats and having trouble with my search Hello, new to splunk, I was able to create a the following query: index="ops" sourcetype="tradeaudit3Q17" \| table... by KJDII Explorer in Splunk Search 10-12-2017 0 3	0	3
Trying to sum values of fields with similar names All, I have dates where the field names are: 20A1,20A2,20A3,20B1,20B2,20B3,20C1,20C2,20C3 1,3,4,5,5,5,6,6,6 I am tr... by srobinsonxtl Path Finder in Splunk Search 10-12-2017 0 5	0	5
How can I compare count "so far" today with same range yesterday? I'm trying to use a single value with the trendline indicator to display this query: \|tstats count as count where ind... by lyndac Contributor in Splunk Search 10-12-2017 0 4	0	4
Show Total count on Stacked bar/column chart I have simple stacked bar graph. I want to show the total of each stack and also want it part of the scheduled pdf. C... by arunbs Explorer in Splunk Search 10-12-2017 1 3	1	3
how can i pass the field values from one search to my subsearch or to another search index=xx sourcetype=yy \|eval ..\|table aa [\| search index=xx1 sourcetype=yy1 yy=aa values \|table yy zz ff ] in a sin... by Nadhiya123 Explorer in Splunk Search 10-12-2017 0 5	0	5
Count by column with clausule where and fill with 0 if not found Hello, So situation is \| stats count by col1 \| where col1 IN ("tmp1", "tmp2", "tmp3") and i call this for last 5 ... by miki73 Engager in Splunk Search 10-11-2017 0 2	0	2
Is there any workaround in Splunk to make a star to be considered as constant instead of wild card? I have some fields as follows sql="Select * from & ABC" sql="Select * from xyz.ABC" sql="Select * from gh2_ABC" sql... by pavanae Builder in Splunk Search 10-11-2017 0 2	0	2
Transaction grouping help Below is my net cool event logs sample: IMPACTVERSION=8, LOG_ID=123456, LOG_DT=2017-09-21 21:45:11, STARTTIME=2017-... by SridharS Path Finder in Splunk Search 10-11-2017 0 4	0	4
Proofpoint - Count occurrences AFTER Grouping via Transaction Command There are log entries as seen below. When they are SEPARATE events, the following command works to count the # of o... by RB5 Path Finder in Splunk Search 10-11-2017 0 2	0	2