Splunk Search

Community Activity

Regex in query Hi, Can anyone help with a regex to extract into a new field anything contained within raw data after a #? For exam... by jacqu3sy Path Finder in Splunk Search 10-15-2017 0 5	0	5
Need a little help converting seconds to days, hours, minutes Hi all, Windows reports everything in really long seconds uptime fields. I want to convert that to days, hours, min... by gabarrygowin Path Finder in Splunk Search 10-14-2017 0 14	0	14
Searching for matches during specific times My search is something like: index=foo "get /foo/bar"\| eval a=_time+1s\| eval b=_time+10m \| table a,b,ip, field1, fie... by jfarns New Member in Splunk Search 10-14-2017 0 1	0	1
Which command or stanza can be used to decide which fields are extracted at search time to improve performance? As far as I know, fields- does not improve performance, and I'm looking for a better option. by dannyzen Explorer in Splunk Search 10-14-2017 0 6	0	6
How can I fix my double timechart graphs? I want to see 2 timecharts that each 1 contains different counter my search is: source="perfmon:test" counter="Priva... by netanelm7 Path Finder in Splunk Search 10-14-2017 0 10	0	10
Streamstats Question Using this query below could you help me identify servers that were added on a daily basis? example today is friday 1... by jhayIV Engager in Splunk Search 10-14-2017 0 1	0	1
My values are not showing on map Hello, Im very new with Splunk. Can you please tell me what is missing on my search string eventtype=security * use... by bryso25 New Member in Splunk Search 10-14-2017 0 2	0	2
Is it possible to use a single rex command to deal with multiple scenarios? Hello All, I am trying to write a single rex command that will handle a number of different field entires. Basicall... by andrewtrobec Motivator in Splunk Search 10-14-2017 0 2	0	2
How can I find values within a specific range/ make sure each value meets the criteria of a particular range? Hello, We have the following search: index="blah" \| stats values(Change), values(Volume), values(Price) by Symbol... by agoktas Communicator in Splunk Search 10-13-2017 0 2	0	2
Why is my eval if() not working consistantly I'm having a difficult time getting what I believe is a simple eval command to work as I would expect. What I'm tryi... by rrustong Explorer in Splunk Search 10-13-2017 0 3	0	3
Matching two expressions to one field I am trying to extract a field from logs that look like this: Apr 28 07:45:22.992 On [2:18]20.5.4.1:5070 sent to 102... by markmcd Path Finder in Splunk Search 10-13-2017 1 5	1	5
How to use streamstats to calculate device availability I have some device logs and am trying to determine the outage (downtime) duration. Problem I have here is that event... by vasud New Member in Splunk Search 10-13-2017 0 1	0	1
How can I run stats sum as command on same search for two different values? I have the following search: index="data_integration" host="sampledata" sourcetype="csv" Object_Account="4*" OR Obje... by tonahoyos Explorer in Splunk Search 10-13-2017 0 12	0	12
Use count from first search in the Where Clause of the subsearch I want to use the count from the first search "FilesImported" as criteria in the where clause of the subsearch. Files... by griffinpair Path Finder in Splunk Search 10-13-2017 0 2	0	2
Re-assigning or deleting the orphaned searches What is the best way to delete or re-assign the orphaned searches?. I have around more than 100 orphaned searches whi... by splunkgk Path Finder in Splunk Search 10-13-2017 0 2	0	2
Drill down to dashboard with hidden table Hey, I am trying to drill down from one dashboard to another and show a table with the selected category in the tar... by safiasheikh New Member in Splunk Search 10-13-2017 0 1	0	1
compare response time from yesterday to today Trying to compare response time from yesterday to today. This search seems to be working, but very, very slow. Any ... by mightaswelby Explorer in Splunk Search 10-13-2017 0 4	0	4
Help writing a search to count by event type? eventtype=* \|stats count by eventtype which works. However, in a dashboard below query doesn't work. Any suggestions... by archananaveen Explorer in Splunk Search 10-13-2017 0 2	0	2
Regex to find Account_Name's that end in a $ and \ isn't stopping it's special char nature I want to find all names in Account_Name that end with a $ and not ones that don't. IE: I want NAME1$ but not NAME2. ... by benbabich Explorer in Splunk Search 10-13-2017 0 4	0	4
Predict by My search result: _time Location Total 01/01/13 12:00:00.000 AM Location 1 12 02/01/13 ... by Parameshwara Path Finder in Splunk Search 10-13-2017 0 5	0	5
How to not evaluate something during a certain time period? So, I have a search query that calculates a field but I wanted to know if there is a way to check if it is a certain ... by kdimaria Communicator in Splunk Search 10-13-2017 0 1	0	1
How to extract the fields from JSON output and display as table {<!-- --> "ERROR_CODE" : "XXX-XXX-00000", "ERROR_DESC" : "Success." }, "accountBalances" : {<!-- --> "accountNumber13... by yograjpatel New Member in Splunk Search 10-13-2017 0 7	0	7
Help needed in extracting string between two similar strings I have a log mentioned below: ERROR: Cannot retrieve requested details in 103 ms cause: [50000] ERROR: Building prof... by Nadal7noval New Member in Splunk Search 10-13-2017 0 2	0	2
Count combination of multivalue field Hi, I wonder whether someone can help me please. I'm using the query below to extract the different actions performe... by IRHM73 Motivator in Splunk Search 10-13-2017 0 2	0	2
i want to show two decimals after integer without changing values and if we give integer(52) also then output like 52.00 HI, a=0.54689556898 b=1.25698 c=0.5 d=51 I want output like a=0.54 b=1.25 c=0.50 d=51.00 Please do needful, how t... by venu08673 New Member in Splunk Search 10-13-2017 0 4	0	4