Splunk Search

Community Activity

Streamstats Question Using this query below could you help me identify servers that were added on a daily basis? example today is friday 1... by jhayIV Engager in Splunk Search 10-14-2017 0 1	0	1
My values are not showing on map Hello, Im very new with Splunk. Can you please tell me what is missing on my search string eventtype=security * use... by bryso25 New Member in Splunk Search 10-14-2017 0 2	0	2
Is it possible to use a single rex command to deal with multiple scenarios? Hello All, I am trying to write a single rex command that will handle a number of different field entires. Basicall... by andrewtrobec Motivator in Splunk Search 10-14-2017 0 2	0	2
How can I find values within a specific range/ make sure each value meets the criteria of a particular range? Hello, We have the following search: index="blah" \| stats values(Change), values(Volume), values(Price) by Symbol... by agoktas Communicator in Splunk Search 10-13-2017 0 2	0	2
Why is my eval if() not working consistantly I'm having a difficult time getting what I believe is a simple eval command to work as I would expect. What I'm tryi... by rrustong Explorer in Splunk Search 10-13-2017 0 3	0	3
Matching two expressions to one field I am trying to extract a field from logs that look like this: Apr 28 07:45:22.992 On [2:18]20.5.4.1:5070 sent to 102... by markmcd Path Finder in Splunk Search 10-13-2017 1 5	1	5
How to use streamstats to calculate device availability I have some device logs and am trying to determine the outage (downtime) duration. Problem I have here is that event... by vasud New Member in Splunk Search 10-13-2017 0 1	0	1
How can I run stats sum as command on same search for two different values? I have the following search: index="data_integration" host="sampledata" sourcetype="csv" Object_Account="4*" OR Obje... by tonahoyos Explorer in Splunk Search 10-13-2017 0 12	0	12
Use count from first search in the Where Clause of the subsearch I want to use the count from the first search "FilesImported" as criteria in the where clause of the subsearch. Files... by griffinpair Path Finder in Splunk Search 10-13-2017 0 2	0	2
Re-assigning or deleting the orphaned searches What is the best way to delete or re-assign the orphaned searches?. I have around more than 100 orphaned searches whi... by splunkgk Path Finder in Splunk Search 10-13-2017 0 2	0	2
Drill down to dashboard with hidden table Hey, I am trying to drill down from one dashboard to another and show a table with the selected category in the tar... by safiasheikh New Member in Splunk Search 10-13-2017 0 1	0	1
compare response time from yesterday to today Trying to compare response time from yesterday to today. This search seems to be working, but very, very slow. Any ... by mightaswelby Explorer in Splunk Search 10-13-2017 0 4	0	4
Help writing a search to count by event type? eventtype=* \|stats count by eventtype which works. However, in a dashboard below query doesn't work. Any suggestions... by archananaveen Explorer in Splunk Search 10-13-2017 0 2	0	2
Regex to find Account_Name's that end in a $ and \ isn't stopping it's special char nature I want to find all names in Account_Name that end with a $ and not ones that don't. IE: I want NAME1$ but not NAME2. ... by benbabich Explorer in Splunk Search 10-13-2017 0 4	0	4
Predict by My search result: _time Location Total 01/01/13 12:00:00.000 AM Location 1 12 02/01/13 ... by Parameshwara Path Finder in Splunk Search 10-13-2017 0 5	0	5
How to not evaluate something during a certain time period? So, I have a search query that calculates a field but I wanted to know if there is a way to check if it is a certain ... by kdimaria Communicator in Splunk Search 10-13-2017 0 1	0	1
How to extract the fields from JSON output and display as table {<!-- --> "ERROR_CODE" : "XXX-XXX-00000", "ERROR_DESC" : "Success." }, "accountBalances" : {<!-- --> "accountNumber13... by yograjpatel New Member in Splunk Search 10-13-2017 0 7	0	7
Help needed in extracting string between two similar strings I have a log mentioned below: ERROR: Cannot retrieve requested details in 103 ms cause: [50000] ERROR: Building prof... by Nadal7noval New Member in Splunk Search 10-13-2017 0 2	0	2
Count combination of multivalue field Hi, I wonder whether someone can help me please. I'm using the query below to extract the different actions performe... by IRHM73 Motivator in Splunk Search 10-13-2017 0 2	0	2
i want to show two decimals after integer without changing values and if we give integer(52) also then output like 52.00 HI, a=0.54689556898 b=1.25698 c=0.5 d=51 I want output like a=0.54 b=1.25 c=0.50 d=51.00 Please do needful, how t... by venu08673 New Member in Splunk Search 10-13-2017 0 4	0	4
why i am finding count difference in timechart function Hi, When i run a search for 7 days , i am getting correct count for all 7 days .But when i run for 30 days then i am... by umsundar2015 Path Finder in Splunk Search 10-13-2017 0 6	0	6
How to calculate response time for this particular event ? How to calculate response time for this particular event ? I used to transaction command to club the data for same t... by karthi2809 Builder in Splunk Search 10-13-2017 0 1	0	1
How to figure out which lookup .csv file a certain index is using? In Splunk, how do I figure out which lookup .csv file a certain index is using? In other words, how to find which ind... by chow11 New Member in Splunk Search 10-13-2017 0 8	0	8
Which regex code will help pull out the xml fields? Everything repeats from VULN to VULN It is necessary to pull out the Number of VULN, severity, cveid, CVSS_BASE, CON... by sphc Explorer in Splunk Search 10-13-2017 0 3	0	3
Timechart and overlay two columns? I have a field outcomeIndicator in my data, that holds values 0,1,5,8. 0 and 1 mean a success of the event, and 5 an... by snipedown21 Path Finder in Splunk Search 10-13-2017 0 2	0	2