Splunk Search

Community Activity

why i am finding count difference in timechart function Hi, When i run a search for 7 days , i am getting correct count for all 7 days .But when i run for 30 days then i am... by umsundar2015 Path Finder in Splunk Search 10-13-2017 0 6	0	6
How to calculate response time for this particular event ? How to calculate response time for this particular event ? I used to transaction command to club the data for same t... by karthi2809 Builder in Splunk Search 10-13-2017 0 1	0	1
How to figure out which lookup .csv file a certain index is using? In Splunk, how do I figure out which lookup .csv file a certain index is using? In other words, how to find which ind... by chow11 New Member in Splunk Search 10-13-2017 0 8	0	8
Which regex code will help pull out the xml fields? Everything repeats from VULN to VULN It is necessary to pull out the Number of VULN, severity, cveid, CVSS_BASE, CON... by sphc Explorer in Splunk Search 10-13-2017 0 3	0	3
Timechart and overlay two columns? I have a field outcomeIndicator in my data, that holds values 0,1,5,8. 0 and 1 mean a success of the event, and 5 an... by snipedown21 Path Finder in Splunk Search 10-13-2017 0 2	0	2
How can I use tstats to search event count comparing with last week a the same time I have a search that works with stats - but fail to work when using tstats.. Here is the search with stats: index=w... by splunk_pn Explorer in Splunk Search 10-12-2017 1 2	1	2
How to extract the numeric value and IP address from a string in my sample data? hello, My log contains below entries. 2017-10-06T04:19:25.658+0000 I NETWORK [initandlisten] connection accepted f... by chandukreddi Path Finder in Splunk Search 10-12-2017 1 15	1	15
How do I break into multiple events just by space? I want the one event in the picture to be broken into many events with the spaces in between. How do I do so with pro... by Kitteh Path Finder in Splunk Search 10-12-2017 0 7	0	7
How do you write a search for an incremental count for a field evaluating success vs. failure? My output is Success Success Success Failure Failure Faliure Success Success Success Failure Success Success Succes... by karthikeyan_k14 New Member in Splunk Search 10-12-2017 0 1	0	1
How to subset top N records from the number generated from eventstats Hi Splunk friends, I am new to Splunk community and currently facing a question. I have below table which was gene... by zztc2004 Explorer in Splunk Search 10-12-2017 0 6	0	6
Using regex to extract a string where the following string may or may not exist Hi, I am trying to extract some fields which are generally bound by other strings (eg Some Text 1 Some Text 2). I h... by rhysjones Path Finder in Splunk Search 10-12-2017 0 13	0	13
Extract string and place in new field Trying to extract a string into a new field. A sample of log is as follows: productName = Special Day Argyle Socks f... by sogeniusio Path Finder in Splunk Search 10-12-2017 0 3	0	3
How to convert Week of Year number to a standard Date format? Hi, I have a set of data where the date is stored as Year/Week of Year. For example: this week would be 14/43 while... by mrfredman Path Finder in Splunk Search 10-12-2017 0 6	0	6
How much data is indexed over 12 months Hello, I'm looking for a report that shows the currenct size of my Splunk Indexer and how much of that data is over 1... by fmpa_isaac Path Finder in Splunk Search 10-12-2017 0 2	0	2
Sum and average of values present in two columns of an output Hi All, I would like to get the average for Failed_Attempts and Passed_Authentications of the below table, _time ... by yashwanth_g_pra Observer in Splunk Search 10-12-2017 0 2	0	2
unable to start the splunk on my mac os High Sierra system I install the splunk to my mac for several times, but I still cannot be able to start it. Here is screenshoot when I... by jasonq551 Engager in Splunk Search 10-12-2017 0 2	0	2
How do I chart rare values? Hello! I'm fairly new to Splunk, and I'm using my Minecraft server logs to chart some data. I am having a hard time ... by jonkeiser Engager in Splunk Search 10-12-2017 0 2	0	2
Which command works better to see lookup fields in fields sidebar? In order to view lookup fields in the fields sidebar which command would be used to get faster results. I know to use... by dannyzen Explorer in Splunk Search 10-12-2017 0 2	0	2
Search query that filters results by geolocation Simply put i index a logon log to one of our services. I would like to create a table that would show me results base... by ptur Path Finder in Splunk Search 10-12-2017 0 2	0	2
How to combine a search with a data model without the JOIN operator? Hi experts, I try to combine a normal search with a data model without the JOIN operator, because of the slow proces... by christopherwern New Member in Splunk Search 10-12-2017 0 1	0	1
stats sum command dosen't works Hi guys, I already used the "stats sum" command several time but I just noticed that for one particular index, the c... by adecroix New Member in Splunk Search 10-12-2017 0 14	0	14
Splitting stats count results into 2 sepereate Columns hi can someone please help me with this, ive been trying and searching but no luck. i want to split the "Delivered" f... by nic28 New Member in Splunk Search 10-12-2017 0 4	0	4
Merge similar field values Running the following query gives me a result with different field values. index="XXXX" host="POLO*" \| stats count b... by koushiknandan New Member in Splunk Search 10-12-2017 0 4	0	4
Reached the subsearch limits, so I'm trying to use stats and having trouble with my search Hello, new to splunk, I was able to create a the following query: index="ops" sourcetype="tradeaudit3Q17" \| table... by KJDII Explorer in Splunk Search 10-12-2017 0 3	0	3
Trying to sum values of fields with similar names All, I have dates where the field names are: 20A1,20A2,20A3,20B1,20B2,20B3,20C1,20C2,20C3 1,3,4,5,5,5,6,6,6 I am tr... by srobinsonxtl Path Finder in Splunk Search 10-12-2017 0 5	0	5