Splunk Search

Community Activity

How can I remove colons in a field value Hi there, I wanna remove colons in a field value like a MAC Address. I have a field MAC like mac="E8:11:32:31:33:B... by superhm Explorer in Splunk Search 10-04-2017 1 10	1	10
Can't get tag to work I have a dashboard with several prebuilt panels and several non-prebuilt panels. At the top of the form I have: <in... by madkins23 New Member in Splunk Search 10-04-2017 0 1	0	1
How to search the names of triggered alerts, their trigger time, and the events that triggered them? Hi guys, I have a problem with the triggered alerts and I really need your help! Now, I have some alerts working gr... by LuiesCui Communicator in Splunk Search 10-03-2017 1 9	1	9
Trigger alert for stats query when events are null Hello, scheduling an alert to notify me what my current license usage is and I can't get it to trigger since the eve... by santiagn Path Finder in Splunk Search 10-03-2017 0 10	0	10
how can i get details with both span 10m and 30 m with dedup _time. I have one Search Query . (index=indexname earliest=1499819400 latest=1499848200 \| where Tag="Tagname" \|bin _time sp... by harishalipaka Motivator in Splunk Search 10-03-2017 0 6	0	6
Empty result subsearch in eval/case I am trying to eval a new field based on matching several sub searches. The issue is that these sub searches can pote... by csocha New Member in Splunk Search 10-03-2017 0 3	0	3
Create a new row to the table which is the sum of existing rows How to have an additional row on the top which basically adds up the sum of below rows of the table The consuming_ap... by amargovindan New Member in Splunk Search 10-03-2017 0 2	0	2
Can I use strftime to compare relative times? Hello, I received help in building a search of mine, and I cannot figure out the syntax of comparing the time. I nee... by katzr Path Finder in Splunk Search 10-03-2017 0 2	0	2
Another regex Hi, I have this data 10.210.192.15 - - [02/Oct/2017:19:59:59 -0400] "GET /rest/icontrol/sites/278318/eventsByDay?st... by dbcase Motivator in Splunk Search 10-03-2017 0 3	0	3
How can I extract fields as an array? Dear friends, I have one event in my log file that my user want to extract fields as an array. The event is: Reques... by GersonGarcia Path Finder in Splunk Search 10-03-2017 0 1	0	1
Historic average of last 30 days I have a type of event that happens about 20 times a day. Each event carry a numeric value. Meaning is found in the s... by JeusTheHun New Member in Splunk Search 10-03-2017 0 8	0	8
Need help on predict command usage in graph I have a trend graph that shows some data then its predicting out that data a couple days forward. However, The predi... by kdimaria Communicator in Splunk Search 10-03-2017 0 4	0	4
Comparing results from three separate events Forgive my ignorance if this has been answered elsewhere, I did my best to search for an answer but have not found it... by venomousmoose Engager in Splunk Search 10-03-2017 0 3	0	3
How do I get the outer values in a transaction that has repeated startswith endswith parameters? Hi there, I've been trying to solve an issue I have when using transactions. Here's an example of the logs I am work... by nmulm Explorer in Splunk Search 10-03-2017 0 2	0	2
comparing min, max and avg of a field by host and application Hi All, I have been working on a search query but couldn't able to get desired results. I'm looking for a search ... by guru865 Path Finder in Splunk Search 10-03-2017 0 11	0	11
Can we use same property names (say "[setnull]","[setparsing]") defining the event data filtering criteria , in two different apps (having different filtering criteria) residing on same server ? I have two clustered environments consisting of 3 SH,3 Indexers and 1 HWF each running on Splunk 6.4.1.I need to filt... by jincy_18 Path Finder in Splunk Search 10-03-2017 0 2	0	2
How to collect performance statistics about search-time field extractions? I'm trying to collect performance information about search-time field extractions happening on different search-peers... by lfrit New Member in Splunk Search 10-03-2017 0 6	0	6
Splunk CLI remote search parse _raw into fields I am using a locally installed Splunk instance to perform a remote search using the CLI. splunk search "index=sandbo... by harishbajaj Engager in Splunk Search 10-02-2017 0 2	0	2
How to get a calculated column in a table Hi Splunk Experts, I need to create a report to display the table record count difference between two databases dur... by romoc Explorer in Splunk Search 10-02-2017 0 10	0	10
how to transpose 2 column ......\|\|addcoltotals \| table * \| reverse \| head 1 1_Ausgust_R, 2_Ausgust_R ,1_Ausgust_L,2_Ausgust_L 26 ... by kennethyeung New Member in Splunk Search 10-02-2017 0 3	0	3
How to combine multiple separate fields into one for graphing purposes 2017-09-12 12:31:11.817 INFO [RunMaster] stats: jif: 1, fif: 9, fim: 192, f2c: 183 paper: pc: 9129, uwr: ... by hapalmiter New Member in Splunk Search 10-02-2017 0 5	0	5
Drilldown: Use starttime of bar in timechart as `earliest` field in subsequent search After spending hours unsuccessfully searching the splunk answers for a solution I would like to phrase my question: ... by viggor Path Finder in Splunk Search 10-02-2017 0 3	0	3
JOIN should return multiple rows. How make final results show that data? My driver file has one row per key. The subsearch file can contain multiple rows for each key. I need my result set r... by pgifford New Member in Splunk Search 10-02-2017 0 5	0	5
How to compute the value of 2 different complex queries Ok, so I want to see the ratio between "interview.completed" and "interview.started", but filtering each event by uni... by renataque New Member in Splunk Search 10-02-2017 0 3	0	3
Can I filter a table based on cluster number or subsearch dynamically? I have a table of data that is clustered via KMeans, I am trying to filter down to only display the other items in a ... by oclumbertruck Explorer in Splunk Search 10-02-2017 0 3	0	3