Splunk Search

Community Activity

	Transaction based Alert Trigger with multiple conditions I like to create a trigger which fires based multiple conditions Example Scenario: A per person is entering a room a... by mfritsch New Member in Splunk Search 10-07-2017 0 1	0	1
	Creating Pivot Chart from Lookup/.CSV file I am trying to create a pivot chart from static data stored in a .CSV file. The data is not time-dependent and I am ... by jfellows New Member in Splunk Search 10-06-2017 0 2	0	2
	Splunk alert for missing logs Hi, Below is a snippet of log pattern generating tons of record. Intending to write a alert if any log are missing f... by chetan1974 Engager in Splunk Search 10-06-2017 0 3	0	3
	how to compare values from two different searches and return the results if the values are equal I have 2 searches Search1: index=i_temp source=source1 Results: xCoord=1155276.2781774567 yCoord=1885220.7999824171... by manojnelakurthi New Member in Splunk Search 10-06-2017 0 3	0	3
	How to join data from two indexes I want to get data from joining two indexes out of which one is summary index. Summary Index has more than 500000 rec... by poojak2579 Path Finder in Splunk Search 10-06-2017 0 21	0	21
	Flatten Search Results I am currently trying to use the Splunk REST API to extract a heap of data. I have written a search query: (index=* ... by shinglau New Member in Splunk Search 10-06-2017 0 18	0	18
	How do I lookup/return a field from one sourcetype to another sourcetype? Hi All, Newbie here, would appreciate if anyone can help to answer this little question Feeds from Vulnerability Sc... by anil_ec21 Explorer in Splunk Search 10-06-2017 0 6	0	6
	Trend values on x-axis and y-axis by serv index=... sourcetype=... \| rex "(?) and (?\w+) and (?)" \| table totaltime,duration \| timechart or chart would like... by nagaraju_chitta Path Finder in Splunk Search 10-06-2017 0 12	0	12
	How to limit X of Java exception from single event index=myIndex sourcetype=myIndexSource java.lang.Exception In my log i can see 3 or more java.lang.Exception at per... by jw44250 New Member in Splunk Search 10-06-2017 0 1	0	1
	Can I write a search that contains the source of an event to identify the client that originated a proxy request? (With a common field) Hello, I have a report that shows me network events - most of the events will have "source ip" coming from a proxy ... by ptur Path Finder in Splunk Search 10-06-2017 0 1	0	1
	Could you please anyone help me to write the time_format for bellow logs. Hi Folks, could you please anyone help me to write the TIME_FORMAT , TIME_PREFIX and MAX_TIMESTAMP_LOOKAHEAD for bel... by lksridhar Explorer in Splunk Search 10-06-2017 0 3	0	3
	Table command versus stats command for this search (for efficiency)? My Query is as follows index=x source=y COMPLETED \| stats values(process_key) as "Process Key", values(process_st... by delgendy Explorer in Splunk Search 10-06-2017 0 1	0	1
	JSON Field Extraction names with curly brackets Hello I'm currently searching over a collection of events that contains some JSON structure, when applying SPATH over... by dmonsag Explorer in Splunk Search 10-06-2017 0 4	0	4
	Compare two fields tables I have one saved search which returns list of successful job runs e.g jobname A B C D I also have a lookup table w... by gauravmishra15 Path Finder in Splunk Search 10-06-2017 0 2	0	2
	Combine a search and subsearch to create a table with all values Hi guys, Quick question here: I have the following queries: Q1: Sub-Search for userID Q2: Main search, which provid... by robettinger Explorer in Splunk Search 10-06-2017 0 5	0	5
	After using a JOIN i now have multiple lines, however this has affected my maths as before i have sumed up maths, now i have maths per line Hi I use a JOIN and now i have multiple lines and not unique ones. It returned one line per unique Context+Command. ... by robertlynch2020 Influencer in Splunk Search 10-06-2017 0 5	0	5
	Calculating a sum with conditions Hi all! The case is that I want to calculate sum of purchase price of the applications where the application status ... by Jurala Explorer in Splunk Search 10-06-2017 0 2	0	2
	how to sum consecutive success of sequential order of events fileds comes? My fields contains " search \| eval status=if(value>10,Success,failure) \| table Name message status Name Message Sta... by karthikeyan_k14 New Member in Splunk Search 10-05-2017 0 3	0	3
	Dynamic Search based on previous search output and if condition Hello Splunk Community, Business requirements pushing my knowledge on Splunk so far... just wondering if Splunk quer... by cabauah Path Finder in Splunk Search 10-05-2017 0 1	0	1
	Help with search to create a table Hello folks, I am new to Splunk and need to get a report in CSV file or table. I like to see only URL and values of ... by BaharJ New Member in Splunk Search 10-05-2017 0 2	0	2
	Is it possible to use id and base in the same search in Simple XML? Hello, Is there an available post-processing method to use a base search and produce a secondary search id? I'm putt... by jocobknight Explorer in Splunk Search 10-05-2017 0 5	0	5
	What is the best way to format _time when values become unreadable after transpose? So I have to queries... First one gives me a normal time/date format which is human-readable i.e. (2017-10-05 15:20:... by packet_hunter Contributor in Splunk Search 10-05-2017 0 1	0	1
	Kind of inner join Hello, Hopefully, you will understand what I mean...It was not clear how I could formulate a search to find some doc... by adamski007 Explorer in Splunk Search 10-05-2017 0 11	0	11
	Convert a string with percentage sign to a number so it can be evaluated? Hello, I have this query to alert me when percentage_q_full reaches greater than certain number eval alert=case((PE... by charanramireddy New Member in Splunk Search 10-05-2017 0 2	0	2
	Grouping by two fields, want to get distinct count of values in second field Hi, I wrote the following Splunk query which returns a list of distinct USER_AGENTs for each SESSION_ID: index=abc ... by jbrenner Path Finder in Splunk Search 10-05-2017 0 2	0	2