Splunk Search

Community Activity

I'm having trouble with the "over" syntax. How to use it in this situation? index="Plt15_tms3" ShiftName="1" EmployeeLoggedInLastName="" MachineNumber<26 MachineState="" \| stats sum(ElapsedM... by Hppjet Path Finder in Splunk Search 09-25-2017 0 6	0	6
My case statement is putting events in the "other" category -- why? Hi guys, So i have a user_agent and a url field for an elb log file. I am checking the user agent field for the value... by Subrahmanyab New Member in Splunk Search 09-25-2017 0 7	0	7
How to show the very first tickmark in a line chart? Hi Splunkies, I'm plotting some sensor values together with the sensor's limit on a line chart in order to visualize... by bojanisch Path Finder in Splunk Search 09-25-2017 0 9	0	9
Best way to exclude specific combinations from results I have a report that i get and it contains specific sets of data results i want to exclude: ex: Group Name, Who Cha... by gdavid Path Finder in Splunk Search 09-25-2017 1 4	1	4
Splunk search help -- output data should match 2 or more of the keywords Hi, Fellow Splunkers, Noob question. I would like to seek for help in my search, this is the case: The client gave c... by dantimola Communicator in Splunk Search 09-25-2017 0 5	0	5
How to expand columns with mvfields if count of values are different for each column I ll show example it's much easier than explain: index=* <base_search> \|eval Flight=mvzip(date,route,"/") \|eval Pass... by Baguvik Explorer in Splunk Search 09-25-2017 0 10	0	10
How do I make my search command to summarize network throughput data? Aplogies, I'm not a Splunk administrator, I'm a capacity tool person that needs to extract some metrics from Splunk. ... by Mr_Perkins Explorer in Splunk Search 09-25-2017 0 5	0	5
Subsecond minspan in auto-span timechart? (How) can I create an auto-span timechart that has a subsecond minimum span, such as 0.001s? Background to this ques... by Graham_Hanningt Builder in Splunk Search 09-25-2017 3 11	3	11
Replacement for Join The below example provides the output I need, but I will exceed the JOIN command limitations (50k). Can someone advi... by ryanprayacn Explorer in Splunk Search 09-25-2017 0 2	0	2
how to show a table in if My question is : i have output in this format : a _time b _time a _time b _time i want all these outputs... by Mohsin123 Path Finder in Splunk Search 09-25-2017 0 4	0	4
How can I count the difference from two days? Hi Splunk colleagues, I need the following output: Day 1 difference to Day2 = + or - in counts to see the trend of e... by jfriedrich New Member in Splunk Search 09-24-2017 0 3	0	3
Transformation fields using Splunk UI Team, I need help in defining 3 new fields using Splunk User interface. Decision=Agree , Field Name should be "Decis... by veera9 New Member in Splunk Search 09-24-2017 0 6	0	6
Left Join Not Returning All Fields So as an example: Primary Table Customer 1, 2, 3 Secondary Table Customer 1,2,3,2 Spend 100, 200, 300, 400 Search... by ryanprayacn Explorer in Splunk Search 09-24-2017 0 5	0	5
Is anyone ingesting Ganglia data into Splunk? I'm looking for anyone who is ingesting Ganglia data into Splunk. I have a customer interested in doing this but were... by tjohnston2 Splunk Employee in Splunk Search 09-24-2017 1 1	1	1
Why does search not find data when using wild card in middle of search term? I have JSON data, which is indexed and can be searched. This is an example of the data Product: { [-] ... by bowesmana SplunkTrust in Splunk Search 09-24-2017 0 12	0	12
How to include additional field from inputlookup in results? Hi, I have a lookup table errors.csv ,which contains Error and Source columns.I have a query the returns log entrie... by luc_k Engager in Splunk Search 09-24-2017 0 7	0	7
Using rex to find matching values. I have the following ACTION :[7] 'CONNECT' DATABASE[1] 'SYSTEM' That's in the _raw data. How do I extract CONNECT ... by veera9 New Member in Splunk Search 09-24-2017 0 4	0	4
Add count of subsearch results I need to return all rows from my top search but add a count of rows from a map or subquery/subsearch. In my syste... by LittleColin Engager in Splunk Search 09-23-2017 0 2	0	2
Show all values 0 to 100 with precision up to 2 decimal points I am working on a single value dashboard panel where I am showing output in percentage with precision up to 2 decimal... by barunbiswas New Member in Splunk Search 09-23-2017 0 8	0	8
How to edit my search to divide the sum by a specific number? ShiftName="1" EmployeeLoggedInLastName="" MachineNumber=""\| stats sum(ElapsedMachineSecondsInOrderPath) by Employee... by Hppjet Path Finder in Splunk Search 09-22-2017 1 3	1	3
Timechart with success and failure and failure/success percentage, grouped by Server I've two patterns, say like this - "successPattern" and "failurePattern". I want to make a timechart comparing succes... by pjtbasu Explorer in Splunk Search 09-22-2017 0 3	0	3
Reqular Expression 101 Hi All, I am a new to Regular Expression topic, Could you please share me a link which help me to understand Regula... by rakeshksingh New Member in Splunk Search 09-22-2017 0 4	0	4
Search that shows first and last event time + total count of events per user I have a list of top 10 users that failed to login to a site and I want to take the events related to those top ten u... by snix Communicator in Splunk Search 09-22-2017 0 2	0	2
Can Monitor Path include spaces? I am trying to get this to work [monitor://\Corp\hdq\nba\nba releases\Utilities\SuitReviewWorkbench\suiteviewworkbenc... by HMTODD Explorer in Splunk Search 09-22-2017 0 2	0	2
Help with an eval statement? I am trying to build a base search for the field message.device.category , it has 3 values: desktop , mobile and tabl... by svemurilv Path Finder in Splunk Search 09-22-2017 0 2	0	2