Splunk Search

Community Activity

Multiple Join Nested Join similar to IF ELSE LOGIC I have sourcetype = sourcetype1 with field 1, field 2, field 3, field 4, part1, key1 sourcetype = sourcetype2 with f... by cabauah Path Finder in Splunk Search 09-06-2017 0 3	0	3
duration to seconds I'm attempting to turn the duration of a process in the PS data into just seconds so I can sort appropriately and fin... by tmarlette Motivator in Splunk Search 09-06-2017 0 7	0	7
Math Within addtotals I'm trying to do some math with the values calculated in the addtotals command and put them back into the same line b... by icrit Explorer in Splunk Search 09-06-2017 0 2	0	2
How can I set the y-axis on my bar chart to be in duration? I have the following search: ....\| stats sum(callduration) as "totalcallduration" by Companycalls Currently my sear... by tamduong16 Contributor in Splunk Search 09-06-2017 0 7	0	7
How to reset the link on a link list input Hi, this is my first post on here, am very new to using SPLUNK so please bear with me if how I am doing things is clu... by PBerry7538 New Member in Splunk Search 09-06-2017 0 3	0	3
"The Lookup does not exist or is not available error" for users with same permissions as me but I don't get the error My lookup is in the search app with global permissions with all roles the availability to read and write. My dashboar... by katzr Path Finder in Splunk Search 09-06-2017 0 2	0	2
Lookup Does Not Exist Error- Help I know there are a lot of answers on this topic- but I think I have completed all of the steps offered. One of my use... by katzr Path Finder in Splunk Search 09-06-2017 1 5	1	5
Extracting id field from one event and looking for this id in another event Hi All, I have the below two event logs: Event1: ns=app1, id=12,Error='400', Service='CallGetAccount' Event2: ns=ap... by kdulhan Explorer in Splunk Search 09-06-2017 0 7	0	7
How to show data in a range grouped by specified time period? i have below data. i want to represent in a range to group date for 5 days and i want date field to represent(16-08-1... by DataOrg Builder in Splunk Search 09-06-2017 0 5	0	5
Use lookup table values as a input for search query and display lookup table values with query manipulated fields Hi I have a lookup table with the field (indexname). I want to use each lookup table field (indexname) values as a i... by mala_splunk_91 Explorer in Splunk Search 09-06-2017 0 6	0	6
How to find previous releases using current release? Lookup file contains release number and its start date. The fields in lookup file are Release and Production (start d... by sangs8788 Communicator in Splunk Search 09-06-2017 0 7	0	7
Column to row conversion Hi friends I am facing an issue where I have to consolidate and convert the data from Column to rows. The sample dat... by gauravmishra15 Path Finder in Splunk Search 09-06-2017 1 2	1	2
How can we eliminate orphaned searches? We have orphaned searches we reassigned to our accounts but still see the messages every saying you have 11 orphaned ... by splunker969 Communicator in Splunk Search 09-05-2017 0 3	0	3
about removal duplication and lookup How to write such an SPL search statement two quetions: 1、on the Splunk Enterpirse ,how to remove duplicate data ... by xsstest Communicator in Splunk Search 09-05-2017 0 6	0	6
How to set column with default value if column key not exist? Hi guys I'm trying to create a statistic table for the data from jira. Each column has different severity for jira i... by hakusama1024 New Member in Splunk Search 09-05-2017 0 4	0	4
Link to a file in search results I have a zip file uploaded into Splunk. This zip file contains a files.csv file and some file attachments stored in f... by srinisub New Member in Splunk Search 09-05-2017 0 1	0	1
How do I use IF / THEN / AND in logic in a search? I'm trying to create some logic within my search, and it requires some IF THEN AND logic, which I know Splunk has the... by tmarlette Motivator in Splunk Search 09-05-2017 0 9	0	9
Need help with streamstats search -- need to display _time on x-axis. I have a requirement to display the count of data received over the last 7 days. I need to show the total with a dat... by lyndac Contributor in Splunk Search 09-05-2017 0 1	0	1
Common field in JSON array, two different hosts Hello, I have recently started using Splunk and I think I have made good progress getting to grips with the basics by... by TheFloorIsJava New Member in Splunk Search 09-05-2017 0 1	0	1
Does Splunk have an equivalent to SQL's IN () construct? I have an analyst who wants to find logs where the value of a field is in a list of values. In SQL we can do this by ... by andrewdotnich Explorer in Splunk Search 09-05-2017 7 5	7	5
I need to combine two results names into one So search command \| stats count by user \| want to rename or combine the two results into same name i.e. User ** ... by streetdoc123 New Member in Splunk Search 09-05-2017 0 7	0	7
Null value for each column data Is there a way I can use the foreach function to create a variables that will give me a 1 value for each null value ?... by jhayIV Engager in Splunk Search 09-05-2017 0 3	0	3
Create One Field Value from two indexes Hello, I have index=A with values from January-April with the field value called EmailA. I have another index with v... by katzr Path Finder in Splunk Search 09-05-2017 0 1	0	1
Show count 0 on tstats with index name for multiple indexes I have a search: \| tstats count WHERE earliest=-2d@-3h latest=now index=* by index, _time \| makecontinuous span=1h ... by mkarimi17 Path Finder in Splunk Search 09-05-2017 0 4	0	4
How do I create a stacked bar chart? by sathiyasun Explorer in Splunk Search 09-05-2017 0 3	0	3