Splunk Search

Community Activity

How do I use IF / THEN / AND in logic in a search? I'm trying to create some logic within my search, and it requires some IF THEN AND logic, which I know Splunk has the... by tmarlette Motivator in Splunk Search 09-05-2017 0 9	0	9
Need help with streamstats search -- need to display _time on x-axis. I have a requirement to display the count of data received over the last 7 days. I need to show the total with a dat... by lyndac Contributor in Splunk Search 09-05-2017 0 1	0	1
Common field in JSON array, two different hosts Hello, I have recently started using Splunk and I think I have made good progress getting to grips with the basics by... by TheFloorIsJava New Member in Splunk Search 09-05-2017 0 1	0	1
Does Splunk have an equivalent to SQL's IN () construct? I have an analyst who wants to find logs where the value of a field is in a list of values. In SQL we can do this by ... by andrewdotnich Explorer in Splunk Search 09-05-2017 7 5	7	5
I need to combine two results names into one So search command \| stats count by user \| want to rename or combine the two results into same name i.e. User ** ... by streetdoc123 New Member in Splunk Search 09-05-2017 0 7	0	7
Null value for each column data Is there a way I can use the foreach function to create a variables that will give me a 1 value for each null value ?... by jhayIV Engager in Splunk Search 09-05-2017 0 3	0	3
Create One Field Value from two indexes Hello, I have index=A with values from January-April with the field value called EmailA. I have another index with v... by katzr Path Finder in Splunk Search 09-05-2017 0 1	0	1
Show count 0 on tstats with index name for multiple indexes I have a search: \| tstats count WHERE earliest=-2d@-3h latest=now index=* by index, _time \| makecontinuous span=1h ... by mkarimi17 Path Finder in Splunk Search 09-05-2017 0 4	0	4
How do I create a stacked bar chart? by sathiyasun Explorer in Splunk Search 09-05-2017 0 3	0	3
Adding static vertical lines to a scatter plot Hello, right now I have a scatter plot of duration vs. size and i want to make 2 vertical lines at different values o... by rvs935 Engager in Splunk Search 09-05-2017 0 8	0	8
Regex help CCDSRiERRSTAFGRT\|\|FUNC\|\|u505\|\|PA1RA2M\|\|STCK\|Workflow: threat call workplace\|\|ATdT\|\|\|AC1CSED CCDSRiERRSTAFGRT\|\|FUNC\|\|u... by DataOrg Builder in Splunk Search 09-05-2017 0 12	0	12
Coloring a stats table value based on condition Hi ALL, I have this url URL ResponseTime /wcs/resources/store/10151/stor... by shabdadev Engager in Splunk Search 09-05-2017 0 2	0	2
Search help -- Display count if field is present in the output Hi Splunkers , Need help in creating the case statement. We are feeding the palo alto logs to the threat intelligen... by renjujacob88 Path Finder in Splunk Search 09-05-2017 0 1	0	1
What are my options to indicate that Splunk has modified an event in a particular way (for auditing purposes)? We all know about this stuff: https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/Anonymizedata Let's say ... by woodcock Esteemed Legend in Splunk Search 09-04-2017 1 1	1	1
How to show more than 50 events on a page in 6.x? Hi, In the image above, the selections are 10, 20 and 50 events per page. In 5.x, the flashtimeline.xml is editab... by davidpaper Contributor in Splunk Search 09-04-2017 6 16	6	16
Combine two searches using a lookup table index=“client_index” AND Event_Type 6152 \|eval new=substr(audit_filename, 16,14) \|eval ip=mvindex(split(new,”_”),0) \|... by troconn New Member in Splunk Search 09-04-2017 0 7	0	7
How do I write a search with a subsearch? Hey everyone, Trying to write a search to find Firewall allows by Previous Drops I am very new to Splunk (love it s... by jb1982 Path Finder in Splunk Search 09-04-2017 0 5	0	5
Stats cannot generate alerts? I am trying to generate alerts. I have a search query as index=abc-index host="XYZ123*" collection="AppServer:OrderT... by dban2005 New Member in Splunk Search 09-04-2017 0 4	0	4
Extracting multiple fields from events I want to extract 2 separate fields from the below events : the event is : 2017-09-01T23:50:49.325-04:00 INFO m_gch... by bharpur183 Explorer in Splunk Search 09-04-2017 0 8	0	8
Replace First Two Digits Hi, I wonder whether someone may be able to help me please. I have a telephone number field "telnofac" with the fir... by IRHM73 Motivator in Splunk Search 09-03-2017 0 9	0	9
timechart command changing my column data HI Team, I am facing some weird thing. Upto table command, am getting whatever i want. After doing timechart values... by prathapkcsc Explorer in Splunk Search 09-03-2017 0 13	0	13
Are there any good tutorials for splunk search queries? Hi, I would like to know the link, or any document where from I can learn how to write search queries for different r... by subhadipc Explorer in Splunk Search 09-03-2017 1 8	1	8
Applying Field Extractions to Several Sourcetypes Hi, Per a policy I've inherited, we're separating our business groups' web server logs into separate sourcetypes. It ... by niall_munnelly Path Finder in Splunk Search 09-03-2017 1 8	1	8
How to add total percentage to rows and columns I have the following query : ... \| search service_name=$service$ \| dedup name, jenkins_data.JOB_NAME, jenkins_data.U... by vshakur Path Finder in Splunk Search 09-03-2017 0 13	0	13
Can appendcols be used for grouping? I have the following query index="XXXXXXXXXX" Device="FPB" OR Device="VAV" Point_Name="ActFlow" \|bin span=15m _... by tccooper Explorer in Splunk Search 09-02-2017 0 2	0	2