Splunk Search

Community Activity

How can I sort a field alphabetically and then by total? I have the following search in which I'm trying to sort first alphabetically and then by total, but the Processes fie... by jwalzerpitt Influencer in Splunk Search 08-14-2017 0 7	0	7
Create a variable that combines two string values I have a simple question: I have two variables foo and bar, each containing a set of strings, and I would like to c... by viggor Path Finder in Splunk Search 08-14-2017 0 3	0	3
Compare search results with a lookup table and identify unobserved matches I have a query that shows observed category of domains (search engines, social media, streaming, etc.). I'd like to ... by DEAD_BEEF Builder in Splunk Search 08-14-2017 0 4	0	4
How do I parse a key value field in Splunk and search based on values of that field? I have a log as follows 14AUG2017_12:54:44.903 3418:13 INFO filename.cpp:200 ID:abc123 contextInfo: [ peer_service... by gb0143 New Member in Splunk Search 08-14-2017 0 1	0	1
Why does the table command in Splunk cause performance degradation? When I use this command ( table ) it runs at a slow speed .... please help me. Thank you for your answer. by splunk_anoosheh New Member in Splunk Search 08-14-2017 0 2	0	2
How to put working hours from each user by day in a time chart My search so far: index=notimportant EventID=4624 [ inputlookup users.csv \| fields TargetUserName ] \| chart eval(la... by rens78 New Member in Splunk Search 08-14-2017 0 2	0	2
Displaying either value or fixed string based on if statement Hello everyone, So what I'm trying to do with this is print out a value into a Single Value Panel (42). Depending on... by ejeny Explorer in Splunk Search 08-14-2017 0 9	0	9
Can I use modulus in Splunk to extract the decimal portion (only) of a result? how to extract only decimal values in splunk ? ..example (7 divided by 2 ) = 3.5 , I need to get only 0.5 here ...wi... by nittalasub Explorer in Splunk Search 08-13-2017 0 9	0	9
How to use lookup file to set earliest and latest time I have a lookup file with dates. how do i use it to set earliest and latest inorder to search for events, For exampl... by sangs8788 Communicator in Splunk Search 08-13-2017 0 3	0	3
Regex to insert ":" after every second character Hello I have a string of all uppercase letters (no digits) I need a regex to insert a ":" after every second charact... by coenvandijk Observer in Splunk Search 08-13-2017 0 8	0	8
How can I make visualizations with time format hh:mm:ss? Hi, I have the below statement with the correct statistics output. However my visualization is empty. But when I use... by auaave Communicator in Splunk Search 08-13-2017 0 2	0	2
From a list of column values can we print one final, single message? Hi All, I want to compare result column Names which is displaying 3 kind of messages. Normal, Elevated, C... by prashanthberam Explorer in Splunk Search 08-12-2017 0 6	0	6
Can I have the difference of two values as the output using appendcols? How? index=main (sourcetype=bb OR sourcetype=cc) type=DELETE \| transaction info.agentId startswith=COMPLETED endswith=DE... by jsuryaprakash Path Finder in Splunk Search 08-12-2017 0 1	0	1
Can I deploy a new app that only changes one of my two universal forwarders if they have the same inputs.conf? Hi, For example, we have 2 universal forwarders UF1 = web01abc23 UF2 = web01cde21 Both are having same inputs.con... by kteng2024 Path Finder in Splunk Search 08-11-2017 0 1	0	1
How do I migrate my configuration (dahsboard, alerts, fields, etc) to a new Splunk instance? I migrated the database "splunk/var/lib/splunk" but when I copy my configuration files, the fields and alerts disapp... by medveleyenet New Member in Splunk Search 08-11-2017 0 1	0	1
How can I write a search that returns _time in 1-second intervals even when _time stamp doesn't match a value? Hello Guys, I have a column _time Ex Values (Suppose the search has 4 events here): 2017-08-11 12:06:51 2017-08-11... by patilsh Explorer in Splunk Search 08-11-2017 0 2	0	2
Can you help me write an eval case function search? I am looking for help with a case statement that looks for a field full load with a value of "running CDC only in fre... by rgarbac1 New Member in Splunk Search 08-11-2017 0 1	0	1
How to extract the fields using regex and props.conf at indexing time? Hello, How to use Regex in props.conf to extract the fields in the below sample event with source type "syslog". 08... by kiran331 Builder in Splunk Search 08-11-2017 0 3	0	3
What time modifiers do I use for earliest and latest for day before yesterday, 2 days before yesterday, 3 days before yesterday, and so on? For yesterday's results we give the earliest and latest as below earliest=-1d@d latest=@d Simillarly, what could b... by pavanae Builder in Splunk Search 08-11-2017 0 3	0	3
How to get the Maximum and Minimum time difference between the events I have events which are in this format, where the time in the event is the _time. 8/11/2017 1:26:17 PM\|Thread Id: 4... by ibob0304 Communicator in Splunk Search 08-11-2017 0 3	0	3
How to split stats results into single line item for each event Greetings, I'm trying to find when a user logs (or tries to log) into six different workstations over the course of ... by SplunkLunk Path Finder in Splunk Search 08-11-2017 0 2	0	2
Is there a way to create a hyperlink in a stats table to an external site? I am currently working on a Splunk query to look at Windows Defender data that has been allowed in the environment. ... by Sarmbrister Path Finder in Splunk Search 08-11-2017 0 4	0	4
How can I put multi-value fields as columns and put checks were they are present ? Hello everyone, I'm just beginning to use Splunk and iIwant to do this : I already tried this : index="****... by Charlotte94 New Member in Splunk Search 08-11-2017 0 3	0	3
Extracting rex field with a newly extracted rex field Below is the current search I have put together to extract a couple fields. The extraction of the ClientID from the s... by griffinpair Path Finder in Splunk Search 08-11-2017 0 5	0	5
How can I change the formatting of a Splunk table? Hi, I have a search - index=ABC sourcetype=XYZ \| stats values(user), dc(user) as usercount by region \| e... by pushpender07 Explorer in Splunk Search 08-11-2017 1 9	1	9