Splunk Search

Community Activity

Appending/Adding count of results in the column header Hi All, I have a search - index=ABC sourcetype=XYZ \| stats values(user), dc(user) by region \| transpose header_field... by pushpender07 Explorer in Splunk Search 08-09-2017 0 11	0	11
Find out if count at a specific time is below the average UPDATE: I have created a search/alert that should notify me if: Index data is 0 for a particular hourIndex data cou... by mkarimi17 Path Finder in Splunk Search 08-09-2017 0 5	0	5
How to start span at midnight I have a search: \| tstats count AS ThreeHourCount WHERE earliest=-2d@d latest=now index=* by index, _time span=3h ... by mkarimi17 Path Finder in Splunk Search 08-09-2017 0 7	0	7
Compare two columns in two lookup files Hello. I have two lookup files: Firecall.csvPrivileged.csv Both files contain a column with the same name; Account... by timyong80 Explorer in Splunk Search 08-09-2017 0 2	0	2
Compare two values from extracted fields - if match increment counter Hi all, Having read a few similar threads I realised they do not quite ask what I need so decided to post a new thre... by splunk_95 Explorer in Splunk Search 08-09-2017 1 14	1	14
How to convert string date format to other date format? I have string like this 08Aug2017 10:12:55 CDT" I want date format like = 08-Aug-2017 10:12:55 CDT by prabu116 Engager in Splunk Search 08-09-2017 0 6	0	6
Not able to get all results to show stats when all field and value events are present with search. What am i missing? Using the tutorialdata.zip tutorial dataset but cant seem to get the results I want using index=main ("categoryId=*"... by bab4684 New Member in Splunk Search 08-09-2017 0 8	0	8
Showing the latest time per single unique value in multiple fields Hello, my question is linked to the below answer. https://answers.splunk.com/answers/222406/search-to-group-by-countr... by davidworsnop Explorer in Splunk Search 08-09-2017 0 4	0	4
Can you search a lookup table without specifying a particular field? Is something like this possible? Basically a freetext search of a lookup table to return the associated rows? \|inpu... by Cuyose Builder in Splunk Search 08-09-2017 0 6	0	6
Dashboard single value sentence including time Hi all, I'm currently working on a dashboard in Splunk that I am trying to take a count value and include it in a se... by bcarr12 Path Finder in Splunk Search 08-09-2017 0 5	0	5
What is strptime format for 2017-08-01T11:48:15.000+0000 I want to load a json into splunk. The time stamp of each event is in the format 2017-08-01T11:48:15.000+0000. I used... by balamurali_dece New Member in Splunk Search 08-09-2017 0 2	0	2
How do I use the reverse command to change the order of my table? Hello, I currently have a table that is ordered by time, ascending. It looks like this: Date \| Action 9pm \| Order ... by ckunath Communicator in Splunk Search 08-09-2017 0 2	0	2
Query including multiple CSV and Rex Hello everyone, it's been a long long time that I've not used splunk. I would need some help to do a query or two ple... by metalshad05 New Member in Splunk Search 08-09-2017 0 8	0	8
Filter by URL How do we filter by URL? I use the search criteria below, however, I'm trying to figure out how will I filter the res... by roseb New Member in Splunk Search 08-09-2017 0 3	0	3
Floating column chart using simple xml Hi Experts I am trying to build floating bars in a column chart. The y axis is fixed from 0-24. I want to start the b... by vaibhavagg2006 Communicator in Splunk Search 08-08-2017 0 3	0	3
Expanded stacked column chart Is it possible to create a column chart that is stacked, but where each part of the stack still occupies its own colu... by tmortiboy New Member in Splunk Search 08-08-2017 0 5	0	5
Splunk ES detecting changes to OS auth files Hi All We have a request to generate a notable event in Splunk ES for any changes made in the linux OS to /etc/passwd... by proylea Contributor in Splunk Search 08-08-2017 0 2	0	2
Tips on using sort and count: It is possible to generate a: "* \|stats values(y) count by x \| sort -x" but where each value of y is count separately and also sorted? I'm trying to generate a table where the output is something like this: ValueY ValueX Count ValueY1 Val... by agarza Explorer in Splunk Search 08-08-2017 0 4	0	4
How to get earliest and latest time for the last one hour and compare it with the same hour last week? How to get earliest and latest time for the last one hour to compare with the same hour last week for which I don't k... by kumina New Member in Splunk Search 08-08-2017 0 5	0	5
Map fields from two sourcetypes based on a certain time range Hello, A project I'm working on requires that I monitor who is logging into an application. As it is, the logs of t... by Svill321 Path Finder in Splunk Search 08-08-2017 0 5	0	5
Regex formating help Can anyone help me format a regular expression for Splunk? I can create the regular expression using regexr.com and ... by AHEARNJ Explorer in Splunk Search 08-08-2017 0 2	0	2
Streamstats count I want a cumulative count of a field that has multiple values. Somehow this isn't working: base search\| streamstats ... by pranaynanda Path Finder in Splunk Search 08-08-2017 0 9	0	9
Separate values in stacked bars How can I still have a separation between 'xls' and 'xlsx' in the bar that says 'Excel'? eval ExtTyp = case(extensio... by pranaynanda Path Finder in Splunk Search 08-08-2017 0 2	0	2
Real-time alert is skipped. Hello, I have the following message in the scheduler activity window on DMC, that states I have reached the limit of... by andrei1bc Communicator in Splunk Search 08-08-2017 0 1	0	1
How to show the percentage of unique values Hi, I have a simple search that uses top to get the top 10 countries: search ........ \| top Country It will gi... by ewanbrown Path Finder in Splunk Search 08-08-2017 0 2	0	2