Splunk Search

Community Activity

Getting average of variable name fields Hi! ... \| streamstats count as SESSION by PATIENT_ID PROGRAM_NAME \| chart values(AVG_RT) over SESSION by PROGRAM_NAM... by yurykiselev Path Finder in Splunk Search 07-04-2017 0 3	0	3
Storing a REGEX filed into a DataModel Hi All I am looking for the best approach to an issues i have. I have multiple files that start with the following.... by robertlynch2020 Influencer in Splunk Search 07-04-2017 0 1	0	1
How to add event duration time for multiple events into one row? Hello, I'm trying to find the correct syntax to get the total time a device was in an alert status. The events have... by lagle123 New Member in Splunk Search 07-03-2017 0 6	0	6
Working with Lookup I am having below requirements to be merged to create a dashboard/Report. Need to append my search result to the lis... by Kwip Contributor in Splunk Search 07-03-2017 0 5	0	5
i have a results which has order status across many system. i want to group by order status with system in bar graph status1 status2 status3 status4 status5 complete failed complete complete ... by DataOrg Builder in Splunk Search 07-03-2017 0 5	0	5
How to give every event all fields that occur in any event already processed in search So I've managed to make the first few events be those which have the 25 extra fields, but how do I make all following... by snreichel Engager in Splunk Search 07-03-2017 0 2	0	2
How can I search for a URL that a user or users may have clicked on from a SPAM or phishing email? Often times users click the link or open a attachment in a SPAM or phishing email. I would like to be able to enter ... by doogan12 Engager in Splunk Search 07-03-2017 0 5	0	5
How to join multiple tables / stats to a single table In our application, we are processing files received by our application. In various places, we have logs as follows: ... by parameshjava Explorer in Splunk Search 07-03-2017 1 5	1	5
I Want to split the results by hour and server Hi all, We have data coming from 2 diferent servers and would like to get the count of users on each server by hour.... by leandrot Explorer in Splunk Search 07-03-2017 0 10	0	10
'Error in 'search' command: Unable to parse the search: Comparator '>' is missing a term on the left hand side' Hi, I am getting the below error 'Error in 'search' command: Unable to parse the search: Comparator '>' is miss... by prathapkcsc Explorer in Splunk Search 07-03-2017 0 7	0	7
How to Use Regex and filter out the GET logs Hi , We want to filter the data using REGEX in props.conf and tansforms.conf but still the data is coming into Splun... by anandhalagarasa Path Finder in Splunk Search 07-03-2017 0 3	0	3
How do I search for Day/Time with least amount of events? I want to find out which day of the week and time range has the least amount of traffic during the past 30 days durin... by bamalone New Member in Splunk Search 07-03-2017 0 1	0	1
Set wildcard lookup match without access to transforms.conf Hey all, I'm wondering if there is a way to set wildcard matches without needing access to transforms.conf. Here is ... by bruceclarke Contributor in Splunk Search 07-03-2017 2 4	2	4
Disabling the effect of wildcard in a Query Hi All , I have this query : index=no host=los* sourcetype= plp ( path=/desktop /pl/* ) OR ( path=/mobile/pl/* ... by shabdadev Engager in Splunk Search 07-03-2017 0 7	0	7
how to set earliest and latest for custom time I have to set earliest to @d for the custom time stamp query.. \| dedup EMPLOYEE_ID \|fields EMPLOYEE_ID STORE_NUMBER ... by k_harini Communicator in Splunk Search 07-03-2017 0 2	0	2
How to always display last (summary) row in table? I have a list of results in a table that spans on different pages. first page Col 1 Col2 Summar... by dehtallyutedeh Explorer in Splunk Search 07-02-2017 1 2	1	2
Listing a field where another specified field has changed? Hello Splunk Answers! Excuse the rookie question. I have a splunk instance that is consuming data with events that l... by a2368026 New Member in Splunk Search 07-01-2017 0 1	0	1
Eval variable doesnt work when trying to search for results Hi I'm new to Splunk and was wondering why this command does not work, and if there is a way to fix it. I would like... by chaninphx Path Finder in Splunk Search 07-01-2017 0 5	0	5
how to append original search result with the table "number of scan:" \| convert timeformat="%Y-%m-%d" ctime(_time) AS date \| table source, date, Event there is no eve... by cyberportnoc Explorer in Splunk Search 07-01-2017 0 3	0	3
How to update a search after setting token value? Hi, I'm very new to Splunk. I'm trying to implement a reset button that will update the token value text_name to hav... by chaninphx Path Finder in Splunk Search 06-30-2017 0 2	0	2
Why is my Lookup table returning both matching and unmatched data corresponding to events? Hi , I am new to Splunk, but trying to get better. I want to hit the lookup against my events in such a way that ... by nishantmishra21 Engager in Splunk Search 06-30-2017 0 4	0	4
optimize corrolation coalesce searches I'm trying to understand if there is a way to improve search time. I am corrolating fields from 2 or 3 indexes where... by pmeyerson Path Finder in Splunk Search 06-30-2017 0 12	0	12
How does Splunk check for server ulimit values? We have multisite indexer cluster: two sites, 4 indexers per site (Splunk v. 6.5.3) Few months ago, following Splunk'... by mlevsh Builder in Splunk Search 06-30-2017 0 1	0	1
How to edit my search to match indexes ending with a set of values? Hi I have a search that needs to search in several indexes ending with several words, ex: index=stuff-xxx or index=... by ribeiror Engager in Splunk Search 06-30-2017 0 4	0	4
Hunk search stalls and never finishes Hello we are using Hunk and when we just run a query such as: index=foo sourcetype=bar we get the results easily But... by EricLloyd79 Builder in Splunk Search 06-30-2017 0 2	0	2