Splunk Search

Community Activity

How to search a list of words from csv file (lookup) in specific index events I have a lookup table which contains only one column with hundreds of entries, now I would like to search every word ... by onkarkore1 Explorer in Splunk Search 06-12-2017 1 6	1	6
Handling XML Events With Embedded Carriage Returns I'm getting events from a device and on rare occasions the event data contains an embedded carriage return. I've tri... by jwhughes58 Contributor in Splunk Search 06-12-2017 0 3	0	3
Multiple line charts representing a single field for multiple hosts I have the log files of several hosts and wish to represent a single field CPU usage for each of them as a separate l... by AshimaE Explorer in Splunk Search 06-12-2017 0 3	0	3
Regex help involving double quote I have a whole bunch of these and I need what comes after ?desktop= and before the " - for this particular log I ne... by kmaron Motivator in Splunk Search 06-12-2017 0 13	0	13
Merge 2 columns into one I have a query that returns a table like below Component Hits ResponseTime Req-count Co... by premraj_vs Path Finder in Splunk Search 06-12-2017 0 3	0	3
Ignoring multiple values from field Brain must not be working today. This should be a simple one. I am trying to ignore multiple values from a field... T... by JoshuaJohn Contributor in Splunk Search 06-12-2017 0 1	0	1
Add count to user journey flow in Splunk App for Web Analytics Dear Community, I have a problem. I'm trying to add the count per bar to my user journey flow in "Splunk App for Web... by JohannesGmelin Path Finder in Splunk Search 06-12-2017 0 7	0	7
grouping by host I have to calculate the change of a field(xyz) over the past 6 hours on a per host basis. I have calculated the same ... by AshimaE Explorer in Splunk Search 06-12-2017 0 5	0	5
Compute row differences Hello everyone! I have a very simple result table that looks like this: _time ... by guilhem Contributor in Splunk Search 06-12-2017 1 7	1	7
Splunk Table UI - How to render this UI When i use table command to count the number of events and average response time of Component 1, i get table as below... by premraj_vs Path Finder in Splunk Search 06-12-2017 0 2	0	2
Reset map drilldown I have created map in dashboard. Initially a Bar chart appears having data of all states. Drill down on map is applie... by rvisj New Member in Splunk Search 06-12-2017 0 8	0	8
Comparison between Future date and current date I have a date field 'Start Time' in csv. I have to filter if date in this field is current week date or future week d... by dsiob Communicator in Splunk Search 06-11-2017 2 5	2	5
Replace substitution placeholders in a field I have a field which contains substitution placeholders message=User %s performed action %s on %s message=Message %s... by nickhills Ultra Champion in Splunk Search 06-11-2017 0 12	0	12
how to correct/modify x-axis Dears, I have two columns , first one is called ticket and second columns is date as below Ticket date AS123 6/6... by wessam Explorer in Splunk Search 06-11-2017 0 3	0	3
merge rows to one row (a little more complex) Date Category Type Count 5 car sedan 300 5 ... by exocore123 Path Finder in Splunk Search 06-11-2017 0 15	0	15
Grouping by name Hi, In my search results i have numbers like this and i would like to group them by group1 and group2. Where group1 =... by xvxt006 Contributor in Splunk Search 06-11-2017 0 2	0	2
If CPU is > 95 for more than 5 minutes < -- how do you write the syntax? Hello all, I know it's possible to find values via greater than, less than or equal to in your search queries. Is it... by Jarohnimo Builder in Splunk Search 06-11-2017 0 3	0	3
Plain histogram of x-axis values over y-axis Hi, I want to create plain and simple histogram in Splunk, like everyone used to do in school days on graph paper. I ... by mahikrrish Explorer in Splunk Search 06-11-2017 0 8	0	8
Efficient use of transaction or eventstats command Hello, I am trying to find following 1) Events that starts with WSQ0001 and ends with AAA9999. 2) Find EVE_INCIDENT... by ash2l Path Finder in Splunk Search 06-11-2017 0 2	0	2
How to search for fields that cross correlate with a specified field? From my data below, I can see peaks in the CPU usage of a machine. I can add other fields to the graph, and visually... by zeophlite New Member in Splunk Search 06-10-2017 0 5	0	5
How to join fields from 2 different sourcetypes into 1 table? I need to join fields from 2 different sourcetypes into 1 table. Sourcetype A contains the field "cve_str_list" that ... by manderson7 Contributor in Splunk Search 06-09-2017 0 2	0	2
Is there an efficient way to convert booleans in my data from 0 and 1 to true and false? Hi, I'm switching from dbquery to dbxquery and I noticed that it brings in booleans as 0/1 instead of true/false. ... by dkrichards16 Path Finder in Splunk Search 06-09-2017 0 5	0	5
Use the result from first search into second search I have an first search that will find the software list search index=index1 \| table software in the second search, i... by younes17 Explorer in Splunk Search 06-09-2017 0 7	0	7
creating a report that shows indexedtime vs logged time for each hour in percentage. I want to create a chart separated by hours (24hours) that shows the number of data that took more than 2 mins to be ... by mrtolu6 Path Finder in Splunk Search 06-09-2017 0 3	0	3
How to join data in one source with another join that combines two searches? I am trying to join data in one source to another join that joins two searches. My goal is to capture VM information... by s2jagrif Explorer in Splunk Search 06-09-2017 1 7	1	7