Splunk Search

Community Activity

Trying to use subsearch to filter records Looking at event data to run some eval commands... specifically on records with any "Status" value. Then once I get t... by joesrepsol Path Finder in Splunk Search 05-22-2017 0 1	0	1
How to generate a search that counts specific strings that occur in _raw data? I have raw data events that contain the words "Request" or "Response" or "Offer". Each event will contain only one o... by riotto Path Finder in Splunk Search 05-22-2017 0 5	0	5
Do I need to use the join command to combine three searches (including one search with the transaction command)? Hi, I'm trying to combine my three searches so I can see which users are logging in from multiple locations at one ti... by aba83 Explorer in Splunk Search 05-22-2017 0 6	0	6
How can I use transaction as a boolean to create a visualization in a timechart? I'd like to create a visualization showing the connected state of a hand full of clients. We log connected state as ... by bdondlinger Explorer in Splunk Search 05-22-2017 0 1	0	1
Lookup table for matching and non matching counts I have a lookup table CSV file that has 50 usernames in a single column, and I want to sum the results count of the u... by WyldeRhoads Engager in Splunk Search 05-22-2017 0 2	0	2
Lookup table does not append value to event I have a lookup table as below User IsMember user1 Yes user2 Yes user3 No I save the table as memberlist.csv sa... by samlinsongguo Communicator in Splunk Search 05-22-2017 0 11	0	11
Hunk: Searching two different virtual indexes using OR: should work? In regular Splunk I can easily search for index=index1 OR index=index2 <search term> \| stats count by index Then ... by burwell SplunkTrust in Splunk Search 05-22-2017 1 2	1	2
When I use eval command to assign search to variable, why does it return "Error in 'eval' command: Fields cannot be assigned a boolean result"? I have a simple search of a CSV file pulling back the latest timestamp: source=/opt/apps/splunk/var/run/splunk/csv/C... by New2Splunk Explorer in Splunk Search 05-22-2017 1 5	1	5
Trouble displaying multiple stats I am doing a search on our firewall. I am looking to see who is making the most requests on different ports, and also... by stakor Path Finder in Splunk Search 05-22-2017 0 2	0	2
Similarity "score" of similar values of fields> Howdy Folks, I have data in a chart similar to this, with particular scored values per attribute (may attributes...... by oclumbertruck Explorer in Splunk Search 05-22-2017 0 4	0	4
How to edit my search to transpose data field (in column) to header field? Hello, I'm trying to get this table : Device ----- Interface ----- March ... by rflouquet Explorer in Splunk Search 05-22-2017 0 4	0	4
want to compare fields on different event and display only not matching fields Hi Team, I have two events 1) 2017-05-18 14:24:58,798 [http-abcd] INFO Backend.Pure.gen.id - 108; Return 200 ids... by mahson1 New Member in Splunk Search 05-22-2017 0 4	0	4
Compare one field against itself (Chart) I have a chart that gives me serial numbers, some of the spots for serial numbers are empty. I want to compare how ma... by JoshuaJohn Contributor in Splunk Search 05-22-2017 0 8	0	8
When multiplying 3 fields to get a new field, why does Splunk round the result when the fields are decimals? Hi. I have one issue with my search. I need to multiply three fields to get another new field. When I do the multipl... by nsanchezfernand Path Finder in Splunk Search 05-22-2017 0 2	0	2
How to edit my search so that no results should be replaced with a zero (0)? I have a scenario where one column needs to be indicated with Zero in the instance of no result. However, it's showin... by karthik4455 Explorer in Splunk Search 05-22-2017 0 4	0	4
How to search if data contain value from the other fields? Hi I'm very new in Splunk, I'd like to find the event where the short description contain the "Category" or "Subcate... by urapaveerapan Explorer in Splunk Search 05-22-2017 0 3	0	3
To add multiple criteria to determine drop in traffic index=circuit basequery1 earliest=-10m@m latest=@m\|fields count \| stats count AS currentMinuteCount \| appendcols [sea... by arunsubram Explorer in Splunk Search 05-21-2017 0 1	0	1
How to edit a transaction search with multiple "endswith" option? hi, i have a search to get duration of the job, let's say startswith=started endswith=success But in some case the j... by srinivasup Explorer in Splunk Search 05-21-2017 0 3	0	3
table lookup issues I have a lookup table named lookupfile.csv My file looks like this: col1,col2,col3,col4 100,300,500,yes 200,400,600,y... by loveforsplunk Explorer in Splunk Search 05-20-2017 0 6	0	6
Find average count per minute by a specific field over the whole time period Hi, I have a web service's http access log and I want to find out the average request per minute for each url_path ... by flls New Member in Splunk Search 05-20-2017 0 3	0	3
How to edit my search to select the newest event based on LastModTime field? So I'm taking in data from a source that has some duplicate records for the same ID. The only differentiator between ... by joesrepsol Path Finder in Splunk Search 05-19-2017 0 2	0	2
Use eval statement with and, if, then Example: I'm trying to count how many books we have in our database based on subject: children's, romance, travel, et... by mistydennis Communicator in Splunk Search 05-19-2017 0 3	0	3
How to remove a prefix on a field during search? Hello, I'm trying to normalize a field during search. I have the field "user" and some of the fields are "NAU\abc123"... by aba83 Explorer in Splunk Search 05-19-2017 0 6	0	6
Alert when a host exceeds a certain number of messages per minute I'm running a somewhat large splunk installation that monitors syslog for >40k hosts. Every once in a while, a host ... by rgisrael Explorer in Splunk Search 05-19-2017 4 8	4	8
How do I create a time chart that predicts based on the values inside the search field? I am trying to create a search that looks through some logs and creates a time chart based on the search field which ... by aflick2486 Explorer in Splunk Search 05-19-2017 0 6	0	6