Splunk Search

Community Activity

How to calculate changes over multiple column I have the following output from my base search: It shows accumulative value for each sampling time for each inter... by jgcsco Path Finder in Splunk Search 05-23-2017 0 1	0	1
I am trying to show VPN connection times with the time of day I am trying to show how long someone has been connected to the VPN for the last X days. There is an action field with... by justinearly New Member in Splunk Search 05-23-2017 0 8	0	8
Why search slows down drastically after error "Events may not be returned in sub-second order due to search memory limits"? Hi folks, It seems that some searches take an inordinately long time. My search is pretty simple: index=McAfee cef_... by jravida Communicator in Splunk Search 05-23-2017 2 4	2	4
Changing an app's name on Search Head Cluster When changing an app's name via the Splunk web interface ('Manage Apps' > 'Edit Properties'), the app's name is only ... by niek33 Engager in Splunk Search 05-23-2017 0 2	0	2
Chart using span logs does not show the columns in range order Hello, I am trying to chart some response time and wanted to use the log span as: index=myIndex "time_value" \| chart... by srenou New Member in Splunk Search 05-23-2017 0 8	0	8
How to display specific fields in statistics? References to tutorial http://docs.splunk.com/Documentation/Splunk/6.5.3/SearchTutorial/Searchwithfieldlookups, sour... by wuming79 Path Finder in Splunk Search 05-23-2017 0 3	0	3
How to split multiple values in a column and make into row I have the following search result which has multiple values in a cell: I would like to format the result into the... by jgcsco Path Finder in Splunk Search 05-22-2017 1 4	1	4
Trying to use subsearch to filter records Looking at event data to run some eval commands... specifically on records with any "Status" value. Then once I get t... by joesrepsol Path Finder in Splunk Search 05-22-2017 0 1	0	1
How to generate a search that counts specific strings that occur in _raw data? I have raw data events that contain the words "Request" or "Response" or "Offer". Each event will contain only one o... by riotto Path Finder in Splunk Search 05-22-2017 0 5	0	5
Do I need to use the join command to combine three searches (including one search with the transaction command)? Hi, I'm trying to combine my three searches so I can see which users are logging in from multiple locations at one ti... by aba83 Explorer in Splunk Search 05-22-2017 0 6	0	6
How can I use transaction as a boolean to create a visualization in a timechart? I'd like to create a visualization showing the connected state of a hand full of clients. We log connected state as ... by bdondlinger Explorer in Splunk Search 05-22-2017 0 1	0	1
Lookup table for matching and non matching counts I have a lookup table CSV file that has 50 usernames in a single column, and I want to sum the results count of the u... by WyldeRhoads Engager in Splunk Search 05-22-2017 0 2	0	2
Lookup table does not append value to event I have a lookup table as below User IsMember user1 Yes user2 Yes user3 No I save the table as memberlist.csv sa... by samlinsongguo Communicator in Splunk Search 05-22-2017 0 11	0	11
Hunk: Searching two different virtual indexes using OR: should work? In regular Splunk I can easily search for index=index1 OR index=index2 <search term> \| stats count by index Then ... by burwell SplunkTrust in Splunk Search 05-22-2017 1 2	1	2
When I use eval command to assign search to variable, why does it return "Error in 'eval' command: Fields cannot be assigned a boolean result"? I have a simple search of a CSV file pulling back the latest timestamp: source=/opt/apps/splunk/var/run/splunk/csv/C... by New2Splunk Explorer in Splunk Search 05-22-2017 1 5	1	5
Trouble displaying multiple stats I am doing a search on our firewall. I am looking to see who is making the most requests on different ports, and also... by stakor Path Finder in Splunk Search 05-22-2017 0 2	0	2
Similarity "score" of similar values of fields> Howdy Folks, I have data in a chart similar to this, with particular scored values per attribute (may attributes...... by oclumbertruck Explorer in Splunk Search 05-22-2017 0 4	0	4
How to edit my search to transpose data field (in column) to header field? Hello, I'm trying to get this table : Device ----- Interface ----- March ... by rflouquet Explorer in Splunk Search 05-22-2017 0 4	0	4
want to compare fields on different event and display only not matching fields Hi Team, I have two events 1) 2017-05-18 14:24:58,798 [http-abcd] INFO Backend.Pure.gen.id - 108; Return 200 ids... by mahson1 New Member in Splunk Search 05-22-2017 0 4	0	4
Compare one field against itself (Chart) I have a chart that gives me serial numbers, some of the spots for serial numbers are empty. I want to compare how ma... by JoshuaJohn Contributor in Splunk Search 05-22-2017 0 8	0	8
When multiplying 3 fields to get a new field, why does Splunk round the result when the fields are decimals? Hi. I have one issue with my search. I need to multiply three fields to get another new field. When I do the multipl... by nsanchezfernand Path Finder in Splunk Search 05-22-2017 0 2	0	2
How to edit my search so that no results should be replaced with a zero (0)? I have a scenario where one column needs to be indicated with Zero in the instance of no result. However, it's showin... by karthik4455 Explorer in Splunk Search 05-22-2017 0 4	0	4
How to search if data contain value from the other fields? Hi I'm very new in Splunk, I'd like to find the event where the short description contain the "Category" or "Subcate... by urapaveerapan Explorer in Splunk Search 05-22-2017 0 3	0	3
To add multiple criteria to determine drop in traffic index=circuit basequery1 earliest=-10m@m latest=@m\|fields count \| stats count AS currentMinuteCount \| appendcols [sea... by arunsubram Explorer in Splunk Search 05-21-2017 0 1	0	1
How to edit a transaction search with multiple "endswith" option? hi, i have a search to get duration of the job, let's say startswith=started endswith=success But in some case the j... by srinivasup Explorer in Splunk Search 05-21-2017 0 3	0	3