Splunk Search

Community Activity

To add multiple criteria to determine drop in traffic index=circuit basequery1 earliest=-10m@m latest=@m\|fields count \| stats count AS currentMinuteCount \| appendcols [sea... by arunsubram Explorer in Splunk Search 05-21-2017 0 1	0	1
How to edit a transaction search with multiple "endswith" option? hi, i have a search to get duration of the job, let's say startswith=started endswith=success But in some case the j... by srinivasup Explorer in Splunk Search 05-21-2017 0 3	0	3
table lookup issues I have a lookup table named lookupfile.csv My file looks like this: col1,col2,col3,col4 100,300,500,yes 200,400,600,y... by loveforsplunk Explorer in Splunk Search 05-20-2017 0 6	0	6
Find average count per minute by a specific field over the whole time period Hi, I have a web service's http access log and I want to find out the average request per minute for each url_path ... by flls New Member in Splunk Search 05-20-2017 0 3	0	3
How to edit my search to select the newest event based on LastModTime field? So I'm taking in data from a source that has some duplicate records for the same ID. The only differentiator between ... by joesrepsol Path Finder in Splunk Search 05-19-2017 0 2	0	2
Use eval statement with and, if, then Example: I'm trying to count how many books we have in our database based on subject: children's, romance, travel, et... by mistydennis Communicator in Splunk Search 05-19-2017 0 3	0	3
How to remove a prefix on a field during search? Hello, I'm trying to normalize a field during search. I have the field "user" and some of the fields are "NAU\abc123"... by aba83 Explorer in Splunk Search 05-19-2017 0 6	0	6
Alert when a host exceeds a certain number of messages per minute I'm running a somewhat large splunk installation that monitors syslog for >40k hosts. Every once in a while, a host ... by rgisrael Explorer in Splunk Search 05-19-2017 4 8	4	8
How do I create a time chart that predicts based on the values inside the search field? I am trying to create a search that looks through some logs and creates a time chart based on the search field which ... by aflick2486 Explorer in Splunk Search 05-19-2017 0 6	0	6
How to get the 6 month ago column from field in lookup? Hi, I have a column named Month in lookup file For example, Month 2017/02 2017/01 2017/01 2017/01 2016/12 2016/12 ... by urapaveerapan Explorer in Splunk Search 05-19-2017 0 3	0	3
rex over 2 lines with 2 combined search phrases I'm facing a problem with rex and working through many many threads which didn't help me to solve this issue. I have... by Stonecore New Member in Splunk Search 05-19-2017 0 6	0	6
How to color columns based on a variable? I am charting a Product ID v/s count in a column chart I want to color the columns in red and green. Red if the PID i... by anakelka New Member in Splunk Search 05-19-2017 0 6	0	6
How to create a multivaluefield from fieldnames with a specific pattern? Hi, let's say we have events with fields like: Event A: payload.productName1: payload.productName2: Event B: pay... by HeinzWaescher Motivator in Splunk Search 05-19-2017 0 12	0	12
How to edit my search to show the count of a field per country? I have a search below that shows the number of events by Country. I want to show the count of each dest_port per cou... by bayman Path Finder in Splunk Search 05-19-2017 0 7	0	7
How do I iterate and match values within a column of my search result? So, to start with, I have a table like this. Person role Time abc ... by snipedown21 Path Finder in Splunk Search 05-19-2017 0 5	0	5
Help me with search query command help me with JOIN query for my usecase i have index=abc sourcetype=abc index=abc sourcetype=pqr In sourcetype=abc ... by sravankaripe Communicator in Splunk Search 05-19-2017 0 8	0	8
Metadata fields of custom search command Hi guys, could you give me a documentation of the metadata fields of the custom search command? Im searching for som... by ays7abt New Member in Splunk Search 05-18-2017 0 3	0	3
Writing a search that will catch sourcetypes that have logged in x amount of time We are wokring on coming up with a methd to detect data that stops coming in based on sourcetype. I believe I will wa... by brent_weaver Builder in Splunk Search 05-18-2017 0 3	0	3
Re-apply extraction during search time for access_combined_wcookie data source Is there anyway to apply access_combined_wcookie extraction to some historical data during search time? Some of the d... by etam New Member in Splunk Search 05-18-2017 0 3	0	3
How to determine how long a search will run for? I've been waiting for over an hour and my search is still running with over 50 million events so far. I'm tempted to... by bayman Path Finder in Splunk Search 05-18-2017 0 2	0	2
where and eval clause does not work with "AND" condition? Firstly, with below search, there are events returned: \|from datamodel foo.fooo \|search Counterparty=abc Transaction... by leonjxtan Path Finder in Splunk Search 05-18-2017 0 6	0	6
stats on transaction Hello, I wonder about how can I do stats operation like counting of something inside of a transaction? I have a tra... by psobisch Path Finder in Splunk Search 05-18-2017 0 5	0	5
How to search for a user and then be able to see the computer he/she is logging into? How would i search for a user and then be able to see the computer he/she is logging into? by whitt New Member in Splunk Search 05-18-2017 0 3	0	3
what does the coalesce and eval in my query do? Could anyone explain what does the below search string means ? \| eval fieldA=coalesce(abc, "def") by pavanae Builder in Splunk Search 05-18-2017 0 3	0	3
Sparkline and Trend Indicator splunk Hi, I did Sparkline and Trend Indicator splunk as compared to lastweek. In the result it showing as 92 means in 2 d... by dchalasani Path Finder in Splunk Search 05-18-2017 0 6	0	6