Splunk Search

Community Activity

What is the best search to display memory usage by host? Hello, I have some container metrics being logged that are formatted as such: Used Memory: ip=1.2.3.4 event_type=Va... by hippe21 Explorer in Splunk Search 04-28-2017 0 2	0	2
Why am I unable to perform searches on a Splunk search head cluster behind an Azure load balancer with error "CSRF validation failed"? For some reason I am unable to do searches behind my Azure load balancer, although it once worked. When I inspect the... by brent_weaver Builder in Splunk Search 04-28-2017 1 14	1	14
Individual results for stats in a chart. I'm pretty sure this is going to be very obvious but it's one of those days again. I've a field Duration_Seconds to ... by StuReeves Explorer in Splunk Search 04-28-2017 0 6	0	6
How to display data value in percentage Hi there, Im trying to display the data values in percentage. How can i do it? Thanks by sebastiangohhy Engager in Splunk Search 04-28-2017 0 2	0	2
Joining multiple fields of two searches together on certain conditions Hi fellow splunkers, I currently try to do a splunk auditing by searching which user logged into the system using so... by horsefez Motivator in Splunk Search 04-28-2017 0 3	0	3
Schedule search includes result from non-default index From the document, if index=myindex was not mentioned, Splunk search will only use default indexes. However, I found ... by daniel_splunk Splunk Employee in Splunk Search 04-28-2017 0 1	0	1
How to create a stacked bar chart? Hi there, I'm new to Splunk and want to create a stacked chart. I have 2 fields, Stage and Ans There are 3 Stages... by sebastiangohhy Engager in Splunk Search 04-27-2017 0 1	0	1
cron schedule to run for every 5 minutes but not at 3-4PM on Saturday? Hi, I need a cron Schedule which has to run at every 5 mins on all days except 3-4PM on Saturday?. Thanks, by uhkc777 Explorer in Splunk Search 04-27-2017 0 4	0	4
I would like find host IP Addresses that have not been updated for 3 days. Hello. I would like find host IP Addresses that have not been updated for 3 days. To use UPDATETIME field that for... by superhm Explorer in Splunk Search 04-27-2017 0 2	0	2
Need an alternative to transaction command for the following type of data set I have a data set like the below: 2017-04-26 10:00:00 correlation_id=a1000 msg=testing1000 2017-04-26 10:02:00 corre... by rijutha Explorer in Splunk Search 04-27-2017 0 2	0	2
Summarization timespan incongruent Hello, I have a two environments with the exact same app and saved searches, and the exact same data In environmen... by TiagoTLD1 Communicator in Splunk Search 04-27-2017 0 2	0	2
How to edit my search to join common values from two sourcetypes? New to Splunk. Suppose I have two sets of data in separate sourcetypes S1 and S2. S1: SRC Hostname Field1 Field2 S2:... by rakes568 Explorer in Splunk Search 04-27-2017 0 9	0	9
"Value" Interesting Field - 2 different types of information Hello (again), I have the following search: index=perfmon host=(serverA OR host=serverB) (object="Processor" OR obje... by TheJagoff Communicator in Splunk Search 04-27-2017 0 4	0	4
Count of values by sourcetype This should be pretty simple, but I seem to lack the right terms to find my answer: We have several source types wit... by mpuckettsc Explorer in Splunk Search 04-27-2017 0 5	0	5
help me with group command --------\| transaction UserName \|dedup ID\| table UserName ID UserName ID abc 100 ..... 103 Abc 101 ... by sravankaripe Communicator in Splunk Search 04-27-2017 0 1	0	1
Extracted Field to be case insensitive Hi, I have a Event 1 : 2013-04-02 04:22:38 199.xx.x.211 OPTIONS /CockpitNew - 4444 domain1\123456 102.220.13.119 eb... by harshjets Engager in Splunk Search 04-27-2017 0 4	0	4
Sourcetype Override We have around 15 files we're ingesting into Splunk all of them have the same format: //logs/TEST/mike/TEST1/syslog.... by iatwal Path Finder in Splunk Search 04-27-2017 0 8	0	8
How to get stats to set a field from the same event as another max() field While handling our CAS logs I have a report that calculates the time it takes to validate a CAS service ticket. I use... by tffishe New Member in Splunk Search 04-27-2017 0 5	0	5
How to insert IF in regular expression Hi to all, I should extract some fields by a log file, in the log file in some cases I have a field (i.e. field1, in ... by andreac81 Explorer in Splunk Search 04-27-2017 0 4	0	4
Day to day % Difference Hi guys, I create daily reports with various data on that we collect, and i am now looking to add a few extra bits ... by allansneddon Explorer in Splunk Search 04-27-2017 0 3	0	3
How to calculate average for several prior observations and compare that to the current observation? Lets say, i have a requirement to show hourly count of payments in a timechart- And lets say today is Monday. I will... by samjone New Member in Splunk Search 04-27-2017 0 1	0	1
streamstats is reversed? I'm trying to calculate volume growth by comparing the values of subsequent events from the df sourcetype. To get th... by emiller42 Motivator in Splunk Search 04-27-2017 1 6	1	6
Missing fields extractions Hi All, Recently we have moved all the splunk rules for alerting to another app, after we moved few searched are no... by franklinashokp New Member in Splunk Search 04-27-2017 0 1	0	1
How to color cells with time format (duration) Hi there! I have a table full of calls information and I want to give colour to one of them: I've tried the fieldf... by marina_rovira Contributor in Splunk Search 04-27-2017 0 4	0	4
Delta time for each event for basic search? If I run a simple search: Index=* It displays each event with columns as time, then the event. Is there a way to co... by abzmhzsplunk New Member in Splunk Search 04-26-2017 0 4	0	4