Splunk Search

Community Activity

"Value" Interesting Field - 2 different types of information Hello (again), I have the following search: index=perfmon host=(serverA OR host=serverB) (object="Processor" OR obje... by TheJagoff Communicator in Splunk Search 04-27-2017 0 4	0	4
Count of values by sourcetype This should be pretty simple, but I seem to lack the right terms to find my answer: We have several source types wit... by mpuckettsc Explorer in Splunk Search 04-27-2017 0 5	0	5
help me with group command --------\| transaction UserName \|dedup ID\| table UserName ID UserName ID abc 100 ..... 103 Abc 101 ... by sravankaripe Communicator in Splunk Search 04-27-2017 0 1	0	1
Extracted Field to be case insensitive Hi, I have a Event 1 : 2013-04-02 04:22:38 199.xx.x.211 OPTIONS /CockpitNew - 4444 domain1\123456 102.220.13.119 eb... by harshjets Engager in Splunk Search 04-27-2017 0 4	0	4
Sourcetype Override We have around 15 files we're ingesting into Splunk all of them have the same format: //logs/TEST/mike/TEST1/syslog.... by iatwal Path Finder in Splunk Search 04-27-2017 0 8	0	8
How to get stats to set a field from the same event as another max() field While handling our CAS logs I have a report that calculates the time it takes to validate a CAS service ticket. I use... by tffishe New Member in Splunk Search 04-27-2017 0 5	0	5
How to insert IF in regular expression Hi to all, I should extract some fields by a log file, in the log file in some cases I have a field (i.e. field1, in ... by andreac81 Explorer in Splunk Search 04-27-2017 0 4	0	4
Day to day % Difference Hi guys, I create daily reports with various data on that we collect, and i am now looking to add a few extra bits ... by allansneddon Explorer in Splunk Search 04-27-2017 0 3	0	3
How to calculate average for several prior observations and compare that to the current observation? Lets say, i have a requirement to show hourly count of payments in a timechart- And lets say today is Monday. I will... by samjone New Member in Splunk Search 04-27-2017 0 1	0	1
streamstats is reversed? I'm trying to calculate volume growth by comparing the values of subsequent events from the df sourcetype. To get th... by emiller42 Motivator in Splunk Search 04-27-2017 1 6	1	6
Missing fields extractions Hi All, Recently we have moved all the splunk rules for alerting to another app, after we moved few searched are no... by franklinashokp New Member in Splunk Search 04-27-2017 0 1	0	1
How to color cells with time format (duration) Hi there! I have a table full of calls information and I want to give colour to one of them: I've tried the fieldf... by marina_rovira Contributor in Splunk Search 04-27-2017 0 4	0	4
Delta time for each event for basic search? If I run a simple search: Index=* It displays each event with columns as time, then the event. Is there a way to co... by abzmhzsplunk New Member in Splunk Search 04-26-2017 0 4	0	4
Splunk Left outer join Hi, I have an Index=A and inputlookfile where I'm trying to get a list of computers which are not common in 'index... by snam New Member in Splunk Search 04-26-2017 0 3	0	3
Is it possible to aggregate and search within aggregated results? My app logs multiple lines per request and each line has a "request_id" key for identification. For each request, the... by sohymg New Member in Splunk Search 04-26-2017 0 9	0	9
Is there a difference between Python and Perl Custom Searches? Is there any penalty for using a Perl custom search over one created in Python? Presently the Perl search is simpl... by juillardr New Member in Splunk Search 04-26-2017 0 1	0	1
Data of a field in next row in another field of current row ![alt text][1] The siuation is - I have sprint and their start date , I want the next sprint start date in same row ... by sunilpanda023 Path Finder in Splunk Search 04-26-2017 0 2	0	2
Cross referencing to fill in missing details Hi, I have two .csv files. One contains an IP address with associated output data, a second contains the IP address ... by rattyryan Explorer in Splunk Search 04-26-2017 0 1	0	1
How to use variable within foreach command? I'm looping through JSON array and compare each value using a temporary variable but due to some reason the temporary... by sats2020 New Member in Splunk Search 04-26-2017 0 1	0	1
How to exclude sub folders Hi All I would like to monitor "4670: Permissions on an object were changed". I have the following query: index=w... by socdtv New Member in Splunk Search 04-26-2017 0 1	0	1
Table fields after using stats and xyseries I apparently seem to be truncating fields after using the stats and xyseries commands. I found that if I include the ... by tommy0x2A Engager in Splunk Search 04-26-2017 0 1	0	1
How can we improve the performance of an Hunk's query? We have the following Hunk query - index=<claims_table> claim_classification=INPATIENT OR claim_classification="INP... by ddrillic Ultra Champion in Splunk Search 04-26-2017 0 5	0	5
regex used in transforms.conf isn't extracting the fields though there isn't anything worng with the regex? I have a regullar expression extracted in transforms.conf as below :- [split_and_extract_commands] SOURCE_KEY = abc_... by pavanae Builder in Splunk Search 04-26-2017 0 5	0	5
Is there a search or command that will number rows in a table? is there any command to get row numbers in table? Like, I have a table like host source type DFR splunk_id FGH... by ThiruSplunk5676 New Member in Splunk Search 04-26-2017 0 3	0	3
Grouping a "time" span from one true value to another I have a boolean value in my data set. I want to group all event together that are between the event(a) right after a... by krwinters11 Path Finder in Splunk Search 04-26-2017 0 2	0	2