Splunk Search

Community Activity

How to calculate average for several prior observations and compare that to the current observation? Lets say, i have a requirement to show hourly count of payments in a timechart- And lets say today is Monday. I will... by samjone New Member in Splunk Search 04-27-2017 0 1	0	1
streamstats is reversed? I'm trying to calculate volume growth by comparing the values of subsequent events from the df sourcetype. To get th... by emiller42 Motivator in Splunk Search 04-27-2017 1 6	1	6
Missing fields extractions Hi All, Recently we have moved all the splunk rules for alerting to another app, after we moved few searched are no... by franklinashokp New Member in Splunk Search 04-27-2017 0 1	0	1
How to color cells with time format (duration) Hi there! I have a table full of calls information and I want to give colour to one of them: I've tried the fieldf... by marina_rovira Contributor in Splunk Search 04-27-2017 0 4	0	4
Delta time for each event for basic search? If I run a simple search: Index=* It displays each event with columns as time, then the event. Is there a way to co... by abzmhzsplunk New Member in Splunk Search 04-26-2017 0 4	0	4
Splunk Left outer join Hi, I have an Index=A and inputlookfile where I'm trying to get a list of computers which are not common in 'index... by snam New Member in Splunk Search 04-26-2017 0 3	0	3
Is it possible to aggregate and search within aggregated results? My app logs multiple lines per request and each line has a "request_id" key for identification. For each request, the... by sohymg New Member in Splunk Search 04-26-2017 0 9	0	9
Is there a difference between Python and Perl Custom Searches? Is there any penalty for using a Perl custom search over one created in Python? Presently the Perl search is simpl... by juillardr New Member in Splunk Search 04-26-2017 0 1	0	1
Data of a field in next row in another field of current row ![alt text][1] The siuation is - I have sprint and their start date , I want the next sprint start date in same row ... by sunilpanda023 Path Finder in Splunk Search 04-26-2017 0 2	0	2
Cross referencing to fill in missing details Hi, I have two .csv files. One contains an IP address with associated output data, a second contains the IP address ... by rattyryan Explorer in Splunk Search 04-26-2017 0 1	0	1
How to use variable within foreach command? I'm looping through JSON array and compare each value using a temporary variable but due to some reason the temporary... by sats2020 New Member in Splunk Search 04-26-2017 0 1	0	1
How to exclude sub folders Hi All I would like to monitor "4670: Permissions on an object were changed". I have the following query: index=w... by socdtv New Member in Splunk Search 04-26-2017 0 1	0	1
Table fields after using stats and xyseries I apparently seem to be truncating fields after using the stats and xyseries commands. I found that if I include the ... by tommy0x2A Engager in Splunk Search 04-26-2017 0 1	0	1
How can we improve the performance of an Hunk's query? We have the following Hunk query - index=<claims_table> claim_classification=INPATIENT OR claim_classification="INP... by ddrillic Ultra Champion in Splunk Search 04-26-2017 0 5	0	5
regex used in transforms.conf isn't extracting the fields though there isn't anything worng with the regex? I have a regullar expression extracted in transforms.conf as below :- [split_and_extract_commands] SOURCE_KEY = abc_... by pavanae Builder in Splunk Search 04-26-2017 0 5	0	5
Is there a search or command that will number rows in a table? is there any command to get row numbers in table? Like, I have a table like host source type DFR splunk_id FGH... by ThiruSplunk5676 New Member in Splunk Search 04-26-2017 0 3	0	3
Grouping a "time" span from one true value to another I have a boolean value in my data set. I want to group all event together that are between the event(a) right after a... by krwinters11 Path Finder in Splunk Search 04-26-2017 0 2	0	2
How to edit my search to format String to Number with fieldformat for all 60 columns? Hey guys Is there a quick way to format data? I want to format data like this <search> \|fieldformat test1a=tonumber... by laudai Path Finder in Splunk Search 04-26-2017 0 3	0	3
Which users have done this but have not done that ? Hello there, I'm struggling a little bit with the search language, booleans, eventtypes and stuff ... I can't find a... by Mahieu Communicator in Splunk Search 04-26-2017 0 6	0	6
How to exclude last 3 values in the search results. Hi , I need exclude the values last 3 three values from the search results. Can someone please help me on this. ind... by vkumar6 Explorer in Splunk Search 04-26-2017 0 1	0	1
SEDCMD: to filter the character between the user Curently our proxy logs with user having special characters inbetween. ref: DC=local/bob\, tom I have created a prop... by neelamsantosh Path Finder in Splunk Search 04-26-2017 0 1	0	1
OR operator problem Hi all, Hey, what's wrong with the next search structure? I'm using OR operator because the field names are differe... by bugnet Path Finder in Splunk Search 04-26-2017 0 2	0	2
Is there a way to speed up my search through millions windows security logs? Doing some long-tail analysis and I am running in Fast Mode but the query for 24 hours is taking a long time. Please... by packet_hunter Contributor in Splunk Search 04-26-2017 0 10	0	10
best tips for speeding up searches? best tips for speeding up searches? by transamrit Explorer in Splunk Search 04-26-2017 1 5	1	5
Group full auditd (rlog) EXECVE commands by User? Hello, I have been trying to write some custom searches against linux auditd logs to get a list of all commands exec... by pierceward Engager in Splunk Search 04-25-2017 2 2	2	2