Splunk Search

Community Activity

Creating Conditional based on date (2 days) I want to create a conditional that is based on date, so for example I have a table that will show you the last time ... by JoshuaJohn Contributor in Splunk Search 04-24-2017 0 1	0	1
IF then problems... struggling with the following IF statement.... I have a table, and want to create a new field called 'finalclosedtim... by jacqu3sy Path Finder in Splunk Search 04-24-2017 0 6	0	6
how to use timechart count to return 0 when value is null, fillnull not working I am working on a search that returns counts by the hour but when the event has not occur, I would still like to fill... by lasonyadj New Member in Splunk Search 04-24-2017 0 11	0	11
How to calculate a funnel (with less effort)? Hi, let's say I want to create a 5 step-funnel for customers depending on their max step. My first approach would b... by HeinzWaescher Motivator in Splunk Search 04-24-2017 0 6	0	6
How to add average to data that are not on the same line I have data in the form like this: 21:00 Pos=A Strength=45 21:00 Pos=B Strength=60 21:00 Pos=C Strength=32 22:00 Pos... by lakromani Builder in Splunk Search 04-24-2017 0 5	0	5
Use string stored in field to assign value using if I am using a search of real-time data and a lookup to check whether certain problems exist based on the data. For e... by ErikaE Communicator in Splunk Search 04-24-2017 0 6	0	6
Why "where" doesn't work with hight values ? Hi guys, I have a problem on my request because when i use a short time like 7 days ou 15 days it is right but when ... by Abarny Path Finder in Splunk Search 04-24-2017 0 5	0	5
Unable to create time series chart in Splunk dashboard Hi All, I need help in creating time chart for the following request: I have a field by name field.status that will ... by santosh_hb Explorer in Splunk Search 04-24-2017 0 9	0	9
Percentile values over time Hi I have a query to look at the number of times a user does an event, and then get different percentiles of these. ... by ewanbrown Path Finder in Splunk Search 04-24-2017 0 6	0	6
How to write a search that shows all saved searches, reports & lookup tables that are shared globally? Hi, Is it possible to write a search that shows all saved searches, reports & lookup tables that are shared globally... by HeinzWaescher Motivator in Splunk Search 04-24-2017 0 3	0	3
Can we create lookup table for specific owner? Hi, Is there any way that we can create lookup table for specific user? As I checked outputlookup command and it doe... by sumangala Path Finder in Splunk Search 04-24-2017 1 9	1	9
How can I find computers that have been infected for three consecutive days? I want to find the host IPs for three consecutive days of antivirus detection. Please help me. ex) - sourcetype: viru... by superhm Explorer in Splunk Search 04-24-2017 0 2	0	2
Received event for unconfigured/disabled/delted...... I am a splunk novice. Https://answers.splunk.com/answers/522405/why-is-there-no-data-in-my-summary-index.html URL o... by xsstest Communicator in Splunk Search 04-23-2017 0 4	0	4
How does 'partial=True' affects 'timechart' results? I am grouping time buckets using 'span' and I'd like to trim partial time buckets at the beginning and end of the sea... by abonuccelli_spl Splunk Employee in Splunk Search 04-22-2017 2 3	2	3
Refining the search through lookup Hi, Below is the search I am running on a set of servers in the lookup file , I don't want to run the search on all ... by macadminrohit Contributor in Splunk Search 04-22-2017 0 7	0	7
Strange relationship between fieldformat command and postprocess The fieldformat command ( http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Fieldformat ) offers a ... by sideview SplunkTrust in Splunk Search 04-22-2017 1 5	1	5
Remove non alphanumeric at the very start in props.conf Is it possible to remove all non alpha-numeric when taking in data in the props.conf? I have tried wiht regex but i ... by robertlynch2020 Influencer in Splunk Search 04-22-2017 0 13	0	13
How to change a name within a field? I have hundreds of .tmp files that begin with evb* and exist within the "File Name" field. All I want to do is change... by happysplunkyay New Member in Splunk Search 04-21-2017 0 8	0	8
VIM syntax highlighting for splunk config files Just wanted to share with the community the plugin and syntax highlighter I've made for VIM. To enable syntax highli... by yoho Contributor in Splunk Search 04-21-2017 14 10	14	10
Help me with transaction command Is there any option other than transaction command to measure the time between events? because i am already using tra... by sravankaripe Communicator in Splunk Search 04-21-2017 0 1	0	1
How to edit my search to limit the distinct user count by set number of events per unique user? I was asked to provide active users since December 2016. With the logs we're working with, there's really no way to ... by ON34C02151009 Explorer in Splunk Search 04-21-2017 0 12	0	12
Eval RegEx for Host Name from FQDN Is there a way to write an eval to pull back host name Server1 from Server1.12.city.net by jhayIV Engager in Splunk Search 04-21-2017 0 2	0	2
How to edit my search to track event counts by Index/Sourcetype to see when data is no longer being received? Looking to build a report to list all the indexes/sourcetypes in use. And be able to monitor event counts as they go ... by joesrepsol Path Finder in Splunk Search 04-21-2017 0 8	0	8
How to check if a word is in a CSV file, and if it is, display results in a table? I have some data, if the message contains a word which is in a csv file, then results should show in a table. How sho... by nagarjuna280 Communicator in Splunk Search 04-21-2017 0 3	0	3
Why is there a difference in results depending on whether or not there are quotation marks in my search syntax? A search for "ip=100.2.2.2" userid=foobar (identifying information has been changed) produces 5 results. However, whe... by jian Explorer in Splunk Search 04-21-2017 0 7	0	7