Splunk Search

Community Activity

Sort the query based on firstime and count Hi, Is there a way to sort the below query based on both firstime and total count . I want to know which sourcetype... by kteng2024 Path Finder in Splunk Search 03-28-2017 0 4	0	4
REX Non-Capture Group Hi Everyone, Trying to understand non-capture groups better Trying to build rex that captures 2 conditions but us... by subtrakt Contributor in Splunk Search 03-28-2017 0 1	0	1
Splunk Time stamp modification Hi Team, We are in splunk 6.5. Our forwarder machines are having Brasilia Time zone and our indexer is on UTC time ... by Abilan1 Path Finder in Splunk Search 03-28-2017 0 7	0	7
Hex to Floating Point converter? Hi, I have a field that contrains a hex-string representing an encoded-float number (sign+exponent+mantissa). What w... by pchiu Engager in Splunk Search 03-28-2017 0 2	0	2
Show most relevant lines (Exceeds 500 limit) Hi~there, We index some system config file to facilitate user's lookup. But it seems the splunk have the limits in s... by hjwang Contributor in Splunk Search 03-28-2017 3 9	3	9
How to calculate duration between an unknown amount of multiple variables in transaction? Hello, I am trying to create a report or dashboard which calculates the average duration between events with the wor... by epresson New Member in Splunk Search 03-28-2017 0 1	0	1
How to use timechart and streamstats I have a search that will show me the top 3 processes like this host=foo sourcetype=top \| timechart span=1m sum(pctC... by hartfoml Motivator in Splunk Search 03-28-2017 0 4	0	4
Help me with search query for my usecase i have two id's lets say ID1 and ID2 i want to use transaction command for both ID1 and ID2 in same query , please h... by sravankaripe Communicator in Splunk Search 03-28-2017 1 10	1	10
How to calculate stdev for a count of one field based on another? I am trying to figure out how to calculate the stdev of the number of emails a user sends. I have the following searc... by jwalzerpitt Influencer in Splunk Search 03-28-2017 0 9	0	9
Search for results which don't appear in subsearch I have the below search, but am not getting any results (even though I know there are results). There are over 10,000... by smcdonald20 Path Finder in Splunk Search 03-28-2017 0 3	0	3
Stymied by subsearches I can run the following search with perfect results: sourcetype="aws" varOutcome=Blocked\|rex field=varDNS_Name "(?<v... by awmorris Path Finder in Splunk Search 03-28-2017 0 6	0	6
How to use lookup to evaluate thresholds? Have been trying to crack this for a long time. Would highly appreciate any help. I have a lookup similar to this: ... by manmeet99 Explorer in Splunk Search 03-28-2017 0 6	0	6
get latest value and timestamp Hi, How would I go about getting the latest value of a search, along with the timestamp of that search? I want to in... by a212830 Champion in Splunk Search 03-28-2017 1 5	1	5
How to add a exclude box in the splunk dashboard? Hi Is there a way to add a text box which excludes the value from the search results of dashboard? I have a dashboar... by kiran331 Builder in Splunk Search 03-28-2017 0 1	0	1
How to "chain" events together ? And how to follow the execution of all the chain ? Hi Guys, I'm trying to follow the execution of a number of script, here is my problem : I have a lot of batch scr... by 3no Communicator in Splunk Search 03-28-2017 0 4	0	4
How to generate a search to show the top 10 values for each priority? How to show the top 10 values for each column? I have a field port and its priority, I have to show top 10 values for... by kiran331 Builder in Splunk Search 03-28-2017 0 1	0	1
How to use eval and asterisk? Hi How to use asterisk in the eval case search? I have to assign a value to the IP ranges. for Ip range 1.2.* - L... by kiran331 Builder in Splunk Search 03-28-2017 0 2	0	2
Can I calculate the bandwidth used for site replication in an indexer clustering environment? If I use this search: index=_internal source=metrics.log host="indexer" kbps=* \| stats sum(kbps) by group,host ... by lycollicott Motivator in Splunk Search 03-28-2017 1 4	1	4
query to find the forwarders sending too much data Hi, Below is the query i am using to find the forwarders sending more data than others for a specific sourcetype in... by kteng2024 Path Finder in Splunk Search 03-28-2017 0 2	0	2
how to order timeline in correct week order? Hi my data is .csv file manually uploaded to Splunk cloud. there are columns for year, month, week numbers. I write ... by sunsu New Member in Splunk Search 03-28-2017 0 5	0	5
help me with search query for my use case index="ABC" sourcetype="XYZ" ENV=production someservice EVENT_DIRECTION=out \| where TRANSACTION_ID=[search index="AB... by sravankaripe Communicator in Splunk Search 03-28-2017 0 3	0	3
Get my single event in Tabular Format Hi Team, My single Event looks like below: FYI... USER PID %CPU %MEM COMMAND daemon 6029500 0.2 0.0 .vasd daemo... by rohithmn3 New Member in Splunk Search 03-28-2017 0 3	0	3
How to edit my rangemap search so that ranges will display as table columns? Hello! I am using Splunk to correlate packet statistics. In a log we have the following fields: sencore_iat and sen... by cstarling Explorer in Splunk Search 03-28-2017 0 6	0	6
How to convert a substring to a numeric value and evaluate the result? In this scenario, I have the following log "response time 34 ms". I want to extract just the number, 34, and evaluate... by aohls Contributor in Splunk Search 03-28-2017 0 5	0	5
How to iterate over a field with multiple values to produce a new field? Hi, I have a test field with multiple values A B C D etc... in my splunk query I want to iterate over that field a... by tpirozzi Explorer in Splunk Search 03-28-2017 0 6	0	6