Splunk Search

Community Activity

Compare Lookup CSV with Search Dear Experts , I have created the Lookup Hostname.csv(Contain only one field Hostname) which contain 100 number of h... by sumit29 Path Finder in Splunk Search 03-29-2017 0 2	0	2
Help extracting fields from raw event Here's what my raw event looks like: 58daf92d66c83d000e469dfd.txt unsupported file format I'd like to extract the... by hippe21 Explorer in Splunk Search 03-29-2017 0 2	0	2
Merge results of multiple queries I have used the multiple queries and merged them in single output. When I using timechart, getting the expected resul... by twh1 Communicator in Splunk Search 03-29-2017 0 1	0	1
Why are searches only showing "Parsing job...", and drilldowns do not render properly in Firefox with version 6.5.0? Our users are encountering intermittent problems with using Firefox after we've upgraded to version 6.5. In basic ... by kearaspoor SplunkTrust in Splunk Search 03-29-2017 0 3	0	3
create a table by comparing data from 2 different indexes Hi, I am trying to create a table by comparing data from 2 different indexes & compare certain search terms from one ... by arjun_hcl Explorer in Splunk Search 03-29-2017 0 2	0	2
How to escape a parentheses in sed rex command ? Hello dearest Splunkers, I am trying to convert "(A=hi) OR (B=bye)" to "(A=hi) NOT (B=bye)" using sed. So far I have... by DavidHourani Super Champion in Splunk Search 03-29-2017 0 2	0	2
how to create a single search where the output of the first query should act as input to the second query. We have two indexers in place. index=A & index=B. From index=A I have queried out the field which I want the value fo... by dina1701 Engager in Splunk Search 03-29-2017 0 2	0	2
Predict - 95% Confidence Interval I have read through Splunk docs that Splunk defaults lower and upper Confidence Interval to 95% for its prediction us... by arielpconsolaci Path Finder in Splunk Search 03-29-2017 1 3	1	3
srchFilter and inputlookup Is it possible to filter results in a lookup-file with filters defined in "srchFilter" in authorize.conf? Example lo... by reubentrapdoor Engager in Splunk Search 03-29-2017 0 2	0	2
how to display all values within the same field name. Ex log: (This is a XML log, giving details from the middle and not the entire log) Event 1: <students> <stu... by ndayanat Explorer in Splunk Search 03-28-2017 0 5	0	5
Creating a graph with two columns of a table Hello, I need to make a simple line chart with the values of two columns of a table. the first column is the x axis ... by matansocher Contributor in Splunk Search 03-28-2017 0 8	0	8
Sort the query based on firstime and count Hi, Is there a way to sort the below query based on both firstime and total count . I want to know which sourcetype... by kteng2024 Path Finder in Splunk Search 03-28-2017 0 4	0	4
REX Non-Capture Group Hi Everyone, Trying to understand non-capture groups better Trying to build rex that captures 2 conditions but us... by subtrakt Contributor in Splunk Search 03-28-2017 0 1	0	1
Splunk Time stamp modification Hi Team, We are in splunk 6.5. Our forwarder machines are having Brasilia Time zone and our indexer is on UTC time ... by Abilan1 Path Finder in Splunk Search 03-28-2017 0 7	0	7
Hex to Floating Point converter? Hi, I have a field that contrains a hex-string representing an encoded-float number (sign+exponent+mantissa). What w... by pchiu Engager in Splunk Search 03-28-2017 0 2	0	2
Show most relevant lines (Exceeds 500 limit) Hi~there, We index some system config file to facilitate user's lookup. But it seems the splunk have the limits in s... by hjwang Contributor in Splunk Search 03-28-2017 3 9	3	9
How to calculate duration between an unknown amount of multiple variables in transaction? Hello, I am trying to create a report or dashboard which calculates the average duration between events with the wor... by epresson New Member in Splunk Search 03-28-2017 0 1	0	1
How to use timechart and streamstats I have a search that will show me the top 3 processes like this host=foo sourcetype=top \| timechart span=1m sum(pctC... by hartfoml Motivator in Splunk Search 03-28-2017 0 4	0	4
Help me with search query for my usecase i have two id's lets say ID1 and ID2 i want to use transaction command for both ID1 and ID2 in same query , please h... by sravankaripe Communicator in Splunk Search 03-28-2017 1 10	1	10
How to calculate stdev for a count of one field based on another? I am trying to figure out how to calculate the stdev of the number of emails a user sends. I have the following searc... by jwalzerpitt Influencer in Splunk Search 03-28-2017 0 9	0	9
Search for results which don't appear in subsearch I have the below search, but am not getting any results (even though I know there are results). There are over 10,000... by smcdonald20 Path Finder in Splunk Search 03-28-2017 0 3	0	3
Stymied by subsearches I can run the following search with perfect results: sourcetype="aws" varOutcome=Blocked\|rex field=varDNS_Name "(?<v... by awmorris Path Finder in Splunk Search 03-28-2017 0 6	0	6
How to use lookup to evaluate thresholds? Have been trying to crack this for a long time. Would highly appreciate any help. I have a lookup similar to this: ... by manmeet99 Explorer in Splunk Search 03-28-2017 0 6	0	6
get latest value and timestamp Hi, How would I go about getting the latest value of a search, along with the timestamp of that search? I want to in... by a212830 Champion in Splunk Search 03-28-2017 1 5	1	5
How to add a exclude box in the splunk dashboard? Hi Is there a way to add a text box which excludes the value from the search results of dashboard? I have a dashboar... by kiran331 Builder in Splunk Search 03-28-2017 0 1	0	1