Splunk Search

Community Activity

Predict - 95% Confidence Interval I have read through Splunk docs that Splunk defaults lower and upper Confidence Interval to 95% for its prediction us... by arielpconsolaci Path Finder in Splunk Search 03-29-2017 1 3	1	3
srchFilter and inputlookup Is it possible to filter results in a lookup-file with filters defined in "srchFilter" in authorize.conf? Example lo... by reubentrapdoor Engager in Splunk Search 03-29-2017 0 2	0	2
how to display all values within the same field name. Ex log: (This is a XML log, giving details from the middle and not the entire log) Event 1: <students> <stu... by ndayanat Explorer in Splunk Search 03-28-2017 0 5	0	5
Creating a graph with two columns of a table Hello, I need to make a simple line chart with the values of two columns of a table. the first column is the x axis ... by matansocher Contributor in Splunk Search 03-28-2017 0 8	0	8
Sort the query based on firstime and count Hi, Is there a way to sort the below query based on both firstime and total count . I want to know which sourcetype... by kteng2024 Path Finder in Splunk Search 03-28-2017 0 4	0	4
REX Non-Capture Group Hi Everyone, Trying to understand non-capture groups better Trying to build rex that captures 2 conditions but us... by subtrakt Contributor in Splunk Search 03-28-2017 0 1	0	1
Splunk Time stamp modification Hi Team, We are in splunk 6.5. Our forwarder machines are having Brasilia Time zone and our indexer is on UTC time ... by Abilan1 Path Finder in Splunk Search 03-28-2017 0 7	0	7
Hex to Floating Point converter? Hi, I have a field that contrains a hex-string representing an encoded-float number (sign+exponent+mantissa). What w... by pchiu Engager in Splunk Search 03-28-2017 0 2	0	2
Show most relevant lines (Exceeds 500 limit) Hi~there, We index some system config file to facilitate user's lookup. But it seems the splunk have the limits in s... by hjwang Contributor in Splunk Search 03-28-2017 3 9	3	9
How to calculate duration between an unknown amount of multiple variables in transaction? Hello, I am trying to create a report or dashboard which calculates the average duration between events with the wor... by epresson New Member in Splunk Search 03-28-2017 0 1	0	1
How to use timechart and streamstats I have a search that will show me the top 3 processes like this host=foo sourcetype=top \| timechart span=1m sum(pctC... by hartfoml Motivator in Splunk Search 03-28-2017 0 4	0	4
Help me with search query for my usecase i have two id's lets say ID1 and ID2 i want to use transaction command for both ID1 and ID2 in same query , please h... by sravankaripe Communicator in Splunk Search 03-28-2017 1 10	1	10
How to calculate stdev for a count of one field based on another? I am trying to figure out how to calculate the stdev of the number of emails a user sends. I have the following searc... by jwalzerpitt Influencer in Splunk Search 03-28-2017 0 9	0	9
Search for results which don't appear in subsearch I have the below search, but am not getting any results (even though I know there are results). There are over 10,000... by smcdonald20 Path Finder in Splunk Search 03-28-2017 0 3	0	3
Stymied by subsearches I can run the following search with perfect results: sourcetype="aws" varOutcome=Blocked\|rex field=varDNS_Name "(?<v... by awmorris Path Finder in Splunk Search 03-28-2017 0 6	0	6
How to use lookup to evaluate thresholds? Have been trying to crack this for a long time. Would highly appreciate any help. I have a lookup similar to this: ... by manmeet99 Explorer in Splunk Search 03-28-2017 0 6	0	6
get latest value and timestamp Hi, How would I go about getting the latest value of a search, along with the timestamp of that search? I want to in... by a212830 Champion in Splunk Search 03-28-2017 1 5	1	5
How to add a exclude box in the splunk dashboard? Hi Is there a way to add a text box which excludes the value from the search results of dashboard? I have a dashboar... by kiran331 Builder in Splunk Search 03-28-2017 0 1	0	1
How to "chain" events together ? And how to follow the execution of all the chain ? Hi Guys, I'm trying to follow the execution of a number of script, here is my problem : I have a lot of batch scr... by 3no Communicator in Splunk Search 03-28-2017 0 4	0	4
How to generate a search to show the top 10 values for each priority? How to show the top 10 values for each column? I have a field port and its priority, I have to show top 10 values for... by kiran331 Builder in Splunk Search 03-28-2017 0 1	0	1
How to use eval and asterisk? Hi How to use asterisk in the eval case search? I have to assign a value to the IP ranges. for Ip range 1.2.* - L... by kiran331 Builder in Splunk Search 03-28-2017 0 2	0	2
Can I calculate the bandwidth used for site replication in an indexer clustering environment? If I use this search: index=_internal source=metrics.log host="indexer" kbps=* \| stats sum(kbps) by group,host ... by lycollicott Motivator in Splunk Search 03-28-2017 1 4	1	4
query to find the forwarders sending too much data Hi, Below is the query i am using to find the forwarders sending more data than others for a specific sourcetype in... by kteng2024 Path Finder in Splunk Search 03-28-2017 0 2	0	2
how to order timeline in correct week order? Hi my data is .csv file manually uploaded to Splunk cloud. there are columns for year, month, week numbers. I write ... by sunsu New Member in Splunk Search 03-28-2017 0 5	0	5
help me with search query for my use case index="ABC" sourcetype="XYZ" ENV=production someservice EVENT_DIRECTION=out \| where TRANSACTION_ID=[search index="AB... by sravankaripe Communicator in Splunk Search 03-28-2017 0 3	0	3