Splunk Search

Community Activity

How to find top events contributing to a total of X% of the events? Hi, I can find the top events but I want to see all those events that are contributing say 80% of the total. e.g. the... by dkikan Engager in Splunk Search 02-07-2017 0 1	0	1
How to calculate max of transaction from sum of 2 fields? Currently I am trying to find the max of field (which is already a sum of 2 different fields). The problem unfolds as... by sundarrajan Path Finder in Splunk Search 02-07-2017 0 5	0	5
Lookup based range of latitude and longitude Hi I'm looking for a sample search that calculates count of events which match within 500m radius of lat/long on loo... by Shisa Explorer in Splunk Search 02-07-2017 0 2	0	2
Are there any plants to output ISO-3166 alpha codes from iplocation command? Any plans to output ISO-3166 alpha codes from the iplocation command @arahut_splunk, or should we implement a maxmind... by doksu Contributor in Splunk Search 02-06-2017 0 1	0	1
Query to search for huge set of URLs I have close to 2000 URLs I want to search in one source. Is it possible to do it in one query by using lookup and wh... by rbathla New Member in Splunk Search 02-06-2017 0 4	0	4
How to edit my search so I can compare differences between a list of fields Hello all, At a loss trying to accomplish the following: I would like to compare three fields in the same index (te... by splunker1981 Path Finder in Splunk Search 02-06-2017 0 3	0	3
if an entry exists in stats, remove the entire line Hi, I have this work in progress query index=betats source="*top.csv" \| dedup PREMISE_FK COMMAND PID \| where COMMAN... by dbcase Motivator in Splunk Search 02-06-2017 0 4	0	4
How to not let "Span" overwrite earliest time value Lets say it is 2/6/17 at 2:18am and I have the following query... ... earliest=-1d@m \| bin _time span =10m ... I w... by matthewb4 Path Finder in Splunk Search 02-06-2017 0 2	0	2
Why are some expected events missing when applying a filter in our search? We recently onboarded some applications' logs, and at our client request, we had to put a custom field to have the ap... by mdelwaide Path Finder in Splunk Search 02-06-2017 0 9	0	9
Why am I not receiving results when a value contains a with period and underscore? I would like to show results group by "SLA Request Key". I am able to view sample Data-2 but not Sample Data-1 Samp... by saikamaldidigam New Member in Splunk Search 02-06-2017 0 5	0	5
Why is summary index is missing a few indexes in its output? Hi, I am using around 8 indexes to create a summary index. But after creating the summary index, i am seeing the dat... by umsundar2015 Path Finder in Splunk Search 02-06-2017 0 3	0	3
Extend finite fields into the future in conjunction with the predict command I'm attempting to build out a capacity chart that shows total elements used in a system and predicts the future count... by burras Communicator in Splunk Search 02-06-2017 0 3	0	3
What is the regular expression to extract "java.net.SocketTimeoutException: Read timed out" from my raw event? please help me with rex i want to retrieve java.net.SocketTimeoutException: Read timed out from below _raw "msgConte... by sravankaripe Communicator in Splunk Search 02-06-2017 0 9	0	9
How to use tstats to show the last event and event time from 30 hosts (in lookup)? How to use tstats to show the last event and event time from 30 hosts (in lookup)? If I can't use tstats, is there an... by kiran331 Builder in Splunk Search 02-06-2017 0 1	0	1
What is the regular expression to extract "a1234567" from my event? Please help me with regular expression i want to extract a1234567 "INDV=1234566\|RSPAR\|a1234567\|RSPAR" by sravankaripe Communicator in Splunk Search 02-06-2017 0 3	0	3
Inconsistent Delimited Values Here's my search: base search \| rex "^(?<field1>[^:]+):\\|:(?<field2>[^:]+):\\|:(?<field3>[^:]+):\\|:" The logs are ... by lloydknight Builder in Splunk Search 02-06-2017 0 3	0	3
How to create regular expressions for these Exceptions? I want to know how can i create regular expressions for the following exceptions... java.io.IOException java.lang.E... by jw44250 New Member in Splunk Search 02-06-2017 0 6	0	6
lookup does not show new added lines All, i've got a strange issue regarding lookup tables. ((and seen in two lookup tables now) I have a lookup table "s... by JeroenDenBoer Explorer in Splunk Search 02-06-2017 0 2	0	2
Splunk strange bug with the command "Fields" and space Hello Community, I have a strange behavior with a command when it is on the search field of a Dashboard. In my comm... by guilpink New Member in Splunk Search 02-06-2017 0 2	0	2
How can I use timechart to report IIS time_taken by location, using a CIDR inputlookup to compute the location by the client's IP? Hello Splunk peoples! Would someone please help me figure out how to use timechart to find IIS time_taken by locatio... by cyphertek Explorer in Splunk Search 02-05-2017 0 2	0	2
How to generate a search to calculate the duration when a pressure value drops below a certain threshold? Hi, assume I have the following type of data for pressure sensors in multiple sites. What we need to do (preferably ... by westonaj1 Engager in Splunk Search 02-05-2017 0 4	0	4
How to set up an alert for VPN user who connects from a different city and country? am new to Splunk and have a very basic search that give output as below for vpn users.. User Group ASA_Device ... by scanxer1 New Member in Splunk Search 02-05-2017 0 1	0	1
How to convert this SQL query to splunk search Hi , I have a sql query , Count distinct CHNL where MSG_NUM like 'cma%' group by MSG_TM. Result should get display ... by benazir Explorer in Splunk Search 02-05-2017 1 3	1	3
How to edit my search to calculate the error ratio by a certain field? My website has multiple widgets owned by various team and hosted on various CDN. I want to see the error rate by widg... by Hung_Nguyen Path Finder in Splunk Search 02-04-2017 0 12	0	12
How to use regular expression to cut the beginning of an Exception message? How to use regular expression for an Exception message from a Source=Windows:Application to cut the beginning of the ... by jward6004 Explorer in Splunk Search 02-03-2017 0 1	0	1