Splunk Search

Community Activity

Search query to retrive host upon selection Hi, I have 2 versions with multiple hosts containing dev and stg environment version1 is 7.2 with host1, host2,...... by imthesplunker Path Finder in Splunk Search 01-30-2017 0 2	0	2
How to find HTTP error code count with percentage for individual application based on time Hi, i am trying to find each application individual http error codes total count with percentage here is the query w... by rajgowd1 Communicator in Splunk Search 01-30-2017 0 10	0	10
How to configure setting the host field during index time? we're trying to set the host fields by extracting the name from the events, but it doesn't seem to work and would app... by nmohammed Builder in Splunk Search 01-30-2017 0 5	0	5
How to edit my search to create a table with multiple lines per single event Hi, having JSON formatted events there are parts of the event with the same key like: events: [ [-] { ... by julz0815 Explorer in Splunk Search 01-30-2017 0 5	0	5
calculate hours difference between times I want to calculate the hours difference between two times, I am using the below search command but its not working, ... by Dassari New Member in Splunk Search 01-30-2017 0 5	0	5
How to get an output for two different searches using join? Hi , Search 1: index="sftp" USER=gradydftsftpdata \| table USER, SESSION_ID,USER_IP,date_hour \| dedup SESSION_ID,USE... by sujith0311 New Member in Splunk Search 01-30-2017 0 10	0	10
How to edit my search to display my results in a trendline? I'm trying to graph this same type of trendline (2nd Screenshot) in Splunk with daily results from 12pm-12pm. I'm us... by jhampton3rd Explorer in Splunk Search 01-30-2017 0 6	0	6
dynamic earliest time SPLUNK Query We have to implement following scenerio in splunk. We are indexing a log "extractA" with _time as settlement day whi... by pradeep96674 New Member in Splunk Search 01-30-2017 0 8	0	8
how to search for index time extracted fields added to metadata I need only fields that are extracted during index_time which are added to _meta. How to search for them so that sear... by ankithreddy777 Contributor in Splunk Search 01-30-2017 0 2	0	2
I have duplicate entries in a CSV file. How to write a search that extracts the FIRST entry? Hi, I have a CSV file that looks like this Date,Version 01-24-2017 12:09:26,7_3_10_000500_3851898 01-25-2017 12:09:... by dbcase Motivator in Splunk Search 01-30-2017 0 5	0	5
Stats not returning zero counts index=xxx \|bucket _time span=3m \|stats count by _time host IP We are using the above stats command to get count inste... by karthi2809 Builder in Splunk Search 01-30-2017 0 1	0	1
Splunk query to filter results I have some code deployed on 1 out of my 6 servers. I need a splunk query that pulls data from the other 5 hosts. Som... by tejaswiniul Explorer in Splunk Search 01-30-2017 0 1	0	1
How to combine the results of searches from two CSV files? Hi All, I am new to Splunk world, Please help me to explore. I have two CSV files let's say table_1.csv with field... by ibmrakesh Explorer in Splunk Search 01-29-2017 0 2	0	2
field extraction I have a data in the format index = abc earliest =-10d when i run get results in teh format of string result set ev... by msachdeva3 Explorer in Splunk Search 01-29-2017 0 1	0	1
What is the way to exclude ports from a single search? Silly question here. I am trying to search against my WAN for traffic flows NOT equal to certain ports. I seem to hav... by brian1_tate Path Finder in Splunk Search 01-29-2017 0 4	0	4
How to get the distinct count of the number of "Errors" or "Exceptions"? I have used this following Splunk search, but the output result is not correct. I am using OR operator for either Err... by jw44250 New Member in Splunk Search 01-28-2017 0 2	0	2
How to get all indexes and sourcetypes? After browsing through Splunk Answers, the closest I could get is the following SPL to list all Indexes and Sourcetyp... by jagadeeshm Contributor in Splunk Search 01-28-2017 0 3	0	3
How to edit my search to get a count and time chart of unique status codes by URL? Hi all -- I'm having some trouble wrapping my mind around a problem I'd like to measure. I would like to perform a ... by smutherbavaro New Member in Splunk Search 01-28-2017 0 3	0	3
Convert saved search to inline search I have a dashboard with 10 graphs all pointing to one saved search each. what is the easiest way to convert all of th... by ma_anand1984 Contributor in Splunk Search 01-28-2017 0 3	0	3
How to write a search to find the the 90th and 99th percentile for response time? hi, I have some fields extracted from Splunk and it has application name, response time, and response code. By usin... by rajgowd1 Communicator in Splunk Search 01-27-2017 0 2	0	2
How to create a dashboard search to output these specific fields in results? What I'm trying to do is when I give input as index=sftp USER=gradydftsftp and it gives output as: Jan 27 10:15:01 w... by sujith0311 New Member in Splunk Search 01-27-2017 0 2	0	2
How to write a search to compare results from two tables, and show the results that only exist in the first table? Background: I'm trying to create a search that will let me know if something about a user is true within the last 7 d... by jpringle03 Path Finder in Splunk Search 01-27-2017 1 2	1	2
How do I extract these fields from my sample json event? I have data being fed into Splunk from a log file in json format. Currently it is not extracting any of the fields fr... by ch1221 Path Finder in Splunk Search 01-27-2017 0 1	0	1
How to create a time chart with milestones? Hi, I'm trying to get some sort of timechart with milestones. Something like the attached pic (example) . I know S... by dbcase Motivator in Splunk Search 01-27-2017 0 9	0	9
How to run a certain eval statement in a search based on the date range? Creating a table for time zones, which will be used to keep track of our universal forwarders and their settings. Ne... by tlmayes Contributor in Splunk Search 01-27-2017 0 2	0	2