Splunk Search

Community Activity

How to get an output for two different searches using join? Hi , Search 1: index="sftp" USER=gradydftsftpdata \| table USER, SESSION_ID,USER_IP,date_hour \| dedup SESSION_ID,USE... by sujith0311 New Member in Splunk Search 01-30-2017 0 10	0	10
How to edit my search to display my results in a trendline? I'm trying to graph this same type of trendline (2nd Screenshot) in Splunk with daily results from 12pm-12pm. I'm us... by jhampton3rd Explorer in Splunk Search 01-30-2017 0 6	0	6
dynamic earliest time SPLUNK Query We have to implement following scenerio in splunk. We are indexing a log "extractA" with _time as settlement day whi... by pradeep96674 New Member in Splunk Search 01-30-2017 0 8	0	8
how to search for index time extracted fields added to metadata I need only fields that are extracted during index_time which are added to _meta. How to search for them so that sear... by ankithreddy777 Contributor in Splunk Search 01-30-2017 0 2	0	2
I have duplicate entries in a CSV file. How to write a search that extracts the FIRST entry? Hi, I have a CSV file that looks like this Date,Version 01-24-2017 12:09:26,7_3_10_000500_3851898 01-25-2017 12:09:... by dbcase Motivator in Splunk Search 01-30-2017 0 5	0	5
Stats not returning zero counts index=xxx \|bucket _time span=3m \|stats count by _time host IP We are using the above stats command to get count inste... by karthi2809 Builder in Splunk Search 01-30-2017 0 1	0	1
Splunk query to filter results I have some code deployed on 1 out of my 6 servers. I need a splunk query that pulls data from the other 5 hosts. Som... by tejaswiniul Explorer in Splunk Search 01-30-2017 0 1	0	1
How to combine the results of searches from two CSV files? Hi All, I am new to Splunk world, Please help me to explore. I have two CSV files let's say table_1.csv with field... by ibmrakesh Explorer in Splunk Search 01-29-2017 0 2	0	2
field extraction I have a data in the format index = abc earliest =-10d when i run get results in teh format of string result set ev... by msachdeva3 Explorer in Splunk Search 01-29-2017 0 1	0	1
What is the way to exclude ports from a single search? Silly question here. I am trying to search against my WAN for traffic flows NOT equal to certain ports. I seem to hav... by brian1_tate Path Finder in Splunk Search 01-29-2017 0 4	0	4
How to get the distinct count of the number of "Errors" or "Exceptions"? I have used this following Splunk search, but the output result is not correct. I am using OR operator for either Err... by jw44250 New Member in Splunk Search 01-28-2017 0 2	0	2
How to get all indexes and sourcetypes? After browsing through Splunk Answers, the closest I could get is the following SPL to list all Indexes and Sourcetyp... by jagadeeshm Contributor in Splunk Search 01-28-2017 0 3	0	3
How to edit my search to get a count and time chart of unique status codes by URL? Hi all -- I'm having some trouble wrapping my mind around a problem I'd like to measure. I would like to perform a ... by smutherbavaro New Member in Splunk Search 01-28-2017 0 3	0	3
Convert saved search to inline search I have a dashboard with 10 graphs all pointing to one saved search each. what is the easiest way to convert all of th... by ma_anand1984 Contributor in Splunk Search 01-28-2017 0 3	0	3
How to write a search to find the the 90th and 99th percentile for response time? hi, I have some fields extracted from Splunk and it has application name, response time, and response code. By usin... by rajgowd1 Communicator in Splunk Search 01-27-2017 0 2	0	2
How to create a dashboard search to output these specific fields in results? What I'm trying to do is when I give input as index=sftp USER=gradydftsftp and it gives output as: Jan 27 10:15:01 w... by sujith0311 New Member in Splunk Search 01-27-2017 0 2	0	2
How to write a search to compare results from two tables, and show the results that only exist in the first table? Background: I'm trying to create a search that will let me know if something about a user is true within the last 7 d... by jpringle03 Path Finder in Splunk Search 01-27-2017 1 2	1	2
How do I extract these fields from my sample json event? I have data being fed into Splunk from a log file in json format. Currently it is not extracting any of the fields fr... by ch1221 Path Finder in Splunk Search 01-27-2017 0 1	0	1
How to create a time chart with milestones? Hi, I'm trying to get some sort of timechart with milestones. Something like the attached pic (example) . I know S... by dbcase Motivator in Splunk Search 01-27-2017 0 9	0	9
How to run a certain eval statement in a search based on the date range? Creating a table for time zones, which will be used to keep track of our universal forwarders and their settings. Ne... by tlmayes Contributor in Splunk Search 01-27-2017 0 2	0	2
Lookup latest value in CSV or datasource Hi, I am currently tracking my electricity usage and would like to calculate the current cost using the kWh value in ... by Greenwell01 New Member in Splunk Search 01-27-2017 0 2	0	2
use eval to change field vale I have this logs: URI: tttplitmr_78 METHOD: POST BODY: {"s_data": {"System.ProcessorName": "Intel(R) Xeon(R) CPU E5-... by guillecasco Path Finder in Splunk Search 01-27-2017 0 3	0	3
"Duplicate" events: Without using "dedup", how can I remove all but one of the events that occur within a 1 second time frame? Hi, I have events that are sorta kinda duplicated. Sorta kinda means that everything is the same EXCEPT there is a ... by dbcase Motivator in Splunk Search 01-27-2017 0 3	0	3
How to create a search for moving average for email sent per user Thx to DalJeanis I have the following search that establishes a baseline of email sent per user by subject then looks... by jwalzerpitt Influencer in Splunk Search 01-27-2017 0 18	0	18
How to edit my search to find total emails sent per user on a daily basis? I am trying to pull stats that shows the average emails sent per user per day and I have the following search below, ... by jwalzerpitt Influencer in Splunk Search 01-27-2017 0 8	0	8