Splunk Search

Community Activity

How to search the percentage increase and display top 10 error codes with the highest increase in the last 24 hours? Hello, I am stuck on my search and was hoping I could get some help. I am trying to calculate the % increase and di... by demkic Explorer in Splunk Search 12-01-2016 0 11	0	11
How to create a line chart so each data point shows three field values? I generated a line chart and am plotting on two fields: Time and ID, however, I want to see more than just these two ... by byu168168 Path Finder in Splunk Search 12-01-2016 0 2	0	2
how to show current ERROR trend as a single value HI, i am trying to display ERROR count as a single value and using below search index=myindex ERROR co_name=$co_name... by rajgowd1 Communicator in Splunk Search 12-01-2016 0 5	0	5
Why dispatch.fetch is very Slow while retrieving data from Cassandra ? I am connecting my hunk application(6.4) to datastax cassandra 3.1 to get the results for monitoring and the results ... by basilarockiaedw Path Finder in Splunk Search 12-01-2016 0 4	0	4
How to get a percentage into stats results? Hi, I have the below query that works just fine. The thing that I want to add is a percentage (Errors/Success*100) ... by dbcase Motivator in Splunk Search 12-01-2016 0 1	0	1
How to assign value of one field to a variable? I have data in my log which looks like, extraData: { [-] MD_independent_new: 2016-11-30T04:35:57Z ... by ppanchal Path Finder in Splunk Search 12-01-2016 0 1	0	1
How can I make only date appear in the X-label of xyseries plot? I only have year-month-day in my _time, when I use table to show in search, it only gives me dates. Yet when I use xy... by smhsplunk Communicator in Splunk Search 12-01-2016 0 3	0	3
Job inspector: How to identify search time extraction is kicking in We may be having performance issues as newly saved search time extractions are not working even after being successfu... by splunk_zen Builder in Splunk Search 12-01-2016 0 2	0	2
RegEx Pattern for Event Break in SourceType Hi all, I am trying to determine the RegEx pattern for the Event Break. Below is an example event. A new event start... by neiowe Path Finder in Splunk Search 12-01-2016 0 2	0	2
How to edit my eval statements to assign a value for a field when join returns no rows? index="Index1" sourcetype="response" \| eval running_ok = if(response_status="Running","0","1") \|head 1 \|join running_... by email2vamsi Explorer in Splunk Search 12-01-2016 0 4	0	4
How do I perform count logic on all entries for a specific line? Hello, I am trying to determine the number of entries that have a field date that is before or equal to _time. My d... by andrewtrobec Motivator in Splunk Search 12-01-2016 0 3	0	3
How to edit my eval syntax to check if the value "No results found." exists? \|eval final = if(running_ok==" " OR running_ok==1,1,0) I want to assign final=1 when (running_ok=="No results found... by email2vamsi Explorer in Splunk Search 12-01-2016 0 4	0	4
How to edit my search to add row header labels to the table of results? I have created following Splunk search: host=xyz* index=my_index NOT(bot) earliest=-1d@d latest=-0d@d \| eval searchi... by vivekb New Member in Splunk Search 12-01-2016 0 8	0	8
Searching and viewing json sourcetypes, why do extracted field names contain "{}" characters and drilldown doesn't work from the "syntax highlight" view? Hey there, Two problems with searching and viewing json sourcetypes: 1) Anybody know what's the deal with the json... by pembleton Path Finder in Splunk Search 12-01-2016 0 3	0	3
How to search for two source types, each in different time ranges without using join or a subsearch? In my below query, I want to load sourcetypeA for last 13 weeks, however I want to restrict sourcetypeB for last 7 d... by pradeepkumarg Influencer in Splunk Search 12-01-2016 2 9	2	9
NOT Subsearch Hi 1) Index=test event=initiated \| dedup ip-address \| table ip-address gives me the initiated transactions. 2) In... by praveenvemuri Explorer in Splunk Search 12-01-2016 1 6	1	6
How to edit my search to reformat results in a table? Hi all, I'm new to Splunk, and been stuck at trying to format a table of results. I currently have the a raw resul... by Tim_1 Path Finder in Splunk Search 12-01-2016 0 2	0	2
Forescout: How to calculate the average time of all devices/laptops that are non-compliant with encryption? We're looking to get the average time, given all, devices/laptops that are non-compliant with encryption. In Foresco... by tmaltizo Path Finder in Splunk Search 11-30-2016 0 12	0	12
How to structure search for dynamic earliest latest I have a search query that begins like this: index=someData earliest=08/06/2015:10:00:00 latest=08/06/2015:21:00:00.... by ohlafl Communicator in Splunk Search 11-30-2016 1 6	1	6
How to replace a real time search with a historical search without impacting the visualization that is based on the real time search? Hello, My management (and me as well, of course) loves the way the visualizations for real time searches look. But f... by butzowj Path Finder in Splunk Search 11-30-2016 0 1	0	1
Why is trim not working when the field has "#"? I've tried to use the trim, ltrim, and rtrim command on a particular field that contains a "#" field. I'm not a trad... by _jgpm_ Communicator in Splunk Search 11-30-2016 0 4	0	4
Regex Help for special characters Hi, My log looks like this. I am trying to get the average response time by service. ServiceInvoker (service_A) : e... by chanukhya Explorer in Splunk Search 11-30-2016 0 11	0	11
How can I join a search to a lookup to see where data is missing? Hello, I am writing a search to figure out which users haven't loggedtheir hours. For a list of all users I have a l... by andrewtrobec Motivator in Splunk Search 11-29-2016 0 3	0	3
Where do searches get logged in Splunk? When we make searches in Splunk, under which log file do these searches get logged? Example: we need the original pl... by newbietosplunk Engager in Splunk Search 11-29-2016 1 2	1	2
How to extract a string located between two backslashes in a field? Hi guys I'm new to Splunk  A search I created returns the following in a specific field: /Erginn008/3e2ce24a277ggh... by marktechuk New Member in Splunk Search 11-29-2016 0 6	0	6