Splunk Search

Community Activity

What is the eval command doing in this search? We use eval command to create new field, and we used this as function ex: \|stats count(eval(method="GET")) as get. Ca... by nagarjuna280 Communicator in Splunk Search 11-28-2016 1 9	1	9
How do I edit my search using tstats to get top hosts by percentage? I run the following every morning, but I know it could be accomplished more efficiently using tstats, but I cannot ge... by mcbradford Contributor in Splunk Search 11-28-2016 1 4	1	4
Is it possible to use the join command to join data from an index with a lookup table? Hello, I want to know if it is possible to use a join command with inputlookup instead of a lookup to join data bet... by stefanstolk1987 New Member in Splunk Search 11-28-2016 0 1	0	1
How to generate a search that will find values which are hexadecimal only? I have a query which returns a field which is occasionally a 13-digit hexadecimal value, and occasionally a string wh... by drinkingjimmy Explorer in Splunk Search 11-28-2016 0 5	0	5
How can I search for specific text within _raw? Good morning, I want to search for specific text within the _raw output of my syslog messages. Something along the ... by SplunkLunk Path Finder in Splunk Search 11-28-2016 0 3	0	3
What is the best way to join search queries in different time zones? What is the best way to join search queries in different time zones? I have tried following and it doesn't work. It ... by nehal_shah Explorer in Splunk Search 11-28-2016 0 3	0	3
How to get the first event from a search AND get 1 event in a timechart by source? Hi all, How to get the first event from a search AND get only 1 event in a timechart by source ? (and not "by source,... by Arnaud1213 Explorer in Splunk Search 11-28-2016 0 6	0	6
AddColTotals & Percentage Column Hi Everyone, I have an existing table that includes several columns filled with numeric values and one column that c... by behymejt2012 Path Finder in Splunk Search 11-28-2016 0 4	0	4
How to pass a macro'ed value (string or number) to another macro? I currently use various macros to store default values (thresholds, static filter strings, etc.) in an app. These def... by rjthibod Champion in Splunk Search 11-27-2016 2 9	2	9
How to develop one search that will obtain results from logs from different sourcetypes? I have Ex: Search query 1: I have one type of log, it contains Roll Number, Date of Joining, Class and etc Search ... by venkateshc Engager in Splunk Search 11-27-2016 0 2	0	2
Is it possible to create a multivalue visualization for each value of a grouped field? Hello, I am trying to create a variable sized visualization based on the value of a field grouped by another field. ... by andrewtrobec Motivator in Splunk Search 11-27-2016 0 6	0	6
How do I display negative values through geostats? Hello, I'm busy mapping temperatures for locations around the world and in some cases the value is negative. Unfort... by andrewtrobec Motivator in Splunk Search 11-27-2016 0 9	0	9
How to have my summary index only index on the calculated value? I have a sourcetype that has a tremendous amount of data - we use this data to calculate an overall number of calls p... by burras Communicator in Splunk Search 11-27-2016 0 6	0	6
Want latest weeks data in every month in a monthly chart Below is my requirement. I have weekly data for 24 weeks ( 6 months) , I want to get data of last month in every we... by prathikpisplunk Explorer in Splunk Search 11-26-2016 0 2	0	2
How do I extract numerical value from within a string using rex command? Hello, I've been reading up on the rex command and using it to split strings, but I cannot for the life of me get it... by andrewtrobec Motivator in Splunk Search 11-26-2016 0 2	0	2
How can I get the latest event by a specific field? Hello, I have the following event data: City,Date,Temp,Sky New York,2016-11-10,20,Clear New York,2016-11-10-19,Clou... by andrewtrobec Motivator in Splunk Search 11-26-2016 5 9	5	9
How to build a search that shows the uptime of Splunk and the host reporting to Splunk? I am required to build a search which will show the uptime of all my Splunk components over a period of one month. Al... by himapate Explorer in Splunk Search 11-26-2016 0 1	0	1
Is there any way to do stats count over multiple time frames? Is there any way to do stats count over multiple time frames? I am trying to replace something written in perl and o... by peiffer Path Finder in Splunk Search 11-26-2016 0 5	0	5
How to extract multiple sets of fields from one sourcetype I'm currently forwarding data from a pfSense Firewall in our Splunk Light instance. This works pretty well and I defi... by davidb89 Engager in Splunk Search 11-26-2016 0 1	0	1
How to trim off the last 7 characters from a field? Hi, I have a field with fields as below: name -------- abcd - xyz cdef - xyz adfeq - xyz I want to trim "- xyz" f... by surekhasplunk Communicator in Splunk Search 11-25-2016 0 3	0	3
How to retrieve information behind java.lang using rex? Hi, I am trying to retrieve the information behind the value "at java.lang. ..." I tried the following command but ... by SebBNP Engager in Splunk Search 11-25-2016 0 3	0	3
How to limit the number of result lines from stats Hi! I have some data from which I would like a summary report with only the most active clients in the list. The sea... by kaurinko Communicator in Splunk Search 11-25-2016 1 2	1	2
How many custom shapes does choropleth map support? http://blogs.splunk.com/2015/10/01/use-custom-polygons-in-your-choropleth-maps/ Use Custom Polygons in Choropleth Map... by hylam Contributor in Splunk Search 11-25-2016 0 10	0	10
Analysis on splunk users Analysis on splunk users, for this i need to display _time host user total_run_time searchQueryUsed Ur... by sravankaripe Communicator in Splunk Search 11-25-2016 0 7	0	7
How to edit my search to calculate values inside JsonArray Hi *, I have some trouble with Splunk stats functions :). I have a JSONArray event like this and I need to sum all c... by georg_koch Engager in Splunk Search 11-25-2016 0 1	0	1