Splunk Search

Community Activity

Given two sourcetypes, how to do you extract data from one sourcetype to another? Newbie here, would appreciate if anyone can help to answer this little question. I have two sourcetypes, A and B. A... by zuokun New Member in Splunk Search 11-07-2016 0 1	0	1
How to edit my eval case statement to exclude certain text from a field's value? My field has following value summary="java running in chrome" I need a search such that summary should have the wo... by nivethainspire_ Explorer in Splunk Search 11-07-2016 0 4	0	4
How can I calculate a relative value? Hi there. I'm trying to do something like this: Relative Conversion = Event Conversion / Total Conversion Where: ... by slr Communicator in Splunk Search 11-07-2016 0 4	0	4
How to edit my current search to find the difference between yesterday's count and today's count? I need to add a column stating the difference in count (today - yesterday). How can I write this search? Existing se... by nivethainspire_ Explorer in Splunk Search 11-07-2016 0 5	0	5
How to search newest events with a specific "time" field? Hi, We have a script that runs every day. The script adds a field called "export_time" which i use to determine the ... by ColinCH Path Finder in Splunk Search 11-07-2016 0 3	0	3
Transaction command returning 'no results found' I'm trying to manipulate some data from our incident management software to calculate the amount of time an incident ... by dfwissman New Member in Splunk Search 11-07-2016 0 3	0	3
Why is my scheduled search producing a count of zero, but get results when I run the search manually? Hi All, Currently I am facing an issue with scheduled reports. The scheduled job is getting executed as per the cr... by Hemnaath Motivator in Splunk Search 11-07-2016 0 17	0	17
Automatic lookups and rangemap I think I am going mad... I set up a lookup table (points.csv) containing range,Place,Points 2013,1,20 2013,2,15 20... by bowesmana SplunkTrust in Splunk Search 11-07-2016 0 2	0	2
multiple searches in multiple sourcetypes resulting in a single chart Below are the few patterns that I wanted to search from multiple sourcetypes and get the count. I have around 50 patt... by sailey New Member in Splunk Search 11-07-2016 0 1	0	1
How can I group by same amount of records? (percentiles) Hi everyone, Splunk noob here.. so any I help I would be grateful!. I've been trying to use the percX() function with... by pguridi New Member in Splunk Search 11-06-2016 0 1	0	1
Facing issues in Regex of numbers I have the following values in the field and need to write regex for this. Regex :(?P\d\,\d\d\d) Input 9 19 157 1,5... by kamal_jagga Contributor in Splunk Search 11-05-2016 0 4	0	4
Add 2 columns in a table on applied condition I have 3 columns in a table as below. I need to sum two colums(mag and depth) if place="7km W of Cobb,california" or... by nivethainspire_ Explorer in Splunk Search 11-05-2016 0 1	0	1
How to edit my case statement to work when added as a calculated field? The below EVAL function is working as search command, but not working when added as calculated field myindex \|EVAL t... by k_harini Communicator in Splunk Search 11-04-2016 0 8	0	8
Splunk Query to list top CPU consuming process when utilisation is greater than 70% Hello I have 2 queries, one to find top 10 CPU utilising process and 1 more for finding the avg CPU utilisation but ... by aparnaa Path Finder in Splunk Search 11-04-2016 0 5	0	5
How to restrict license report to slaves via lookup? Hi, I want to run reports against certain slaves reporting into the license manager, and filter them via a lookup. ... by a212830 Champion in Splunk Search 11-04-2016 0 3	0	3
How to change timezone from CST to EST during search time? Hi, Can you please help us in changing time from central to EST during search time? We have our server in central zo... by splunker9999 Path Finder in Splunk Search 11-04-2016 0 5	0	5
How to use field name as the value passed into a lookup table? \| foreach p* [eval val='<>' \| lookup wkst_risk_control asset_risk_position AS 'val'] I have 19 separate p extractio... by TobiasBoone Communicator in Splunk Search 11-04-2016 0 1	0	1
streamfwd ingestion of data from the pcap searching Hi, Following the Documentation provided by splunk I triggered streamfwd from the command line for my pcap. http://d... by ekremikizoglu Explorer in Splunk Search 11-04-2016 0 3	0	3
How to add line break in the eval function? Hi How to add the line break in the eval function base search\|eval new = src_host+","+"Event Code="+EventCode+","... by kiran331 Builder in Splunk Search 11-04-2016 0 3	0	3
Extracting a string from the search result INFO : Start Outputing Report: Project ID:c_exactworld_17121, Format:EXCEL Above is my search result, and I wanna ex... by zeewagon Engager in Splunk Search 11-04-2016 0 9	0	9
How does this search work? I am using the tag name in search query to filter down the app specific index, followed by "index=index1" to filter d... by jnithya Engager in Splunk Search 11-04-2016 0 1	0	1
How to set a field as the token to use in a dashboard? I have a search which will return me field email id. index=snow description=CPU \|table number sys_created_by nu... by surekhasplunk Communicator in Splunk Search 11-04-2016 2 4	2	4
How to generate a search for an exact word pattern? Hi All, I want to search a word in Splunk in a certain field for example "foo" and will return the following: foo b... by danielcmarcosjr Explorer in Splunk Search 11-04-2016 1 23	1	23
How to edit my REGEX in transforms.conf to allow certain data to get indexed in Splunk? Hi, I have a regex to allow certain data into Splunk via a transforms, and now I need to update it. I made some chan... by a212830 Champion in Splunk Search 11-04-2016 0 10	0	10
My first summary index - what am I doing wrong with the stats command? Dear Splunk gurus, I am trying to use Summary Indexing to improve reporting times for a Print Analytics dashboard. T... by alexoldman Explorer in Splunk Search 11-04-2016 3 3	3	3