Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
justx001

Rolling Averages

I am having alot of trouble setting up rolling averages in Splunk. I would love to be able to overlay a 30, 60, 90 da...
by justx001 Explorer in Splunk Search 10-14-2016
1 4
1
4
DEAD_BEEF

How to display the 2nd through n-1 values of a field?

I have some Windows event log data that shows the ID when a user logs in and logs out. In addition, it shows me the ...
by DEAD_BEEF Builder in Splunk Search 10-14-2016
0 4
0
4
tinylund

Result differences?

Fairly new to Splunk and I am trying to understand the reason for the difference in results and search time for the f...
by tinylund Explorer in Splunk Search 10-14-2016
0 1
0
1
accragv1

Unknown search command 'gentimes'.... can anyone help to find if this command has been discontinued in Splunk?

When Trying to run below query in Splunk search: | gentimes start=-1 | eval YourDate="3:21:34 PM 10/14/2016" | table...
by accragv1 Explorer in Splunk Search 10-14-2016
0 7
0
7
jwalzerpitt

Eval with multiple values

I have three event types: eventtype="windows_login_failed" eventtype="duo_login_failed" eventtype="sremote_login_fai...
by jwalzerpitt Influencer in Splunk Search 10-14-2016
0 6
0
6
jbala1

How do I return a search for a field that contains a number?

example: If I have a list of user and I want to search and the users who only have a number in that field; John_doe...
by jbala1 Engager in Splunk Search 10-14-2016
0 3
0
3
patng323

dedup gives different result if a 'table' command is used before it. A bug??

In an running a command which uses the dedup command: index=myindex earliest=-5d@d latest=@d | bin _time span=1d | ...
by patng323 Explorer in Splunk Search 10-14-2016
0 13
0
13
brywilk_umich

Subsearch field groupings

Hello, I have a search (see below) that Im having a little trouble with. With it it returns the fields correctly, b...
by brywilk_umich Path Finder in Splunk Search 10-14-2016
0 4
0
4
pavanae

how to modify my query to display a detail view with hosts?

I have a search as follows field="abc"| eval b=len(_raw) | timechart span=1h sum(b) as b | eval mb=round(b/1024/1024...
by pavanae Builder in Splunk Search 10-14-2016
0 4
0
4
burras

CSV Field Extraction with spaces in field name

I have a syslog feed coming in to our Splunk system that is essentially a CSV file. It's a conglomeration of the res...
by burras Communicator in Splunk Search 10-14-2016
0 9
0
9
andreafebbo

Calculating the number of executions using streamstats

Hi! I have such table: package executionID type day time A 1 start day1 some_hour A 1 end day1 some_hour B 1 start ...
by andreafebbo Communicator in Splunk Search 10-14-2016
1 1
1
1
splunkin11

How to perform a join on a field from source1 to one or another field in source2 based on the source1 field value?

I'm trying to join information from a metadata search to a lookup file. It works using a subsearch such as this: | m...
by splunkin11 Path Finder in Splunk Search 10-14-2016
0 5
0
5
skoelpin

How to extract values from multiple events and create a new event with those values?

I want to extract a key-value pair from multiple events and create a single event with those extractions. We have e...
by SplunkTrust SplunkTrust in Splunk Search 10-14-2016
0 6
0
6
jturner900

How to search the count of host Instances, and get the latest occurrence if there are duplicates?

In addition, if there is a duplicate host, I'd also like to keep the fields of the latest. Here's an example: Host ...
by jturner900 Explorer in Splunk Search 10-14-2016
0 5
0
5
emamedov

How do I configure Splunk to recognize my custom delimiter for proper field extraction?

I currently have a log statement which has a custom delimiter: {|} Where an example log statement would look like: ...
by emamedov Explorer in Splunk Search 10-13-2016
0 5
0
5
dbcase

How to edit my regular expression to extract these fields from my sample data?

Hi, I have the below data 10.210.192.15 - - [12/Oct/2016:19:59:43 -0400] "GET /rest/icontrol/login?expand=sites,ins...
by dbcase Motivator in Splunk Search 10-13-2016
0 7
0
7
sonusngh68

How to edit my search to prevent getting multiple alerts?

Created a search to monitor members added/removed from a group. It's working in search, but in the alert email for de...
by sonusngh68 New Member in Splunk Search 10-13-2016
0 10
0
10
jegreene

How to edit my search to count a certain event, then group that count by another field in a time chart?

Variables : LoginString Connections UT=10 UT=45 Essentially, I want to grab the login string where UT=45and then tie...
by jegreene New Member in Splunk Search 10-13-2016
0 3
0
3
JeremyHagan

Sort for chart not working

Hi, I'm doing a search on the _internal index for license usage by host. I'd like the histogram to have the biggest v...
by JeremyHagan Communicator in Splunk Search 10-13-2016
1 11
1
11
pavanae

How to display the average of each host for a particular search in a timechart?

I have a search as follows field_id="X" | eval b=len(_raw) | stats sum(b) as b | eval gb=round(b/1024/1024/1024,2) |...
by pavanae Builder in Splunk Search 10-13-2016
0 1
0
1
krishnacasso

How to join 2 CSV files that have unique values in single table?

Fields in first.csv file: DN, uidn, count, Status, TimeStamp Fields in second.csv file: DN, uidn, AppID, eid, user, ...
by krishnacasso Path Finder in Splunk Search 10-13-2016
0 2
0
2
mstiger12

How do I combine information from two traps into a single line in table based off of message ID comparison, user, and IP address?

How do I combine information from two traps into a single line in table based off of message ID comparison, user, and...
by mstiger12 New Member in Splunk Search 10-13-2016
0 1
0
1
jambraun

How to combine multiple searches with a rex and display results in a table

Ok, I have 3 searches I'd like to combine the results for and display in a table. The index is the same for all the ...
by jambraun Explorer in Splunk Search 10-13-2016
1 17
1
17
robertlynch2020

Getting tstats lookups and supserchers working together

Hi I have a working tstat query and a working lookup query. I am trying to us a substring to bring them together. I ...
by robertlynch2020 Influencer in Splunk Search 10-13-2016
0 1
0
1
smhsplunk

How to get my transaction search to return "0" instead of "no results found" if no events are found?

I am trying to use the transaction command to get duration between two events In case there are no such events, I wou...
by smhsplunk Communicator in Splunk Search 10-13-2016
0 4
0
4
Top Labels
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...