Splunk Search

Community Activity

How to combine multiple searches with a rex and display results in a table Ok, I have 3 searches I'd like to combine the results for and display in a table. The index is the same for all the ... by jambraun Explorer in Splunk Search 10-13-2016 1 17	1	17
Getting tstats lookups and supserchers working together Hi I have a working tstat query and a working lookup query. I am trying to us a substring to bring them together. I ... by robertlynch2020 Influencer in Splunk Search 10-13-2016 0 1	0	1
How to get my transaction search to return "0" instead of "no results found" if no events are found? I am trying to use the transaction command to get duration between two events In case there are no such events, I wou... by smhsplunk Communicator in Splunk Search 10-13-2016 0 4	0	4
How to add multiple duration from multiple independent transactions So I am running multiple single valued transactions and putting the values in eval keywords, but I want to add all th... by smhsplunk Communicator in Splunk Search 10-13-2016 0 4	0	4
calculate Field count and pass it for percent calculation Hi, I'm a newbie to splunk. Struggling with a query. All i want to do now is pass the total value so that i can calcu... by k_harini Communicator in Splunk Search 10-13-2016 0 2	0	2
Lookups - dynamic values Hi, My lookup table has 3 columns, host, sitename and environment. Input to lookup is host name. If the host name ... by namritha Path Finder in Splunk Search 10-13-2016 0 3	0	3
How to list result data Hi, i have a result data like: host dest_ip src_ip FW1 192.168... by gijoesplunk New Member in Splunk Search 10-13-2016 0 5	0	5
My Splunk search results are not showing any extracted fields in the left side. For all index searches it is not showing any fields. Events are coming. I have to specify the fields in stats or tabl... by ivar9692 Explorer in Splunk Search 10-13-2016 0 2	0	2
Single Value compared with custom option Hi! I monitor a csv file and I need to show the last value from file as Single Value chart. This last value I want t... by valentinv Explorer in Splunk Search 10-13-2016 0 1	0	1
How to find IP addresses events are coming from to verify if multiple VMs are under a single hostname? I suspect that multiple VMs (as yet unconfigured in our environment) are getting lumped together in the index under a... by di2esysadmin Path Finder in Splunk Search 10-13-2016 0 8	0	8
Seeing errors of form: ERROR NewSavedSearchMgr - Error base64 decoding section... Why am I seeing errors of this form: 09-06-2016 08:42:25.189 +0000 ERROR NewSavedSearchMgr - Error base64 decoding se... by bohanlon_splunk Splunk Employee in Splunk Search 10-13-2016 0 2	0	2
Form input - Difference between default and initial value Hello, Could you somebody please help me to understand the difference and pros/cons between default value and initia... by sylbaea Communicator in Splunk Search 10-13-2016 1 2	1	2
why my events are showing higher than the databases values? Hi there, I'm trying to fetch the records from one of the table in my SQL SERVER database.The No.of records in that ... by saibhaskar Engager in Splunk Search 10-12-2016 0 3	0	3
How to append a query based on a variable chosen from a drop-down form? I need to append the query based on the defined variable. I declared a variable for the drop-down using token="TEST"... by sumyatnoepwint New Member in Splunk Search 10-12-2016 0 1	0	1
How to optimize my current search for better performance? index=_alltime (sourcetype=_data earliest=-1d@d latest=@d) \|table estl_code_enr_stat estl_code_mrkt_offr_typ estl... by pjampani New Member in Splunk Search 10-12-2016 0 1	0	1
Why does field extraction work in dev environment but not in prod environment? I ingested a CSV into our dev environment, had it create the props stanza with the field extractions I wanted, and co... by cdoebert Path Finder in Splunk Search 10-12-2016 0 6	0	6
How can I autorefresh a real time form and lookup a display name from Active Directory? I have a dashboard that runs in a real time window of 7 days and shows locked user accounts for Active Directory, Ch... by jd0323fhl Explorer in Splunk Search 10-12-2016 0 2	0	2
Creating Stack-able graphs for 2 fields These are my events : Based on the below info I want to crate a stackable bar graph that shows 2 errors "luchip" and ... by bharpur183 Explorer in Splunk Search 10-12-2016 0 5	0	5
After creating a field extraction, why do search results display different matches that are not related to my field extraction? I am trying to extract a keyword from an event 2011-03-11 09:12:00 123 INF-1 ConStopped ::CLIenteleCompletd1_Pe... by smhsplunk Communicator in Splunk Search 10-12-2016 0 2	0	2
Use transaction to chain events : end_time to start_time of next event Hy everybody ! This is my first post, so don't hesitate to correct me, explain howto do it, or ask for further infor... by BpAdminEtCtrl New Member in Splunk Search 10-12-2016 0 3	0	3
Difference between stdev and stdevp This is mostly a statics question. Is stdev(X) only using a portion of the total population or what? They results the... by cpeteman Contributor in Splunk Search 10-12-2016 6 4	6	4
How to write a search to group values until threshold is reached? I have data from 2 different data sources. I am trying to figure out how to distribute a value into a cost until the ... by david_rose Communicator in Splunk Search 10-12-2016 1 6	1	6
How to merge values of the same field extraction? I have 4 unique and standard values under one field extraction topic. I want to combine them into two values and use ... by shivarpith Path Finder in Splunk Search 10-12-2016 0 2	0	2
How to combine my two search queries using join or subsearch? Hi, I have 2 queries which do not have anything in common, how ever i wish to join them can somebody help : query 1... by allladin101 Explorer in Splunk Search 10-12-2016 1 6	1	6
Why are small searches taking incredibly long?! I have been hunting down users in my environment running real-time searches as I thought that they were the root caus... by paimonsoror Builder in Splunk Search 10-12-2016 0 3	0	3