Splunk Search

Community Activity

Create a new field/column on an event based on another field? I am new to Splunk and I am creating a dashboard with events. I would like to create a new field on the event which w... by hariivendiran Engager in Splunk Search 06-23-2016 0 2	0	2
How to search for errors that contain asterisks (*)? I have what I hope is a simple question. We have response logs from different payers. If they are having system issue... by cj039165 New Member in Splunk Search 06-23-2016 0 3	0	3
How to display iplocation info for all values in the IP address field belonging to a specific category in Splunk? So my search query gives me the IP addresses pertaining to a user field in the following manner: index=abc \| stats v... by umichguy Explorer in Splunk Search 06-23-2016 0 1	0	1
How to execute external script to manipulate file from search command hello, i have a testing python script as: test.py fo=open("c:/test.txt",'w') fo.write("hello") fo.close() a... by sieutruc Contributor in Splunk Search 06-23-2016 1 7	1	7
Keep most recent _time of multiple fields with non-NULL values I have user-generated data that I am trying to splunk to show whether or not an audit or check has been performed in ... by ErikaE Communicator in Splunk Search 06-23-2016 1 4	1	4
Group results by eval syntax Hi, i'm trying to group my results from these eval commands \| stats earliest(_time) as first_login latest(_time) as ... by zsizemore Path Finder in Splunk Search 06-23-2016 1 9	1	9
Help with a join I have a search that does work but takes forever because of the amount indexed by the ASA. I was thinking if it was ... by ccsfdave Builder in Splunk Search 06-23-2016 0 14	0	14
how to loop through data fields and store the result in a different data field? Hi, I am trying to find a solution to the below problem: HASH (Data field name) 001300A5323BF6C1812B686C1C896857D4C... by ashishlal82 Explorer in Splunk Search 06-23-2016 0 9	0	9
how to subtract vaule when making a chart I have a chart that shows total bytes sent on a computer. The chart seems to work, but it's hard to read. Since thi... by chadman Path Finder in Splunk Search 06-23-2016 0 13	0	13
Remove spaces in field values and run stats/timechart with new names I notice Splunk uses the first Word when using stats, so I need to rename the fields to single words or connected wor... by smhsplunk Communicator in Splunk Search 06-23-2016 0 3	0	3
How to search for events based on certain field and its exclusive values between two searches? Say I have two searches on data sets which contain four fields [field1, field2, field3, field4], e.g. [1,20,am,a] [1... by FallMonkey Explorer in Splunk Search 06-23-2016 0 8	0	8
SETUP.XML URL encoding lists values and updates correctly only if slash (/) exists, but fails to update with * or $ I'm using setup.xml for some script:// and monitor:// endpoints. I use %252F for /, %2A for *, %24 for $, and %20 fo... by avilandau Path Finder in Splunk Search 06-23-2016 0 1	0	1
Combine two rows from a search into one? Hello! I'm doing a search for some project information, specifically for a count of projects based on their Importan... by dzenn Explorer in Splunk Search 06-23-2016 1 5	1	5
Extract certain keyword from column There are two lines of info in a column but it appears that there's no whitespace or whatsoever in between those line... by timyong80 Explorer in Splunk Search 06-23-2016 0 1	0	1
Combine fields into new field without NULL From our data we end up with 2 different fields v7serial & v8serial. I want to be able to feed this into a single ser... by arrowecssupport Communicator in Splunk Search 06-23-2016 0 1	0	1
How to transform a table I have this table: _time,id,src,dst 9:00,x,A,B 9:01,x,B,C 9:02,y,C,B 9:03,z,B,C 9:04,y,B,A 9:05,z,C,D I wanna crea... by i111040d New Member in Splunk Search 06-23-2016 0 6	0	6
i want to combine two source types and print the result i have have two sourcetypes say sourcetype1 and sourcetype2 these two source type are in the same index sourcetype1 h... by lavanyaanne Path Finder in Splunk Search 06-23-2016 0 2	0	2
How can I bin over specified time periods in a timechart? Hi, I am trying to create a dashboard showing the amount of events split up in working and non-working hours joined ... by f_hartmann New Member in Splunk Search 06-23-2016 0 5	0	5
Using Lookup Table Hi, I am using a lookup table to populate 3 dropdown menus: Source, Service, and Method, where each selection of the... by alan20854 Path Finder in Splunk Search 06-23-2016 0 5	0	5
How to search Apache access_log data to find bandwidth usage as total number of bytes? I can pull the Apache access_log into Splunk, but I can't figure out now to write a search that will give the total n... by spunkyg Engager in Splunk Search 06-23-2016 0 4	0	4
How to get search results for last week's data without re-running the search? Hi All, On a daily basis, I am running one search to get results in a table representation format. I wanted to see t... by guruwells Explorer in Splunk Search 06-23-2016 0 2	0	2
How to sum the count of FieldA where FieldB is the same? I have data like: id,type,id2 1,a,100 2,a,100 3,c, 4,a,101 5,a,101 6,b,102 7,b,102 8,b,102 9,b,103 10,b,103 11,b,103... by bowesmana SplunkTrust in Splunk Search 06-23-2016 0 11	0	11
stats and eventstats Hi All. I want to calculate the percentage of churned_customer in rural and urban areas. The columns i have are CHUR... by SanthoshSreshta Contributor in Splunk Search 06-22-2016 0 6	0	6
How to search the time difference between transactions? I have three statements in my log file for each transaction like below: index=abc* source="abc.log" 2410286283_b310... by ppatkar Path Finder in Splunk Search 06-22-2016 0 2	0	2
How to create a dashboard to track alert results by severity level? I have multiple alerts, each at different severity levels. The output of these alerts are fields like source, destina... by yacht_rock Explorer in Splunk Search 06-22-2016 0 4	0	4