Splunk Search

Community Activity

How can we exclude weekends from the count of the number of days for the age of a ticket? Hi , We have a field called AGING which tells how many days a ticket exists. In order to get the accurate age, we ... by splunker9999 Path Finder in Splunk Search 06-28-2016 0 2	0	2
How to combine data from different sources and get one report? Hi Team, May be you feel that this is a repetitive questio,n but I didn't get response, so I opened a new question. ... by Laya123 Communicator in Splunk Search 06-28-2016 0 4	0	4
Regular expression removal of identical placement values? Let's say I have a service that spits out information such as the following: localhost;PING;PING OK - Packet loss = ... by TheHardHattedGe Explorer in Splunk Search 06-28-2016 0 5	0	5
How to use a drop-down form for a search? I have below search which has a CSV input (example host and category) host server1 server2 server3 ... by chandra61446 New Member in Splunk Search 06-28-2016 0 2	0	2
How to troubleshoot Splunk 6 search performance issues? Doing a simple search index=test over 10mln events gives me browsing speed around 5000 events per second. Extremely s... by adamguzek Explorer in Splunk Search 06-28-2016 0 5	0	5
How to extract multiple values on one field from XML structured data? Hi, I want to split data from this XML structure, but I cannot because the extracted field only gets the first elem... by Buscatrufas Path Finder in Splunk Search 06-28-2016 0 2	0	2
How to match the beginning of a log line in a Splunk search? I have events from an application containing various logger type messages, I.e: INFO, WARN, ERROR... Searching just f... by bbialek Path Finder in Splunk Search 06-27-2016 1 2	1	2
How to dedup a field for each day over 30 days? I have this search that I run looking back at the last 30 days index = ib_dhcp_lease_history dhcpd OR dhcpdv6 r - l ... by pboynton63 Explorer in Splunk Search 06-27-2016 1 9	1	9
How to hide a column in a table, but use the hidden field in the chart for a report? Hello experts, I have a case where I need to show a field in a table, but I need to hide it in the chart. Search: ... by nagendra008 Explorer in Splunk Search 06-27-2016 0 2	0	2
Is there a way to hide column in a table but still use it for drilldown in HTML Dashboards in Splunk 6 I have a scenario where I have a table panel I would like to hide the last column of that table but still be able to ... by adityapavan18 Contributor in Splunk Search 06-27-2016 5 2	5	2
How to search the count of adds/removes (new hosts vs host decoms) month on month? What I want is to many adds/removes (new hosts vs host decoms) month on month index=* \| stats dc(Host_Name) by date_... by smudge797 Path Finder in Splunk Search 06-27-2016 0 14	0	14
Calculating Percentage Hello, I'm having trouble finding the correct syntax and function to get the desired end result. I have a search base... by g038123 Explorer in Splunk Search 06-27-2016 0 3	0	3
How to display individual URI counts by user with timechart or stats? I am looking to display individual URI count by User on a timechart. Is this possible? My current search returns the... by Aaron_Fogarty Path Finder in Splunk Search 06-27-2016 0 4	0	4
How can I compare these two fields? Hello Fellow Splunkers, I am trying to write a search to compare the sitename and referrer to find all results where... by laurazeno Explorer in Splunk Search 06-27-2016 0 4	0	4
Why is my REGEX in transforms.conf not working to filter data to nullQueue? Hi, I want to filter Windows Security event logs in (/etc/system/local/)props.conf/transforms.conf. Here is my tran... by Aexyn Engager in Splunk Search 06-27-2016 0 4	0	4
How to calculate the time range between two events? I have data like below. How do I calculate the time difference between A.1-B. 1, A.2-B.2......A.n-B.n Time Offset Wo... by shenjunwei New Member in Splunk Search 06-26-2016 0 4	0	4
After upgrading Splunk from 6.2 to 6.3.1, why am I getting no results searching any indexes? Hi Team, I have upgraded Splunk from 6.2 to 6.3.1 version. I restored backup, but still I am not getting any output ... by kalyanilandge New Member in Splunk Search 06-26-2016 0 13	0	13
Anonymize only some Email Addresses Hi, I need help writing a regex which must anonymize email address which doesn't below to the company domain. I alre... by SirHill17 Communicator in Splunk Search 06-25-2016 0 14	0	14
How can I compare the ratio of errors to 10 minutes ago for all our app_pools? I would like to get a ratio of errors by app_pool, and then compare it to 5, 10, 1hr ago? tag=java \| stats count a... by daniel333 Builder in Splunk Search 06-24-2016 0 4	0	4
How to get event counts for multiple fields grouped by another field? Hello all, New to Splunk and been trying to figure out this for a while now. Not making much progress, so thought I... by splunker1981 Path Finder in Splunk Search 06-24-2016 1 2	1	2
How to search the average number of events per day by severity? I have a macro that breaks out events by severity. I am trying to look at the average number of events by severity av... by 502087470 New Member in Splunk Search 06-24-2016 0 2	0	2
How do I downgrade from Splunk Light to Splunk Light Free? In my test setup, I can see that I have a VALID status of the Splunk Light Free, and an EXPIRED status on the Splunk ... by netmack9 New Member in Splunk Search 06-24-2016 0 2	0	2
How to chart with multiple hour fields from 0h to 24h? I have some performance data that is for the most part, fairly standard, such as SystemName, Metric (cpu, memory, wha... by jrich523 Path Finder in Splunk Search 06-24-2016 0 5	0	5
How to customize our search results using subsearches? Hi SPlunkers, We are looking customize our searches by using subsearches. Search 1: index=db source="Queue.Depth"\|... by splunker9999 Path Finder in Splunk Search 06-24-2016 0 8	0	8
Why does max value turn into average in my results for date range greater than 3 Days? So I have a query that is \| timechart count \| timechart per_second(count) as TPS \| timechart span=1d max (TPS) This... by mgrimes New Member in Splunk Search 06-24-2016 0 13	0	13