Splunk Search

Community Activity

Concatenate field and count to display label in pie chart Hi This is my query: Username="*" \| top limit=10000 Username This gives me a table with many rows, where the fi... by philallen1 Path Finder in Splunk Search 03-22-2016 0 6	0	6
Controlling chart (y axis) range I am charting a range of 30 values (let's call them R) staring around 689511876 ending 690635036. The timechart repor... by natrixia Explorer in Splunk Search 03-21-2016 3 8	3	8
Go through Pasringqueue twice to break files via \n Hello, I have a file that doesnt seems to be breakable via the standard line breaker since it's a full text file wit... by DavidHourani Super Champion in Splunk Search 03-21-2016 0 11	0	11
"No search query provided" when using base search Hi, I have created quite large dashboard and want to add some optimizations to it. I choose to use base search as a ... by PanKokos Path Finder in Splunk Search 03-21-2016 0 4	0	4
REGEX to extract null/empty field as it has values Hello folks, I was wondering if you could help me with an issue regarding to the field extraction technique. I have ... by larmesto Path Finder in Splunk Search 03-21-2016 0 7	0	7
Configs for mgmt consoles... Hi, Where/how do the Splunk management consoles get their configs? For example, the IDX get them from the CM, the S... by a212830 Champion in Splunk Search 03-21-2016 0 2	0	2
summarize transaction search Whats the best way to summarize this data and subsequently search the results? The reason i ask is because the docs ... by smudge797 Path Finder in Splunk Search 03-21-2016 1 3	1	3
List times inbetween events when using timechart Using timechart, I have a a table with a list of dates and a value. However, the dates are non-consecutive (although ... by blhuynh Explorer in Splunk Search 03-21-2016 0 5	0	5
Lookup command can take wildcard() as an input. Suppose i have a lookup with two fields input and output. Initial,Final abc,abc def*,def so anything matches wit... by vranjith009 New Member in Splunk Search 03-21-2016 0 2	0	2
Correlating Different Events and Calculating Time Difference I’m trying to report on the time difference between two related events. Both events are collected from Windows event... by dw385 Explorer in Splunk Search 03-21-2016 0 3	0	3
Is it possible to use a countrycode "US" for the geom command? Hi, is it possible to use countrycodes like US, GB, CN for the geom command instead of ip or long/lat? Thanks in ad... by HeinzWaescher Motivator in Splunk Search 03-21-2016 1 4	1	4
Calculate and display count variance between same field across unique hosts by another field I created a table showing a mv field1 count for the same transactions as they passed through sequential hosts A, B, C... by rmercy Explorer in Splunk Search 03-20-2016 0 2	0	2
After uploading a CSV file to an index, why is my current search not producing results from the uploaded CSV data? Hello, I have a problem about Data Input that is uploaded from my computer. I upload a CSV file and index the file i... by cogrunc New Member in Splunk Search 03-20-2016 0 2	0	2
how to have a timechart table group by columns Hi, Please help me in creating a table with timechart grouped by columns: _time Products ... by muthvin New Member in Splunk Search 03-20-2016 0 5	0	5
Timechart & Stats Dc. Hi, I wondered whether someone may be able to help me please. I'm using the query below which works but contains dup... by IRHM73 Motivator in Splunk Search 03-20-2016 0 3	0	3
how to saving various sums in a variable? how to saving various sums in a variable for future search? I know it gives you to put a sum on a varivavel, but seve... by renanprado96 Path Finder in Splunk Search 03-20-2016 0 3	0	3
impact of fields command on performance Hi, i was wondering if limitating fields with the "fields" command would have any impact on performance for stats c... by Ed_Alias Path Finder in Splunk Search 03-20-2016 1 4	1	4
adding/appending a row to get differences between cells above I have a search giving me a table with row 1 and 2 below: _time A B C D 1 2015-02 1 3 5 7 ... by HattrickNZ Motivator in Splunk Search 03-20-2016 0 6	0	6
How to filter my search to only list values for a field that contain more than one host? Here is a simple question. The following is my search: index="atg" sessionId="mob" host="" \| stats values(host) as... by varma365 New Member in Splunk Search 03-19-2016 0 2	0	2
How to group all possible combinations with transaction Hi, I am quite new to splunk. I have been working with the log like below. 2016/3/18 10:00:00 user=userA Action=Conn... by yoshikawas New Member in Splunk Search 03-19-2016 0 2	0	2
useother=f in tstats query? for piechart visualization Hi, I have a tstats query and I want to display all "others" in piechart .below is my query: \|tstats count AS "Coun... by mprreddy51 Explorer in Splunk Search 03-18-2016 0 2	0	2
How to specify a phrase to filter out Hi, I want to filter out events that have a specific phrase in them. The phrase is "FIP VLAN" (which could be anywh... by a212830 Champion in Splunk Search 03-18-2016 0 3	0	3
How would I merge the events from two log files so that it appears as if coming from a single host? The logs are created by the same application and have the same fields. What I am after is displaying the count of ... by cal_dunigan New Member in Splunk Search 03-18-2016 0 1	0	1
When searching via REST API in a distributed search environment, why am I getting error "supplied index 'p_uno' missing"? Hallo, I have a setup with 2 indexers and a dedicated search head; the indexes.conf file is defined only on the inde... by petreb Path Finder in Splunk Search 03-18-2016 0 9	0	9
How to name NULL column Hello, I'm a new user to splunk and want to know how to name a NULL column. For example, see below query. index=ac_... by nlrdy Explorer in Splunk Search 03-18-2016 0 2	0	2