Splunk Search

Community Activity

How to write a search to do multiple aggregations grouped by different fields? Hello, I am trying to do multiple aggregations on data each time grouped by different fields. I have the following da... by fernanmosi New Member in Splunk Search 11-12-2015 0 2	0	2
How to join two searches that have two common fields and put a condition on one of the common fields? I want to do a join of two searches that have a common field ID and time, but I want to have a condition on time when... by GauriSplunk Path Finder in Splunk Search 11-12-2015 0 15	0	15
BUG: tstats not displaying latest time modifier correctly It appears that tstats will not honor my latest value. Instead is silently uses "now" \| tstats count where index=ma... by the_wolverine Champion in Splunk Search 11-12-2015 0 5	0	5
How to trigger a search to run on clicking the strip in a Sankey Diagram? Whenever the strip between 2 nodes is clicked, a search should run and the output should be generated in a table (bel... by apurvsrivastav Engager in Splunk Search 11-12-2015 0 1	0	1
How do you search for the string "error" after a particular string appears? Hi, I would like to check for the string "ERROR" after the application is in a stable state. The application logs t... by jagr New Member in Splunk Search 11-12-2015 0 1	0	1
Filter out "everything but..." from certain source with heavy forwarder? I want to filter out everything in my massive firewall logs except those events with event codes for a few important ... by km_sec New Member in Splunk Search 11-12-2015 0 2	0	2
How to combine the results of multiple searches in a single table or panel? I'm trying to create a dashboard panel with a statistics table, which needs to be populated with the results from mul... by JohnBelliveau New Member in Splunk Search 11-12-2015 0 1	0	1
How can I extract this string from a value in my sample log? Hi, I have logs followed with a structure like this: start Performance Logging: [txID=123456789-EJBClientf12345678... by rakeshkumar_sah New Member in Splunk Search 11-12-2015 0 1	0	1
How to extract text from an error message in a log that follows a pattern? I am battling a field extraction. I am trying to get the text extracted from an error message in a log that follows ... by Bliide Path Finder in Splunk Search 11-12-2015 0 5	0	5
How to get the average of two fields and compare with last event? I have a simple search like index=main sourcetype=performance Status=* \| eval Status = if(Status=="S","Success","Err... by vtsguerrero Contributor in Splunk Search 11-12-2015 0 8	0	8
How do I write a search to get the sum of values from neighboring events? Hi, I have a case where I need to get the sum of values from neighboring events based on a search key. Example: A=... by akhila_bonam Engager in Splunk Search 11-12-2015 0 2	0	2
How do I extract fields from my sample log using regex? I got a log containing "Step" values in order: Step=11001 , Step=11018 , Step=12302 , Step=12319 , Step=12800 , Step... by bravon Communicator in Splunk Search 11-12-2015 0 3	0	3
How can I split a string for a field? How can I split a string from a field? Example: url="https://www.google.de/images/hpp/ic_wahlberg_product_core_48.png... by tonifrommknecht Engager in Splunk Search 11-12-2015 0 1	0	1
How do I convert epoch time to HH:MM:SS? Background So I have two date fields - Date_Created & Acknowledge_Date both in the format YYYY-MM-DD HH:MM:SS. I wis... by mjd555 Path Finder in Splunk Search 11-12-2015 0 7	0	7
How do I edit my search to calculate a percentage using values from a row that have a specific value in a column? Hi, I wonder whether someone may be able to help me please I'm using the search below to produce the screenshot as s... by IRHM73 Motivator in Splunk Search 11-12-2015 0 2	0	2
How can I run, repeat, then search? Splunk Enterprise version: 6.3.1 earliest_time : "-5m", latest_time:"now" exec_mode:"blocking", search : "index= xxx... by ryuch2002 Explorer in Splunk Search 11-11-2015 0 1	0	1
How do I write a search to get only the first 3 events for each Eventcode from Windows event logs? I am running the following search to get events from Windows event logs for the past month. I want to restrict the se... by basanthp Path Finder in Splunk Search 11-11-2015 1 4	1	4
Is there a design pattern for join searches with simple data? Hi, I am trying to write a search that seems a bit more tricky than it first looked like...  We have a scenario w... by andreasknutsso1 Engager in Splunk Search 11-11-2015 1 3	1	3
Why am I unable to multiply two fields fields with my current search syntax? Hi, I wonder whether someone may be able to help me please. I'm trying to put together a piece of a search which mul... by IRHM73 Motivator in Splunk Search 11-11-2015 0 10	0	10
How to compare a field to another field in a CSV file? I need to lookup the IP in a firewall log to a field in an inputcsv. The CSV file holds 50k results, so subsearches ... by wweiland Contributor in Splunk Search 11-11-2015 0 4	0	4
how to deal with NA values in results in splunk? My splunk search is something like this index=pqr host=xyz* NOT TYPE="ABCDE" \| fields X, Y \|timechart limit=0... by m_vivek Path Finder in Splunk Search 11-11-2015 0 3	0	3
What does it mean when there is a dash (blank/null) server ip address for a site? (Ex: "server_ip= - ") What does it mean when there is a dash (blank/null?) server ip address for a site? Seeing this quite often in results... by dasanner New Member in Splunk Search 11-11-2015 0 1	0	1
What is the Search Processing Language (SPL) 's equivalent of this code in R? After a The splunk+R search , index=pqr host=xyz* NOT TYPE="ABCDE" \| fields X, Y \|timechart limit=0 span=10m c... by m_vivek Path Finder in Splunk Search 11-11-2015 0 6	0	6
What needs to be installed and configured to give users access to the Splunk CLI to run searches? We have cluster environment in Splunk. We want to give access to Splunk CLI to users. They should be able to execute... by rrmavani Engager in Splunk Search 11-11-2015 0 1	0	1
How to use delta or another search command to find the difference between the most recent event and the event prior? Hello. I'm trying to find the time delta between the most recent event and the event prior to it. Delta sounds lik... by _dave_b Communicator in Splunk Search 11-11-2015 0 2	0	2