Splunk Search

Community Activity

Timechart over one Month 01.-31. I want to design a new timechart dashboard panel based on a specific search over exact 1 Month (or 30 days) My search... by cschmit1 Explorer in Splunk Search 11-13-2015 0 7	0	7
Display Only the Total Row Hi, I wonder whether someone may be able to help me please. With some help along the way I've written the query belo... by IRHM73 Motivator in Splunk Search 11-12-2015 1 4	1	4
How to search the percentage change between multiple dates? So I loaded some old stock market data into Splunk and now I'm trying to make a big table that shows the percentage c... by jihape Path Finder in Splunk Search 11-12-2015 0 2	0	2
How would I use multiple values from a subsearch as input to the main search? I have two sourcetypes "clients" and "potential_clients" and each sourcetype contains address information. I want t... by digital_alchemy Path Finder in Splunk Search 11-12-2015 0 4	0	4
How to write a search to do multiple aggregations grouped by different fields? Hello, I am trying to do multiple aggregations on data each time grouped by different fields. I have the following da... by fernanmosi New Member in Splunk Search 11-12-2015 0 2	0	2
How to join two searches that have two common fields and put a condition on one of the common fields? I want to do a join of two searches that have a common field ID and time, but I want to have a condition on time when... by GauriSplunk Path Finder in Splunk Search 11-12-2015 0 15	0	15
BUG: tstats not displaying latest time modifier correctly It appears that tstats will not honor my latest value. Instead is silently uses "now" \| tstats count where index=ma... by the_wolverine Champion in Splunk Search 11-12-2015 0 5	0	5
How to trigger a search to run on clicking the strip in a Sankey Diagram? Whenever the strip between 2 nodes is clicked, a search should run and the output should be generated in a table (bel... by apurvsrivastav Engager in Splunk Search 11-12-2015 0 1	0	1
How do you search for the string "error" after a particular string appears? Hi, I would like to check for the string "ERROR" after the application is in a stable state. The application logs t... by jagr New Member in Splunk Search 11-12-2015 0 1	0	1
Filter out "everything but..." from certain source with heavy forwarder? I want to filter out everything in my massive firewall logs except those events with event codes for a few important ... by km_sec New Member in Splunk Search 11-12-2015 0 2	0	2
How to combine the results of multiple searches in a single table or panel? I'm trying to create a dashboard panel with a statistics table, which needs to be populated with the results from mul... by JohnBelliveau New Member in Splunk Search 11-12-2015 0 1	0	1
How can I extract this string from a value in my sample log? Hi, I have logs followed with a structure like this: start Performance Logging: [txID=123456789-EJBClientf12345678... by rakeshkumar_sah New Member in Splunk Search 11-12-2015 0 1	0	1
How to extract text from an error message in a log that follows a pattern? I am battling a field extraction. I am trying to get the text extracted from an error message in a log that follows ... by Bliide Path Finder in Splunk Search 11-12-2015 0 5	0	5
How to get the average of two fields and compare with last event? I have a simple search like index=main sourcetype=performance Status=* \| eval Status = if(Status=="S","Success","Err... by vtsguerrero Contributor in Splunk Search 11-12-2015 0 8	0	8
How do I write a search to get the sum of values from neighboring events? Hi, I have a case where I need to get the sum of values from neighboring events based on a search key. Example: A=... by akhila_bonam Engager in Splunk Search 11-12-2015 0 2	0	2
How do I extract fields from my sample log using regex? I got a log containing "Step" values in order: Step=11001 , Step=11018 , Step=12302 , Step=12319 , Step=12800 , Step... by bravon Communicator in Splunk Search 11-12-2015 0 3	0	3
How can I split a string for a field? How can I split a string from a field? Example: url="https://www.google.de/images/hpp/ic_wahlberg_product_core_48.png... by tonifrommknecht Engager in Splunk Search 11-12-2015 0 1	0	1
How do I convert epoch time to HH:MM:SS? Background So I have two date fields - Date_Created & Acknowledge_Date both in the format YYYY-MM-DD HH:MM:SS. I wis... by mjd555 Path Finder in Splunk Search 11-12-2015 0 7	0	7
How do I edit my search to calculate a percentage using values from a row that have a specific value in a column? Hi, I wonder whether someone may be able to help me please I'm using the search below to produce the screenshot as s... by IRHM73 Motivator in Splunk Search 11-12-2015 0 2	0	2
How can I run, repeat, then search? Splunk Enterprise version: 6.3.1 earliest_time : "-5m", latest_time:"now" exec_mode:"blocking", search : "index= xxx... by ryuch2002 Explorer in Splunk Search 11-11-2015 0 1	0	1
How do I write a search to get only the first 3 events for each Eventcode from Windows event logs? I am running the following search to get events from Windows event logs for the past month. I want to restrict the se... by basanthp Path Finder in Splunk Search 11-11-2015 1 4	1	4
Is there a design pattern for join searches with simple data? Hi, I am trying to write a search that seems a bit more tricky than it first looked like...  We have a scenario w... by andreasknutsso1 Engager in Splunk Search 11-11-2015 1 3	1	3
Why am I unable to multiply two fields fields with my current search syntax? Hi, I wonder whether someone may be able to help me please. I'm trying to put together a piece of a search which mul... by IRHM73 Motivator in Splunk Search 11-11-2015 0 10	0	10
How to compare a field to another field in a CSV file? I need to lookup the IP in a firewall log to a field in an inputcsv. The CSV file holds 50k results, so subsearches ... by wweiland Contributor in Splunk Search 11-11-2015 0 4	0	4
how to deal with NA values in results in splunk? My splunk search is something like this index=pqr host=xyz* NOT TYPE="ABCDE" \| fields X, Y \|timechart limit=0... by m_vivek Path Finder in Splunk Search 11-11-2015 0 3	0	3