Splunk Search

Community Activity

How can I average a dynamic column created using eval {Field}=Value I would like to display some data that has columns based on dynamic data from the search results. e.g. Assuming I hav... by chustar Path Finder in Splunk Search 11-06-2015 0 6	0	6
Count by group subgroup and use subgroup as column I had a query like this .... \| eval group_name = case ( match ( field , "value1" ) , "g1" , match ( field ... by splunknewbieste New Member in Splunk Search 11-06-2015 0 4	0	4
Using Chart over two fields grouped by time Hi Guys, I am trying to pull up a table containing Time, Channel & Popularity as fields. I am using : chart useothe... by kabiraj Path Finder in Splunk Search 11-06-2015 0 5	0	5
Real Time searches not all running Two of our users reported that they have not been getting any alerts from their real time searches over the past week... by gn694 Communicator in Splunk Search 11-06-2015 0 2	0	2
Extracting country codes from phone numbers Lets see how many of you are up early this Easter Sunday - bonus point on offer  I have a lookup with a list of pho... by himynamesdave Contributor in Splunk Search 11-06-2015 0 13	0	13
Join between 2 source type with a lot of data I everybody. I have a problem on splunk. I have a sourcetype with my orders and a sourcetype with my customers. I ... by jbechchar New Member in Splunk Search 11-06-2015 0 4	0	4
Showing filed only once per unique occurrence Hello, I am having problems with Splunk queries were a single unique instance of a field is repeated over other fiel... by gleandro Engager in Splunk Search 11-06-2015 0 1	0	1
extract code Once I have filter the data I need using search App I wish to extract the code (Java or python or other) for future u... by ryosefi New Member in Splunk Search 11-05-2015 0 5	0	5
DB Lookup - If I have two database inputs of the same type, how do I differentiate between the outputs? This is just a dummy example to illustrate a problem I'm having with my DB Lookup... Within my Splunk search results... by joea9 Explorer in Splunk Search 11-05-2015 0 2	0	2
Timechart average bandwidth usage per transaction Dear experts I must confess this post and question is not properly defined. It's more a chance to pick your brains r... by epacke Path Finder in Splunk Search 11-05-2015 0 7	0	7
How to edit my search get the subsearch to pass multiple values to the main search? Subsearch returning large number of MAC Address and pass each of them to the main (outer) search to evaluate if they ... by rafiqul New Member in Splunk Search 11-05-2015 0 2	0	2
I am not sure if this is a bug. I am using the same dataset and i am "appendcols" them. I can see the visualization - but i cant interact with the screen and it freezes. HI I am not sure if this is a bug. I am using the same dataset and i am "appendcols" them. I can see the visualizati... by robertlynch2020 Influencer in Splunk Search 11-05-2015 0 1	0	1
Attempting to run eval using value from min row returned by stats I have a list of events with columns such as: type,event_time,event_id,create_date My objective is to find the lowes... by hzane Engager in Splunk Search 11-05-2015 0 1	0	1
Timechart Dropping Empty Buckets I am trying to create a search that provides me with the predicted average usage of a machine during the course of a ... by werz New Member in Splunk Search 11-05-2015 0 3	0	3
How do I edit my timechart search to create a column chart of average duration values in a human readable format? I am trying to create a column chart that represents the average session time over a period of time with a 1 day span... by kboswell New Member in Splunk Search 11-05-2015 0 2	0	2
How do I graph a continuous timechart over a long period of time? Hello, I have implemented a dashboard in Splunk Enterprise that uses a time chart (among other things) that graphs n... by cstarling Explorer in Splunk Search 11-05-2015 0 3	0	3
setting up alert for search on index when counts for parameter are 0 I am able to set up alerts for an index when the count = 0 for a specific parameter value. Since I have over 50 over ... by jdepp Path Finder in Splunk Search 11-05-2015 0 7	0	7
Splunk search to find the disk utilization on multiple servers I've 5000 linux servers and I would like to do a splunk search to get their disk utilization. Its not possible to do ... by rcreddy06 Path Finder in Splunk Search 11-05-2015 3 8	3	8
Setting tokens for values from search results I want to present results from my search in a dashboard. I don't want to make the search itself visible, just assing ... by szabados Communicator in Splunk Search 11-05-2015 0 1	0	1
splunk queries to insert special characters in field values How to insert apostrophes in all field values Results: group count 10.243.200.14 1 10.243.200.29 1 10.... by splunker12er Motivator in Splunk Search 11-05-2015 0 3	0	3
Timechart Field Name Change Hi, I wonder whether someone may be able to help me please. I've put together the query below. index=main auditSour... by IRHM73 Motivator in Splunk Search 11-05-2015 0 17	0	17
Group together events that do not have a common field values I have a log file from which I am pasting a particular group of events as below: EAITransport EAITransportDebug ... by nitishnair123 New Member in Splunk Search 11-05-2015 0 4	0	4
Stats Dc & Substr Hi, I wonder whether someone may be able to help me please. I'm trying to change the 'dedup' element of the query be... by IRHM73 Motivator in Splunk Search 11-05-2015 0 1	0	1
Why is Splunk not throwing an error when the time range I selected for my search is between a past and a future date? I have a basic search like this: index=pqr host=xyz* NOT TYPE="ABCDE" \| fields X, Y \|timechart limit=0 span=10m c... by m_vivek Path Finder in Splunk Search 11-04-2015 0 4	0	4
Group By Field Hi, I wonder whether someone may be able to help me please. I'm running the query below which works fine. index=ma... by IRHM73 Motivator in Splunk Search 11-04-2015 0 4	0	4