Splunk Search

Community Activity

How do I add the count of string values in each row? Hi guys, If I want to add the total values from each row, I can use the command \| addtotal and this is only used to ... by 477450 Explorer in Splunk Search 08-20-2015 0 4	0	4
How to create a drilldown for specific dynamic values on a table? Dear Everyone, I need some input for creating a drilldown on a table. My Table will look like the image below T... by raju4244 Explorer in Splunk Search 08-20-2015 0 1	0	1
How to create a dashboard with one search that can produce results for both today and yesterday? Hello, I want to create a dashboard with 2 searches. Search A should show a search result from today. Search B shou... by Isiegniel New Member in Splunk Search 08-20-2015 0 1	0	1
Streamstats and resetting a running total I'm using streamstats to calculate the running total for a value ... \| streamstats sum(amount) as cumulativeAmount ... by curtisb1024 Path Finder in Splunk Search 08-20-2015 0 3	0	3
How do I use the built-in maps in Splunk to plot the different countries in my search results and display the counts on each country? index=gasf uri_path=".aspx" (( eventtype="Hub" ) AND eventtype=) \| iplocation clientip \| timechart span=1hr c by... by rana_nour Explorer in Splunk Search 08-20-2015 0 1	0	1
How can I determine the regex used for an extraction in a specific event? Hello all, One problem that I frequently have is that I need to know what extraction was used for a specific events... by pinVie Path Finder in Splunk Search 08-20-2015 0 1	0	1
How to place the results of multiple unrelated searches into a table? Dear All, I have multiple searches with its results. Now I want to put values in a single table and that to be in pa... by raju4244 Explorer in Splunk Search 08-20-2015 0 3	0	3
How to search the Percentage and Count of Total by each range of a rangemap? I've looked at several posts involving "Percent of Total" and have tried the suggestions, but still can't get exactly... by slatta Explorer in Splunk Search 08-19-2015 1 1	1	1
How to find the average count of a field per hour per day? Trying to find the average PlanSize per hour per day. source="\\myfile." Action="OpenPlan" \| transaction Guid star... by RVDowning Contributor in Splunk Search 08-19-2015 0 6	0	6
Eval difference between two fields for each entry So I'm trying to display what the timespan is from start to finish of a bucket and add it as a new field to the table... by ltrand Contributor in Splunk Search 08-19-2015 0 2	0	2
How to chang the color of iframe chart ? Hi Splunkers! Is there a way to chang the color of iframe chart ? i only find it can work on dashboard ty:) by cysplunk978 New Member in Splunk Search 08-19-2015 0 1	0	1
How to find 10 most active folders by their action of uploading documents Hey guys, So I am trying to create a search that fetches the top 10 most active OOIDs (Organization ID Folder) by th... by splunkman341 Communicator in Splunk Search 08-19-2015 0 8	0	8
How to get complex transactions over two fields My transactions consist of two fields named JOBID and SUBJOBID. A typical search result contains events like JOBID=9... by lwolter Explorer in Splunk Search 08-19-2015 1 12	1	12
How to get the duration in seconds from a multiline event? I am trying to find the best way to get the duration (in seconds) on a multiline event, possibly having it captured d... by icyfeverr Path Finder in Splunk Search 08-19-2015 0 6	0	6
Parsing XML data from fields Hello, after researching a lot of information I still can not recorgnise how to solve this problem. I have an xml fil... by Kabobgub Explorer in Splunk Search 08-19-2015 1 13	1	13
How do I write the regex to properly extract all attack names from my sample Fortigate logs? Hi, I need to extract attack names from Fortigate logs. All attack logs are the same, but only a few are correctly e... by pmloikju Explorer in Splunk Search 08-19-2015 0 4	0	4
How can I search for logs from the last 24 hours in Splunk? Hi, I am trying to display logs for last 24 hrs on Splunk. My search is: index=peppol sourcetype=peppol-outbound \| ... by sunnyparmar Communicator in Splunk Search 08-19-2015 0 1	0	1
How to refer to a lookup CSV file I just uploaded in a search? Hi Everyone, I have uploaded a CSV file to the lookup table. Only one column of data is in the list. for e.g. I put ... by jackywsy Explorer in Splunk Search 08-19-2015 0 2	0	2
How to use the bin command? Hi Team, I have a field which takes values from 1 to 100. So I want use the bin command in such a way so the output ... by amarish_vlabs New Member in Splunk Search 08-19-2015 0 3	0	3
Why do the earliest and latest timechart functions produce unexpected results? In the process of trying to verify some summary index data I've noticed that timechart does not seem to return expect... by curtisb1024 Path Finder in Splunk Search 08-19-2015 2 4	2	4
How to calculate age of a file in Splunk in a search? Hi, Could somebody tell me a simple way to calculate age of a file in Splunk via search? Thanks Sunny by sunnyparmar Communicator in Splunk Search 08-19-2015 0 5	0	5
Virustotal Checker Add-on: What search syntax would I use to provide VirusTotal information about my example malware hash? I am a Splunk newbie so I am not great on all the syntax you can use for searches. Your add-on was pointed out to me... by tzack New Member in Splunk Search 08-18-2015 0 3	0	3
Rex Question rex "(?i)(?P<testERROR>(\:[^\:]*){2})$" output :test string 123:test test test123 I have to keep the the 2nd : ma... by subtrakt Contributor in Splunk Search 08-18-2015 0 6	0	6
How to extract mail logs (clearswift) and link across multiple lines Hi, I have searched and haven't really found anything to parse Clearswift mail logs. The issue is that one email ma... by lmaclean Path Finder in Splunk Search 08-18-2015 1 3	1	3
Extract value from JSON array of objects I have a JSON object that has an array inside of it. The array is a list of objects, not just a list of values. See... by AlexMcDuffMille Communicator in Splunk Search 08-18-2015 2 1	2	1