Splunk Search

Community Activity

How to chart sum(value) by date ? Hi, I got some raw data like : Backup-ID: host1.domain.fr_1 Fragment Size (KB): 4425792 Expires: ... by afourdraine New Member in Splunk Search 08-01-2015 0 3	0	3
How to calculate the percentage change over a month based on delta? hi all, I want a new column which calculates the percentage change over a month. In the below snapshot, the change r... by hqw Path Finder in Splunk Search 08-01-2015 0 1	0	1
How to convert a date field with values as the number of days counting from the year 2000 to a dd/mm/yy format? Hello, I'm currently doing a school project which requires me to monitor a database file using Splunk. However, the... by p2splunk2015 New Member in Splunk Search 07-31-2015 0 4	0	4
blacklist matching issues The documentation says: If you want Splunk to ignore entire directories beneath a monitor input refer to this exampl... by lrhazi Path Finder in Splunk Search 07-31-2015 0 2	0	2
What is the difference between "search terms" and "fully qualified query string"? #SPLUNK_ARG_0 Script name #SPLUNK_ARG_1 Number of events returned #SPLUNK_ARG_2 Search terms #SPLUNK_ARG_3 Fully qual... by abour Explorer in Splunk Search 07-31-2015 0 1	0	1
sum of 2 possible fields The search result looks like this <date>, COUNT_SENT=20, SUM_AMOUNT=50000 <date>, COUNT_RECEIVED=30, SUM_AMOUNT=10000... by lanilim16 Explorer in Splunk Search 07-31-2015 0 3	0	3
Get percentage between two graph lines over time I have two numbers that I am trying to get a percentage out of. One number is a count of total IPs. The other is a co... by jizzmaster Path Finder in Splunk Search 07-31-2015 0 2	0	2
when executing an external lookup, does splunk execute it on all nodes or just on the search head? I have a set of log data that contains user_ids, and want to do a lookup to resolve the user_id to an email address. ... by whisperstream Explorer in Splunk Search 07-31-2015 0 2	0	2
How I do identify all splunk components based off of the _internal index? Using the internal index, is there a way for me to find out errors being thrown from the different splunk components? by splunkDude2015 Explorer in Splunk Search 07-31-2015 0 2	0	2
How to merge events that are +/- 2 minutes apart into one single event using Transaction or Stats. I have the following table and even if some of the events don’t indicate the same minute, they are part of the same i... by cedmarjls32 New Member in Splunk Search 07-31-2015 0 1	0	1
How to display requests_currently_being_processed = (number) ? Hi guys, So today I am trying to graph "requests_currently_being_processed" by server by time- over 1 hour period. ... by splunkman341 Communicator in Splunk Search 07-31-2015 0 4	0	4
Adding a percentage Failure column to a table from a chart command I have the following search. index=ko_autosys sourcetype=autosys_applog_scheduler_events host="usatlb98" OR host="u... by zd00191 Communicator in Splunk Search 07-31-2015 0 3	0	3
Is it possible to search the modified date/time of a file? Is it possible to get the modified date/time of a file in search? The search below shows the time based on events and... by rmsagar Engager in Splunk Search 07-31-2015 0 3	0	3
db connect host? Hi, I want to pull in data from an Oracle database via db connect. I'm looking for some general guidance. I want to ... by a212830 Champion in Splunk Search 07-31-2015 0 4	0	4
How to create a dynamic table based on one search result? Hello, I'm building a line graph with a field with "UsedSpaceGB" from the year 2009 until now so I can see the growt... by outofheapspace Explorer in Splunk Search 07-31-2015 0 3	0	3
Why am I getting zero results with my stats distinct count search? Hi I wonder whether someone can help me please. I'm using the code below to run a search which works fine. index=... by IRHM73 Motivator in Splunk Search 07-31-2015 0 6	0	6
inputs.conf wildcards and whitelist question i would like to monitor the following in different sourcetypes, but doesnt seem to get the whitelist correct there wi... by minthu New Member in Splunk Search 07-30-2015 0 2	0	2
multi pattern string calculation on fields and count the fields value too I have log coming in this format. this value is dynamic and keep changing in terms of Form and numbers Counts=[100A=1... by sumitnagal Path Finder in Splunk Search 07-30-2015 0 1	0	1
How do I write a search to join these two lines of data and output results in a table with three columns? Hi Splunk heads, Can you please help me with a really tricky search? I am trying to join the following two lines tha... by Fergal111 Path Finder in Splunk Search 07-30-2015 1 9	1	9
Why is my rex command not extracting the field from my data? Hi, My rex is not giving any results. I want to extract "XXX" from the below highlighted area. I used rex field=... by Laya123 Communicator in Splunk Search 07-30-2015 0 9	0	9
How to get a sparkline to run on a different time span? I am wondering if it is possible to have a sparkline run on a different time span instead of the 15 minutes that I ha... by syx093 Communicator in Splunk Search 07-30-2015 0 2	0	2
How can I cache search results to avoid data recalculation? Hi, I have a dashboard with parameterized search (it takes three arguments from timepicker and dropdowns) that takes ... by RiccardoV Communicator in Splunk Search 07-30-2015 0 6	0	6
How to extract more number of strings under the same field name? my event is - "common.exceptions.CommandFailedAtServerException: concurrent.ExecutionException: common.SocketPoolEx... by Madhan45 Path Finder in Splunk Search 07-30-2015 0 6	0	6
How to sort chart columns where the column headers are field values? I have the following search. index=ko_autosys sourcetype=autosys_applog_scheduler_events host="usatlb98" OR host="u... by zd00191 Communicator in Splunk Search 07-30-2015 0 1	0	1
How do I customize the bar colors for my dashboard bar chart? Hi all, May i know if there is any way to change the colors of the bars in this screenshot? I want the grey part to ... by hqw Path Finder in Splunk Search 07-30-2015 4 4	4	4