Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
Lowell

Can one scheduled saved search trigger another saved search?

Is is possible to setup an alerting condition on a scheduled saved search what would turn around and launch another s...
by Lowell Super Champion in Splunk Search 07-23-2015
7 6
7
6
egrignon

Report hourly max count events per day over a month

Hello, I m trying to get the hour per day which gets the most hits on my application over a month but having some is...
by egrignon Explorer in Splunk Search 07-22-2015
2 9
2
9
curtisb1024

How do I maintain multivalue fields in a steaming custom command?

I'm working on a streaming custom command that converts a field containing binary to a multivalue field of the binary...
by curtisb1024 Path Finder in Splunk Search 07-22-2015
1 1
1
1
minkyuk

I have a table created for a report, but how do I delete the first two rows of the chart since they contain no data?

Hello, I have a table I created for a report. However, I'm trying to find a way to get rid of the first two rows of ...
by minkyuk Explorer in Splunk Search 07-22-2015
0 2
0
2
jfeitosa

How to do search for medium-sized events in splunk?

I would like some help from you to do a search for medium-sized events in splunk? Please help me. Tks.
by jfeitosa Path Finder in Splunk Search 07-22-2015
0 4
0
4
edrivera3

Why am I getting "no results found" trying to display a pie chart with my current code?

Hi I am trying to display a pie chart in a Splunk app using the below code, but I received the message: no results a...
by edrivera3 Builder in Splunk Search 07-22-2015
0 5
0
5
abour

How do I search specified fields with the same keyword list without searching the entire index?

Assume Splunk is indexing a bunch of structured JSON data and a keyword search such as "foo" OR "bar". Now I want to...
by abour Explorer in Splunk Search 07-22-2015
2 9
2
9
ohlafl

eval case like only populates first row of evaluated field

I have the following query: city=* store=* | stats values(store) by city | eval Role=case(store LIKE "%frt%", "FT",...
by ohlafl Communicator in Splunk Search 07-22-2015
1 9
1
9
ohlafl

Alter query based on value of a field within the query itself

So I have a query that needs to change based on the value of a field witihin that query. This is the "original" quer...
by ohlafl Communicator in Splunk Search 07-22-2015
1 6
1
6
pgadhari

How to place a heatmap or highlight the table cell with the highest value in the search result?

My search output contains following table data - Name of the Region, % tickets resolved by L1, and % tickets resolved...
by pgadhari Builder in Splunk Search 07-22-2015
0 2
0
2
actanzhang

How to search which monitored log files caused me to exceed my Splunk Light 500MB license limit?

I am using Splunk light and have a <500 MB indexed file license limit. I am using 5 universal forwarders which are al...
by actanzhang Explorer in Splunk Search 07-22-2015
1 4
1
4
isedrof

How to search string in a field ?

Hello, i have a 2 lists of clients, the 1st one is "All_Client.csv" which is in a saved like an index and the 2nd i...
by isedrof Engager in Splunk Search 07-22-2015
0 4
0
4
Amohlmann

Is there a streamstats function that will show a running result of each value in a row being multiplied by the result above?

I have a search that returns the survival rate over time. For instance: Time SurvivalRate 1 ...
by Amohlmann Communicator in Splunk Search 07-22-2015
0 5
0
5
IRHM73

How to combine multiple rex expressions and rename the field for an eval expression?

Hi, I wonder if someone could help me please. I'm currently using the following to extract certain fields contained ...
by IRHM73 Motivator in Splunk Search 07-21-2015
0 38
0
38
alwang34

Why is a string value being truncated in my search results?

When I enter a search for my field errorMsg. My results show: errorMsg="Operation failed due to an unknown error". ...
by alwang34 New Member in Splunk Search 07-21-2015
0 1
0
1
ahogbin

How to edit my regex to extract a variable string that may have either dashes or spaces?

Hello, I am trying to put together a regex to extract a string. The issue I have is that the string sometimes contai...
by ahogbin Communicator in Splunk Search 07-21-2015
0 4
0
4
isedrof

How to compare two log files

Hello everybody, I'm working on two log files. The first one 'Collab.csv' seems to be like: user_name compan...
by isedrof Engager in Splunk Search 07-21-2015
0 10
0
10
ben_leung

Is it possible to overlap 2 search results and combine them without common fields?

index=main "string" | timechart count by field_1 index=main sourcetype=certain_logs action=certain_action | timechart...
by ben_leung Builder in Splunk Search 07-21-2015
0 3
0
3
mfrost8

A user uploaded a CSV file and is able to search it with the lookup command, but why is he unable to view the lookup file in Splunk Web?

Hi. I have a user here who has uploaded a lookup CSV file into $SPLUNK_HOME/etc/apps/<APP>/lookups. What's odd i...
by mfrost8 Builder in Splunk Search 07-21-2015
0 3
0
3
lyndac

Need to use top-like useother functionality with chart command.

I have some json data that was indexed with sourcetype=_json. There is one field in the json that is an array. I ne...
by lyndac Contributor in Splunk Search 07-21-2015
0 2
0
2
rbw78

Color in a table based on values

Hello I try to modify text color in a table based on a field value. Here's the table i display. ScanName ...
by rbw78 Communicator in Splunk Search 07-21-2015
2 16
2
16
hortonew

Using sendemail and pulling the body field from a lookup table, how can I include a line break in the lookup to format the email dynamically?

Example search: | sendemail to=$result.to$ subject=$result.subject$ message=$result.body$ I'm currently pulling th...
by hortonew Builder in Splunk Search 07-21-2015
0 4
0
4
ewanbrown

Is there a way to limit the number of events included in the search result per user?

I have some data, which includes a user id. I can count the number of pageviews, and also the number of unique users...
by ewanbrown Path Finder in Splunk Search 07-21-2015
0 2
0
2
skoelpin

How To Add a Search Box in Dashboard/Form?

I currently have a dashboard which shows the IP Address | Web Request | Browser | JSession Count I want to create a ...
by SplunkTrust SplunkTrust in Splunk Search 07-21-2015
0 7
0
7
Amohlmann

How to get a stats sum of a column available in every row?

I am creating a simple stats search. I am trying to work out that chance that a part will die over time. I consider a...
by Amohlmann Communicator in Splunk Search 07-20-2015
0 5
0
5
Top Labels
Get Updates on the Splunk Community!

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...
Top Solution Authors
View All