Splunk Search

Community Activity

Search for event field that can 'potentially' contain NULL values I have a dashboard that has input field tokens to populate a search string. These input fields default to * when no v... by kenth213 Path Finder in Splunk Search 01-14-2015 2 2	2	2
Time range of timechart changed after upgrade to version 5.0.1 Hello, I have noticed a different behaviour in Splunk 5.0.1 when comparing with Splunk 4.3.x with the timechart sear... by OL Communicator in Splunk Search 01-14-2015 0 3	0	3
How to extract tracktrace field from one search to use in another search? I have a dashboard/form which takes two field inputs to perform a search and find an appropriate tracktrace. index=my... by kenth213 Path Finder in Splunk Search 01-14-2015 0 6	0	6
how to add a sum in a top search? Hello. I have this search: * app="youtube" \| top limit=20 srcip by app showperc=f countfield=total of this log:... by liusf Explorer in Splunk Search 01-14-2015 1 4	1	4
filter inputlookup table by UI specified timerange I've been searching and experimenting for quite a while and I suspect I'm missing something simple.... I have a CSV ... by BradL Path Finder in Splunk Search 01-14-2015 1 1	1	1
Does the use of the stats command on a field clear that field's value? I'm trying to find visitors (IP addresses) to my web site that present with more than one UserAgent. (i.e., Baidu is ... by Michael Contributor in Splunk Search 01-14-2015 0 5	0	5
How to limit results with multiple group by conditions? Can the limit command be used with multiple conditions? My search query is as follows \| stats count as num by searc... by alchang Explorer in Splunk Search 01-14-2015 0 3	0	3
Lookup upload Error Hi, I have an alert set up to compare hosts with my look-up table .csv file. It was working fine in Splunk 4.3.3 bui... by aniketb Path Finder in Splunk Search 01-14-2015 0 5	0	5
Lookup Table Issues would inputs.csv be a better way to conduct this type of operation. Say i have 100 hosts comming in from my cmdb ever... by Michael_Schyma1 Contributor in Splunk Search 01-14-2015 0 5	0	5
proper format for lookup table files I'm working on defining a new lookup table. I found the tutorial and example files. http://docs.splunk.com/Documentat... by jalfrey Communicator in Splunk Search 01-14-2015 5 10	5	10
How to calculate the average from the result of the range function? Hello, I am looking for a way to calculate the avg from the result of the range function. Here is the simple base sea... by carlpier Explorer in Splunk Search 01-14-2015 0 6	0	6
Why regex created with the Field Extractor utility is not working when used in a search? Field extractor created a regex that when I use as a search string doesn't work. The search string is: index=myindex... by jwalzerpitt Influencer in Splunk Search 01-14-2015 0 7	0	7
Suggestions on calculating reduction rates over a period of time I am new to Splunk and need guidance on writing a generic search that will give me the percent increase over a two mo... by jjones31 New Member in Splunk Search 01-13-2015 0 3	0	3
Bug in spath ? Not recovering every fields Hi have a query, that try to get all the fields from an xml doc. For some reason, spath seems to ignore some of the ... by sbsbb Builder in Splunk Search 01-13-2015 0 2	0	2
How do I search using an evaluated numeric field index=xxx event="NEAT-IN" platform=apns \|eval epochT=relative_time(now(), "-2d@d") \| eval day= strftime(epochT,"%d"... by arungeorge09 Path Finder in Splunk Search 01-13-2015 0 6	0	6
How to find the difference between two fields of two searches from two different times? Hi, I would like to have the difference between two fields at two different times. So, what am I supposed to use? ev... by Yann_T Path Finder in Splunk Search 01-13-2015 1 1	1	1
How find hosts that are missing a particular sourcetype My windows hosts should have 'WinEventLog:Security' and Script:InstalledUpdates. How can I search for hosts that hav... by omgwut56k Path Finder in Splunk Search 01-13-2015 1 2	1	2
How to Bump a List with Data in Splunk to Get a Match Hi All, I have a list of invoice numbers that I want to try and find data for in Splunk. I added the list in a CSV ... by _gkollias Builder in Splunk Search 01-13-2015 0 2	0	2
Does anyone know how to use the highlight command to highlight strings in a table, not just raw events? Any idea on how to use the highlight command to highlight strings that are in a table? It only appears to work when l... by agodoy Communicator in Splunk Search 01-13-2015 0 2	0	2
How to translate a numeric field name into a readable name to use in a search? I have a file that is indexed regulary, with several data in one line: "245614":"0","245615":"1","245616":"1","2456... by andreklug Explorer in Splunk Search 01-13-2015 0 8	0	8
How to write stats query to find top 20 count records based on zipcode and split by gender? Can you please tell us how to write stats query for this case? We have columns: zipcode gender 07809 f 07809... by dhavamanis Builder in Splunk Search 01-12-2015 1 2	1	2
Search for host name where hostname is not an IP When I use the \| metadata type=hosts I see all my servers as well as network equipment that have host as the IP of th... by hartfoml Motivator in Splunk Search 01-12-2015 0 2	0	2
How to join two events in the same index for comparison purposes? Hello Spelunkers, I have a Splunk query problem that I can't seem to solve. index=prod-web-apps sourcetype=csv-emai... by eezewski New Member in Splunk Search 01-12-2015 0 3	0	3
How to get values after the last / Hi, After using search command I got the following output for XYZ field /mrIWeb/Images/SE/2.1/lib/qstudio/qcreator/... by Laya123 Communicator in Splunk Search 01-12-2015 0 9	0	9
Need help merging 2 stats outputs to one chart to get a total bytes count over time per source and destination Here is what the code looks like separate, (my search) \| stats sum(bytes) by src_ip \| sort 5 -bytes and (my sea... by fonteca New Member in Splunk Search 01-12-2015 0 4	0	4