Splunk Search

Community Activity

	How to create a dashboard : timechart with base search and events limit? Hi, I have multiple panels that need to run timecharts like these: something \| table _time,A,B</query> \| search A="1"... by asafd Explorer in Splunk Search 09-27-2022 0 1	0	1
	How to plot a timechart for calculated value? Hi all,I am calculating a value from data and i want to plot it in a timechart. \| where status!="ABORTED" \| streamsta... by anooshac Communicator in Splunk Search 09-27-2022 0 7	0	7
	Stats with different bins (full time period AND 5 min intervals)- How to compare average time? I have a need to compare the average time for certain events with the 5 min bucket/bins of the same events. The idea ... by dmoberg Path Finder in Splunk Search 09-27-2022 0 4	0	4
	Checking TA usage-How do I know if a TA is used by any user? How do I know if a TA is used by any user.I have a TA laying around, and I doubt is is been used. But before removing... by zacksoft_wf Contributor in Splunk Search 09-27-2022 0 4	0	4
	Why did Splunk 9.0.1 "Fail to parse templatized search for field 'i'"? I'm trying to use the Splunk 9 addition in foreach iteration with ITEM, but it always returns "Failed to parse templa... by yuanliu SplunkTrust in Splunk Search 09-26-2022 0 3	0	3
	How to sort values(_time)? Hello everyone!i have the following search: index="xyz" "restart" \| eval _time = strftime(_time,"%F %H:%M:%S") \| ... by klischatb Path Finder in Splunk Search 09-26-2022 0 4	0	4
	How to achieve an alert for when the count is 0? I am running a query \|tstats count latest(_time) where index=abcd by host, my requirement is to create an alert when ... by bapun18 Communicator in Splunk Search 09-26-2022 0 4	0	4
	Pie Chart - How to show my own field instead of Count% ? Hi,I have this search:\| stats count by application \| eval application = case( application=="malware-detection",... by fpedrosa Engager in Splunk Search 09-26-2022 0 1	0	1
	How to get query to extract phone numbers from an event? Hi all, I'm trying to get a list of phone numbers for each event by sessionId. I can't quite figure it out. I think I... by KyleMcDougall Path Finder in Splunk Search 09-26-2022 0 3	0	3
	How to get the time difference between consecutive events of a host and then do the average of it? I am using the below search to first get the difference in time everytime I see an event which has boot timestamp in ... by vrmandadi Builder in Splunk Search 09-26-2022 0 10	0	10
	How to compare data by the same day of different weeks? Hi everyone, I am searching data in Splunk, after different steps, I have now this table: _timecountTypeMon Sep 12 ... by Julia1231 Communicator in Splunk Search 09-26-2022 0 1	0	1
	How to get column from csv file to insert in search result? Hi everyone, I use dbxquery and get this result from database: idcount12312456244786 Also I have a csv file already... by Julia1231 Communicator in Splunk Search 09-26-2022 0 3	0	3
	How to display user list with number of attachment emails daily? Hello All, I have email exchange transactional data with below fields. Looking some data with span of 1day. Like how ... by Snehraj New Member in Splunk Search 09-26-2022 0 1	0	1
	Is it possible to change the background in Classic Dashboard? Hi Community! I am trying to find a good example of setting a background image to a classic dashboard. This process ... by quietferret Loves-to-Learn in Splunk Search 09-26-2022 0 1	0	1
	How to rename a field name with curly braces by using Field Alias ? Hi I have several search where I performed renaming. Some of them are done on fied which looks likexxx.yyy{}.aaaxxx.y... by erwanlebaron Engager in Splunk Search 09-26-2022 0 2	0	2
	How to extract data from log message data using rex field=_raw? Sample data is How to extract data from log message data using rex field=_raw? Sample data isInstance Name : ABCDEFGH1Connecting to ... by AK_Splunk Explorer in Splunk Search 09-26-2022 0 5	0	5
	What would be the regular expression when using rex to match fields that end with a range of values? What would be the regular expression when using rex to match fields that end with a range of values? Sample:"var0":0,... by dzyfer Path Finder in Splunk Search 09-25-2022 0 2	0	2
	How to find and extract a json object from a json array based on other json field? Hi, I have rows that are json based. each row has a field that looks like this: { "students" : [ {"id":"123", "... by asafd Explorer in Splunk Search 09-25-2022 0 6	0	6
	Referencing a json element- how do I convert "data" into a parsed json? Hi guys, I'm trying to do something that I expected to be very simple, so I guess I'm missing something big. This is ... by asafd Explorer in Splunk Search 09-24-2022 0 2	0	2
	Help with Regex to extract values Hello Splunk Ninjas!I'm new to the group (and to the splunk) and will require your assistance with designing my regex... by napoleon182 Explorer in Splunk Search 09-24-2022 0 4	0	4
	What is the difference between maxspan and timelimit? the transaction is identified as jsessionid .the spl query to find all transactions which lasted less than 5 sec : s... by kimmyb Loves-to-Learn in Splunk Search 09-23-2022 0 5	0	5
	If i want to create a macro, do i use ' ' or dollar signs? when i was studying about macro i sometimes see that we put our arguments between ' ' and sometimes between $ ... by kimmyb Loves-to-Learn in Splunk Search 09-23-2022 0 4	0	4
	How many email triggered in a day and how to schedule a report to the user? Hi All i am using the below query and it works fine. i.e how many emails were triggered to a Distribution list in a M... by risingflight143 Explorer in Splunk Search 09-23-2022 0 7	0	7
	TimeChart round values: How to create search? I need to round the max(Delay) and avg(Delay) to 3 decimals in the following command:my search \| timechart span=5m av... by DPOIRE Path Finder in Splunk Search 09-23-2022 0 4	0	4
	How to create timechart with 4 count values? Hi, I'm new as Splunk user,I'm asking your help  I would like to create an easy dashboard with VPN datas. My search... by Dim_No Loves-to-Learn Everything in Splunk Search 09-23-2022 0 16	0	16