Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How do I plot crash rate over _time by app_name?

Hi, I am trying to plot the Crash rate over time on a graph and that has to be distributed by appname. On a high lev...

by Explorer in

How to get a percentage out of 2 queries?

I've got 2 search queries that are working for me (Thanks to @harshpatel) Query #1 returns the average # of succes...

by New Member in

regex operator in Splunk is not working to match results

I am writing a code to simply match a regex in my search to match index field which matches app1, app2, etc Howeve...

by New Member in

Can you help me do an eval for a percentage of two values in an Xyseries?

I have my derived tables | stats count by breached region | xyseries region breached count REGION NO YES US ...

by New Member in

Dropdown input panel: Search is not changing as per dropdown selection

So I created a dropdown input panel for weekwise but my search is not changing as per dropdown selection - ... ...

by Explorer in

Charting percentage of a total over time?

I'm working with some HTTP access logs that have a status code in them. Most are successful messages, naturally. I wo...

by Motivator in

playing with data II

q1- how can i get c4 where c4 will always be difference of values in c3 against first of c2 - next of c2 for example ...

by Contributor in

How to create difference of two values

Q1: How can I get c4 where c4 will always be the difference of values in c3 against max of c2 - min of c2 For exam...

by Contributor in

Calculating percentages based on counts

I'm trying to get percentages based on the number of logs per table. I want the results to look like this: Table C...

by Engager in

Using dedup to keep the oldest events

Hi all, I know that the "dedup" command returns the most recent values in time. However, I'm currently in a situat...

by Communicator in

subsearch inserts AND

My ultimate goal is to grab the srcIP and time from an event in one index, then search another index for the same src...

by Communicator in

How to create time dependent thresholds from lookup?

Hello, I have a question on using lookups in a search. I want to achieve that I have a scheduled search to compare...

by Communicator in

How to use stats to join data and avoid the use of mvexpand?

Hello, I'm joining data from two different sources, basically I have a table with 3 fields: host, source1, source2. C...

by Explorer in

How to get an average from this search?

I'm using the following search which I have working in a dashboard. "A PUT was made to OpenAAA API - Status: OK" ...

by New Member in

Comparing Field Value with last Month Value and show if different

Hi , I need help with following Log : 5th May device="devicename" policy="XYZ" BWLimit="any number" TotalBW="any n...

by Path Finder in

How to search IP with wildcard?

I want to exclude both primary and secondary IP addresses from a search. For example: src_ip!=192.50.244.10 AND...

by New Member in

Using token in query where token is evaluated in the query itself

I have the following query to be performed, where "STRING" is replaced across different queries. Is there a way to re...

by Path Finder in

How to access fields within a subsearch / Inputlookup

I cannot figure out how to use a variable to relate to a inputlookup csv field. service_tier.csv region, plan,...

by Explorer in

Special fillnull? Polulate null values with evaluated calculations

This is my code index="google_apis" source="https://www.googleapis.com/youtube" | timechart span=1h avg(subCount...

by Contributor in

Why is the same search producing different results?

First off, before I even ask, let me state that using Splunk on Splunk is not a solution for us as we are trying to p...

by Builder in

Splunk Search

Discussions

How do I plot crash rate over _time by app_name?

How to get a percentage out of 2 queries?

regex operator in Splunk is not working to match results

Can you help me do an eval for a percentage of two values in an Xyseries?

Dropdown input panel: Search is not changing as per dropdown selection

Charting percentage of a total over time?

playing with data II

How to create difference of two values

Calculating percentages based on counts

Using dedup to keep the oldest events

subsearch inserts AND

How to create time dependent thresholds from lookup?

How to use stats to join data and avoid the use of mvexpand?

How to get an average from this search?

Comparing Field Value with last Month Value and show if different

How to search IP with wildcard?

Using token in query where token is evaluated in the query itself

How to access fields within a subsearch / Inputlookup

Special fillnull? Polulate null values with evaluated calculations

Why is the same search producing different results?

Splunk Add-on for microsoft cloud services not get...

Scheduling the training set in MLTK

Automatic Lookup local=true

Error - In handler 'savedsearch': Expecting differ...

ldapfilter does not return all attributes