Splunk Search

Community Activity

How to write search to find error percentage for each group? My data looks as follows: host col2 ---- ---- A SUCCESS A ERROR B ERROR B SUCCESS B SUCCESS C ERROR Here ... by kimberlytrayson Path Finder in Splunk Search 08-30-2022 0 1	0	1
How to write correlation search to show these alerts? Hi Community, I have these alerts on EDR and I want to create a correlation search to show these alerts on the Splu... by m_khatibo88 New Member in Splunk Search 08-30-2022 0 1	0	1
How to display field value into column? status=Auto, Manual car= BMW, Honda, Audi index * \| stats count(status) as Total by car Is there anyway I can get the... by Khuzair81 Path Finder in Splunk Search 08-29-2022 0 2	0	2
How do list multiple sources in a query: sourcetype=xml source="/wealthsuite/tti/current/"? How do list multiple sources in a query: sourcetype=xml source="/wealthsuite/tti/current/"? by mcristinzio New Member in Splunk Search 08-29-2022 0 3	0	3
How do I change the title text on the tabs from default text to a custom text? I want to change the title text on the tabs from, for example, "Login\|Splunk" or "Dashboards \| Splunk 7.1.2" to a tex... by sh254087 Communicator in Splunk Search 08-29-2022 0 4	0	4
Formalizing MAC address to XX:XX:XX:XX:XX:XX format I was searing for a simple way to convert all types of mac address to "more" standard format. Found various solution... by jotne Builder in Splunk Search 08-29-2022 1 0	1	0
How to create a search for BST ( British Summer Time) Search Time Interval Change? Hi I have a SPL query that needs to adjust at search time when we are falling in and out of BST. During BST, the se... by djcascione Explorer in Splunk Search 08-29-2022 0 7	0	7
How can I rename the value of the policy name from = to "contains"? How can i rename the value of the policy name from = to "contains". Instead of saying "index=tenable* sourcetype="*"... by marceldera Explorer in Splunk Search 08-29-2022 0 1	0	1
Is there a way in Splunk to compare and find delta of the duration from the previous runs? Hi All, We are generating a log that records in and out timestamp in epoch for a specific set of transactions and we ... by maniishpawar Path Finder in Splunk Search 08-29-2022 0 3	0	3
How to count number of values in multi-valued field , dynamically? <input type="multiselect" token="product_token" searchWhenChanged="true"><label>Product types</label><choice value="*... by vijay_k Engager in Splunk Search 08-29-2022 0 5	0	5
How to force the display of a value when the search is empty? Hello community, I have a problem with a search that does not return a result. For the purposes of a dashboard, I nee... by Rajaion Path Finder in Splunk Search 08-29-2022 0 2	0	2
Re-order table columns with dynamic names? Hello, I have a chart with dynamic field names displayed as table and would like to change the order of the columns: ... by mspoerr Path Finder in Splunk Search 08-28-2022 0 3	0	3
How to extract cancelled transactions from logs? I'm looking at events and I'm trying to determine which files are not "deleted" from the folder on a server after fi... by syed Observer in Splunk Search 08-28-2022 0 6	0	6
How to normalize MAC address format? We have different log sources that may format the MAC address as: af:af:af:af:af:af af-af-af-af-af-af af.af.a... by jeff Contributor in Splunk Search 08-28-2022 0 9	0	9
How to create a new field based on existing fields? Hi, how can I combine two fields (2.1 and 2.2) into one field (Main calculation) I have a table : I would like to... by Edwin1471 Path Finder in Splunk Search 08-28-2022 0 3	0	3
How to transform a table? Hi, How can I transform a table, so that the result would look something like this by Edwin1471 Path Finder in Splunk Search 08-27-2022 0 4	0	4
Unable to render the dropdown value in the search for the 1st time? I have a dashboard that gets its base query from a dropdown option and that to run that base query takes the values f... by MT New Member in Splunk Search 08-27-2022 0 1	0	1
How to sort contiguous _time into discreet sets? I'm trying to collapse a of data into earliest/lastest by _time, with the time is contiguous. Such as: 2022-08-27 07... by timgren Path Finder in Splunk Search 08-27-2022 0 2	0	2
How do I get two fileds "ip numbers" in an timechart? Hi all,How do I get two fileds "ip numbers" in an timechart?I tried the aggregate fileds, but show up wrong in my vis... by janroc Explorer in Splunk Search 08-27-2022 0 7	0	7
How to merge two searches without losing main search data? Hi, I am having some troubles to merge two searches and I am looking for the best way to do this. We have firewall tr... by jeremyrenard Explorer in Splunk Search 08-27-2022 0 5	0	5
Configuration Files in Default and Local App folders: How to create three sourcetypes? Hello, I have one data source and getting feed through the inputs.conf file located under default folder and it is cu... by SplunkDash Motivator in Splunk Search 08-27-2022 0 4	0	4
charting.fieldColors option doesn't seem to work when fields have a colon in the name? Hi, I have a graph which is produced by this timechart command: timechart max(duration) as TPS_MAX, sum(par_new_du... by johnraftery Communicator in Splunk Search 08-26-2022 0 5	0	5
How to save memory and ignore table row where column value is less than x? I may use a search similar to this: index=mock_index source=mock_source\| eval event = _raw\| stats count as frequency ... by firstname Explorer in Splunk Search 08-26-2022 0 3	0	3
How to search for an event that doesn't have a response after 30 minutes? I have two separate logs ( Request.log, and Response.log ). Events from App1 will be recorded in Request.log. Event... by ramana4u Explorer in Splunk Search 08-26-2022 0 5	0	5
Help with SEDCMD props.conf Hello. I am in problem. I have log like this. 1.example.log 2022/08/24 12:04:00,ExampreA,"xxx"xx"xxx"xxxx"xxx"xxxx... by hayashi_ayr728 Engager in Splunk Search 08-26-2022 0 1	0	1