Splunk Search

Community Activity

How to calculate statistical outliers over a 90d@h sliding window? Scenario:We have a data source of interest that we wish to analyze.The data source is hourly host activity events.An ... by Glasses Builder in Splunk Search 05-03-2022 1 4	1	4
How to get eventstats count with dynamic parameter? Hello! I would like to count from a field based on another field.I have a events with following 2 fields (Doors_Orde... by Kislac Engager in Splunk Search 05-03-2022 0 1	0	1
Search, use the same results for two different sub searches, then merge the results and chart them I would like to narrow down my results and rename a few fields using an initial search, let's call these results A.Th... by rpecka Explorer in Splunk Search 05-03-2022 0 3	0	3
Application Logging: Select events that don't have certain values, not exclude- but never had those events I have a .net core application that logs various events with properties (WorkItem, EventName, etc).I need to query Wo... by charbaugh77 Explorer in Splunk Search 05-03-2022 0 9	0	9
How to chart the number of occurrences including its respective threshold for each host and each eventtype? Hi everybody, I have the following problem and cannot seem to be able to wrap my head around it: I have a bunch of ev... by zapping575 Path Finder in Splunk Search 05-03-2022 0 4	0	4
Why is index not populating? User of splunk attempted a search of index="os" It returns nothing after Dec 23. (Yes this went unnoticed for this lo... by JeffPoretsky Loves-to-Learn in Splunk Search 05-03-2022 0 13	0	13
How to set width for entire table? Hello, i was actually hoping that would be rather straight forward. I can set width for panels, inputs, single char... by Software-Simian Path Finder in Splunk Search 05-03-2022 0 0	0	0
How to display warning based on SPL? Is there a way of showing a warning to the user based on their SPL. My use case is that users should not generally se... by jonaclough Path Finder in Splunk Search 05-03-2022 0 2	0	2
How can we use if else case condition in case of NaN, so that I can use now() in case of NaN? while searching through all time in filter drop down, i am getting NaN value for "$tokLatest$", I don't know why it... by dkssingh2005 Explorer in Splunk Search 05-03-2022 0 2	0	2
How to break down multiple values into new columns dynamically? I have column with Multiple Values separated by new line character Type is the column ID Type Type_A 01... by vijay_k Engager in Splunk Search 05-03-2022 0 1	0	1
How to mvfilter() the results of mvappend()? I have several fields I want to lump into 1 multivalue field and remove blanks. At the start of an event, there are u... by woodams Explorer in Splunk Search 05-03-2022 0 1	0	1
How to reference same field name from 2 different indexes when correlating ? Hi All,I need to correlate data from 2 different Indexes wherein the field name is common. Index=idx1 ( This index ... by neerajs_81 Builder in Splunk Search 05-02-2022 0 7	0	7
How to dynamically subtract two last column values? Hi, have SPL that generates months of data. I want subtract just the last two columns. The fields will change month ... by chrisboy68 Contributor in Splunk Search 05-02-2022 0 2	0	2
How to change the order of display of column in stats which is grouped by "count by"? Hi all, My query has, .... \| stats latest(time) as recent_event,latest(key) as recent_key, count by field1,field2 and... by manimuthu Loves-to-Learn Everything in Splunk Search 05-02-2022 0 5	0	5
Group events happened at the exact same time and search in the results Hello Everyone,I'm trying to analyze data from a jboss server, http request and respons dumps. An "event" in the Jbo... by miberecz Loves-to-Learn in Splunk Search 05-02-2022 0 2	0	2
New to splunk, need help finding search. Can not find main app search by gilbert3 Engager in Splunk Search 05-02-2022 0 4	0	4
With 10 blocks of lines, what is the Splunk command to get only 3 line where line starts from keyword ERROR? Block: 2022-02-14 02:30:00,046 [Worker-3] DEBUG User job started2022-02-14 02:30:00,063 [Worker-3] DEBUG Calling impo... by anitha123gnana Loves-to-Learn Lots in Splunk Search 05-02-2022 0 12	0	12
I have a problem completing training Hi this is what appears to me when I try to complete the training:Denied PersonDue to U.S. export compliance requirem... by AHAD_ABDULLAH Observer in Splunk Search 05-02-2022 0 2	0	2
How to compare the values with the time and host? Team,I am having a query which would result as below. _timeHostNameversion3/2/2022 15:22:04 PM3car2483/1/2022 15:21... by Anud Path Finder in Splunk Search 05-01-2022 0 6	0	6
Could someone help on transpose command? hello I transpose events like this \| eval time=strftime(_time,"%H:%M") \| sort time \| fields - _time _span _orig... by jip31 Motivator in Splunk Search 05-01-2022 0 12	0	12
Why the field is shown by extraction of another field but not found by search? Hi, as I create an extraction field with regex, the field match is shown correct. I can check the regex on https://re... by alval New Member in Splunk Search 05-01-2022 0 1	0	1
How to match a sequence of events in Splunk? Hello,My SPL expertise are limited. I'm trying to write a search which matches a sequence of events.I'm working with ... by BlueTeam77 New Member in Splunk Search 05-01-2022 0 1	0	1
How can I find values present in one table but not in other without subsearch? I have to prepare reporting dashboards in Splunk for which I used this query until now: field1=GTIN_RECEIVED field2... by bhavyajain Engager in Splunk Search 04-30-2022 0 2	0	2
How to add + or - before a percentage? hello I use the search below in order to calculate a percentage But I need to add + if s > s2 and - if s2 < s How to ... by jip31 Motivator in Splunk Search 04-30-2022 0 4	0	4
How can I rename items with SPL query? Hello Splunkers, How can i rename all the OrderNumber1, OrderNumber2, OrderNumber3 as OrderNumber. And Country1, Coun... by uagraw01 Motivator in Splunk Search 04-30-2022 0 6	0	6