Splunk Search

Community Activity

	Stats - Why isn't Splunk converting _time to Human readable format Hello,I have the below search <base search>.. \|stats values(Source) as Source count min(_time) as firstTime max(_ti... by neerajs_81 Builder in Splunk Search 05-08-2022 0 3	0	3
	How to calculate age of event? Hi I have for each event the open_time and update_time, I want to calculate the age of the event, like: open_time ... by ednk Explorer in Splunk Search 05-08-2022 0 3	0	3
	How does the cluster command work? hi how exactly cluster commad work?I have lots of unstructured data that has different key and value, how splunk dete... by indeed_2000 Motivator in Splunk Search 05-07-2022 0 0	0	0
	How to trim information from search output? Hi, I am having the following query: index=* sourcetype=CustomAccessLog \| table "host", "source" The output is: h... by jugarugabi Path Finder in Splunk Search 05-06-2022 0 2	0	2
	Why the error when trying to search? Hello, everyone! I get error "WARN: Search filters specified using splunk_server/splunk_server_group do not match any... by bosseres Contributor in Splunk Search 05-06-2022 0 1	0	1
	How to monitor logs from Different Time Zones? Hello Splunkers! Initially I added the monitor stanza for all the inputs from various time zones and then when I had ... by sarahnazzar Explorer in Splunk Search 05-06-2022 0 4	0	4
	(How) are fields stored in splunk in an index when extracted during ingest? Hi, Am quite new to splunk, and coming from Elasticsearch, so my knowledge is biased. However I did notice that Elast... by ericvdhout Path Finder in Splunk Search 05-06-2022 0 14	0	14
	How to add a + or - sign before percent? hi i add a + or a - sign before a percent result like this \| eval perc=if(s<2,"-","+").round((s/2)*100,1). "% " ... by jip31 Motivator in Splunk Search 05-06-2022 0 1	0	1
	Show all fields for a list of sources and show 1 for fields that have values, 0 for the fields that have no value Dear community, I am using this community since years, so far I've found everything I needed. Now I am stuck!!! I am ... by lost_alex Observer in Splunk Search 05-06-2022 0 2	0	2
	How to view multiple lookups Hi Team,I am trying to take the backup of lookups using search head console and for the same I have tried two ways.a)... by spl10 Explorer in Splunk Search 05-06-2022 0 2	0	2
	Duration, Average , max, min response Time 2 events : request and response and unique id which binds this transaction. I have issue where i have to calculate t... by BT Path Finder in Splunk Search 05-06-2022 0 5	0	5
	Help with regex on string with multiple number values Hi all need help getting the trailing number from a field in a search. Examples of the fieldid = bdf73ad5-4499-4f70-b... by morgantay96 Path Finder in Splunk Search 05-05-2022 0 3	0	3
	How to sum time duration from value format "1d hh:mm:ss"? hi am newbie I have a duration time value with the format "1d hh:mm:ss"but I haven't gotten a thread that discusses s... by trengginas Engager in Splunk Search 05-05-2022 0 2	0	2
	How to write this Splunk Query for alert? hi,Can someone help to correct the query provided below which will send alert if detected a STOPPED status for 3 cons... by jakeoftrades Explorer in Splunk Search 05-05-2022 0 11	0	11
	Best way to extract _raw to a host OS of a SH programatically We have a 3rd party pulling AWS logs as far back as AWS holds onto logs. However, we want to be able to go back furth... by cybersecnutant Explorer in Splunk Search 05-05-2022 0 1	0	1
	Can a report be created using metadata/any other data to list all the fields that are available by index and sourcetype? Is there a way to create a report using metadata or any other data to list all the fields that are available by index... by PatelAshish83 Engager in Splunk Search 05-05-2022 0 5	0	5
	Missing transaction caused by multisearch / subsearch Hi allI have a riddle. Query A and query B does not collect the same events and I don’t understand why.Query A) resul... by p4085f9 Engager in Splunk Search 05-05-2022 0 2	0	2
	How to do Conditional Searches? Is there a way to do a search like this; If Eventid=1111 only do these statements elseif Eventid=2222 only d... by secphilomath New Member in Splunk Search 05-05-2022 0 3	0	3
	How to add a column that sums values while keeping the values column Hello I have data that looks like this : Name \| Type \| Value ------------------------------------------ Name1 \| Type... by Newser703 Explorer in Splunk Search 05-05-2022 0 1	0	1
	How to add totals to xyseries table? We are working to enhance our potential bot-traffic blocking and would like to see every IP that has hit AWS cloudfro... by swengroeneveld Explorer in Splunk Search 05-05-2022 0 2	0	2
	How to create a search for response time to be calculated? I have 2 events 1) request event 2) response event I need response time to be calculated (i.e) request event time - r... by VijaySrrie Builder in Splunk Search 05-05-2022 0 6	0	6
	How to create a search to combine inputlookup and search? Hi, I want to compare the count of calls obtained in a day with the target in lookup csv, for example: input csv: hea... by doniv Loves-to-Learn Lots in Splunk Search 05-05-2022 0 6	0	6
	How to convert the 24hrs time to 12hrs time and show the difference in -ve sign indication? i have the 2 values let's sayexpected time= 6:00:00completion time= 08:32:44and the expected output should be the dif... by srujana96 Explorer in Splunk Search 05-04-2022 0 2	0	2
	How to use single value comparison with trend arrow in splunk? I am preparing a SNOW incident trend which should showcase the percentage of tickets reduced/increased in current mon... by sanjubaba Path Finder in Splunk Search 05-04-2022 0 1	0	1
	publish yesterday's data from today's date I want to get QID list from yesterday’s published data. For that I'm using PUBLISHED_DATETIME field with yesterday’s... by martin61 Engager in Splunk Search 05-04-2022 0 1	0	1