Splunk Search

Community Activity

	How to create a search that finds the average of the last three bins? I have an search where I need to find the average of the last three bins. Example: On my time filter I select an rang... by kishan2356 Explorer in Splunk Search 04-05-2022 0 1	0	1
	How to rename the sourcetype without involving our vendor at the point of ingest so that I can perform field extraction? We have a cloud instance of Splunk and a vendor whose forwarders we do not control sending data to our instance. I am... by ekolseth Loves-to-Learn in Splunk Search 04-05-2022 0 1	0	1
	Why is TimeChart assigning values from spanned table? Hello All, I have a really simple search, while it works, I'd like to do some operations on that data: index=xxxx... by michaelhaedt Explorer in Splunk Search 04-05-2022 0 7	0	7
	Why isn't iplocation report providing the city, country under statistics? hello all, I am trying to figure out why my iplocation report isnt providing the city,country under statistics. Below... by tkerr1357 Path Finder in Splunk Search 04-05-2022 0 2	0	2
	Splunk function or query which will convert event timestamp field "timestamp" to local timestamp Looking splunk function or query to change timestamp of "_time" field in local timestamp.when we present statistical... by Abhineet Loves-to-Learn Everything in Splunk Search 04-05-2022 0 1	0	1
	Why my subsearch is not working? I am parsing logs using splunk and there are two types of logs :1. API endpoint info and user ID2. Logs which contain... by user9025 Path Finder in Splunk Search 04-05-2022 0 5	0	5
	How to run a second command inside the if statment I have a value that could be N/A or a number. The issue is when it is a number, splunk is not picking it up as one.So... by robertlynch2020 Influencer in Splunk Search 04-05-2022 0 2	0	2
	Why are stats or tstats latest not working on array fields? I have events like these (just some made-up data), that are pushed in JSON format to Splunk: {"name":"abc", "gr... by shikhanshua Explorer in Splunk Search 04-05-2022 0 3	0	3
	How to extract error codes coming within single event? I have an event which contains error reason codes of failed records . I have to extract these reason codes and get a... by pradeepkm Explorer in Splunk Search 04-05-2022 0 5	0	5
	How to represent a 1 row data in a tabular/matrix format? I have this search query which will return a single row of data- index=xyz \| search accountID="1234" instanceName="ab... by sh254087 Communicator in Splunk Search 04-05-2022 0 2	0	2
	How to incorporate a lookup in search but with wild card? Hello all,I have a lookup table which contains a list of URL we want to search in splunk, but instead of searching th... by intrach Explorer in Splunk Search 04-05-2022 0 5	0	5
	How to compare multiple value in lookup to single value in index? HI all, I have lookup table with 5 colon that contains IPs I want to create a search that exclude the IPs from my res... by Shakira1 Explorer in Splunk Search 04-05-2022 0 20	0	20
	How we can extract Windows Event description instead of Raw data which only give info of Event ID? How we can extract Windows Event description instead of Raw data which only give info of Event ID..Is it possible t... by afraanajam Loves-to-Learn Everything in Splunk Search 04-05-2022 0 5	0	5
	How to Add Total along with Percentage in result? I am calculating percentage for each https status code. But i also would like to display the total number of requests... by smrutiphadke Engager in Splunk Search 04-05-2022 0 2	0	2
	How to improve search performance with join alternative? Query frequently times out due to subsearch time limit I have a query that frequently times out due to the subsearch time limit. I'd like to improve it's performance but I'... by JackNY07 Explorer in Splunk Search 04-04-2022 0 3	0	3
	How to pivot from tstats data to a regular search? I don't know what the best way to word the subject, so if anyone has a better recommendation after reading my questio... by redhonda03_2 Engager in Splunk Search 04-04-2022 0 1	0	1
	How to search Eval field to get total count and plot the chart? We want to get the number of successful login, multiple successful login, multi-fail logins and also number the of h... by anu1729 Loves-to-Learn Lots in Splunk Search 04-04-2022 0 10	0	10
	How to count distinct items in nested fields? Hi! I can't seem to figure out how to get a count of each operation in a document like below: { [-] request_id: 1... by aj_54321 Explorer in Splunk Search 04-04-2022 0 8	0	8
	How to give matching fields the same number ? Hello, I have data that look like this :Month Key Value Number ------------------------------ Jan Key1 ... by Newser703 Explorer in Splunk Search 04-04-2022 0 1	0	1
	How to filter a multivalue field using a subsearch? I found a close answer to what I'm looking for here:https://community.splunk.com/t5/Splunk-Search/Why-cant-i-supply-a... by chrids Explorer in Splunk Search 04-04-2022 0 4	0	4
	How do I exclude events based on lookup file contents? I have a lookup file that has 5 columns. Those are src_ip, dest_ip, dest_port, signature and active. src_ip has 18 v... by bt149 Path Finder in Splunk Search 04-03-2022 0 4	0	4
	How to join 2 tables by field and closest table2 _time before table1 _time? Hello, Let's say I have the following tables index=events _timeevent_idip index=connections _timeip_addressuser Whe... by warlitos Explorer in Splunk Search 04-03-2022 0 5	0	5
	How to join with multiple matches? Im trying to join the correct source hostname to my Event from where a RDP Connection was innitiated.Since the Event ... by Hendrik2509 Engager in Splunk Search 04-03-2022 0 4	0	4
	Why is table listing not in reverse _time order? If I do an index search, raw events are listed in reverse _time order, which is often also the reverse _indextime ord... by yuanliu SplunkTrust in Splunk Search 04-03-2022 0 6	0	6
	How to use bonnie++ results to calculate IOPS? Hello, I have install bonnie++ Ver 1.03e on Ubuntu 20.04.4, try to run Command bonnie++ , attached please fine the... by NSCKevinSplunk Engager in Splunk Search 04-02-2022 0 7	0	7