Splunk Search

Community Activity

How to create search for CPU linux to load average? Hi , I need the help to write splunk query for calculating CPU Linux load average for last 1,5 and 15 mins. I have sp... by mm12 Explorer in Splunk Search 03-24-2022 0 1	0	1
How to view only one data in graph when there is a list ? I have list of items plotted in line graph which is basically time-series data. I would like to have an option to sel... by R_Ramanan Loves-to-Learn in Splunk Search 03-24-2022 0 3	0	3
How to write this complex search displayed with a transpose _time command? Hello I use a complex search with display results ordered by time in a table As you can see the time period is today... by jip31 Motivator in Splunk Search 03-24-2022 0 1	0	1
How to compare nested case statements with eval Hi, I am trying to use case keyword to solve a multiple nested statement but it is just giving me output for the els... by anu1729 Loves-to-Learn Lots in Splunk Search 03-24-2022 0 2	0	2
Help creating regex extraction Gentlemen,We are ingesting Windows SYSmon logs via TA-microsoft-sysmon , and the raw events are showing in XML format... by neerajs_81 Builder in Splunk Search 03-23-2022 0 4	0	4
How to replace values outputted from \|stats with values from another search? Hello! I am attempting to take a variety of values for a single field and essentially use another search from a diffe... by DenverGeo Engager in Splunk Search 03-23-2022 0 2	0	2
Why is Splunk timechart not displaying data when last 30 days range is selected? Hi Folks, I'm new to Spunk and I was working on creating a dashboard for one of my Application. Dashboard is built bu... by peterfox1992 Explorer in Splunk Search 03-23-2022 0 6	0	6
How to replace subsearch to achieve the same result? Hi Folks,I'm using a query like below. But since subsearch returns more than 10K events, I'm not getting the expected... by peterfox1992 Explorer in Splunk Search 03-23-2022 0 8	0	8
How to extract substring from a string? I have a string in this form: sub = 13433 cf-ipcountry = US mail = abc.test@gmail.com ct-remote-user = testaccount e... by abhipatthi Engager in Splunk Search 03-23-2022 0 1	0	1
How to make a loop in one event? My log is like this:TimeEvent3/23/22 11:00:00.000 AMApplication 'AAA' is runningApplication 'BBB' is stoppedDatabase ... by sabinayang Observer in Splunk Search 03-23-2022 0 1	0	1
How to retrieve after field extraction, if it's classified as 'no search is performed after field extraction'? Cannot be retrieved after field extraction- If field extraction is classified as ` no search is performed after field... by noott211 Path Finder in Splunk Search 03-23-2022 0 2	0	2
Is there a limit to the number of digits for a number field in a kvstore? I have a kvstore that I am writing results of a search to. I have a field in the kvstore called ASC_IDX, and this is ... by BernardEAI Communicator in Splunk Search 03-23-2022 0 1	0	1
How to create a table on windowed count of api response time? I have some api response logs separated by pipe. However there is already field extraction on api response time. the ... by anonym3421 Engager in Splunk Search 03-23-2022 0 1	0	1
Need help on appendcols _time issue hello When I run the search below, its gives me "4" in results at the _time span = 11h `index` earliest=@d+7h late... by jip31 Motivator in Splunk Search 03-23-2022 0 1	0	1
Why is splunk crashing on lookup command? We have simple csv lookup like: network,descr 192.168.0.0/24,network_name Lookup description in transforms.conf: [ne... by gots Path Finder in Splunk Search 03-23-2022 1 13	1	13
How do I check supplier creation date in Buying Inspector? Hello - How do I check supplier creation date in Buying Inspector. by Vinaymkaggal New Member in Splunk Search 03-23-2022 0 2	0	2
How to extract time from the below message? Hi Folks,Can someone help me on the below. I have the below message in the log and need to extract the time portion a... by peterfox1992 Explorer in Splunk Search 03-23-2022 0 5	0	5
How to create a search that will trigger an alert when the count is zero? I want to trigger an alert when the count is zero. please help me with the alert search? by sravankaripe Communicator in Splunk Search 03-23-2022 0 7	0	7
How do I show search value with timechart? Dear professionals,I have a search string like this index="hcg_oapi_prod" relatedPersons NOT (firstName OR middleName... by lamnguyentt1 Explorer in Splunk Search 03-23-2022 0 3	0	3
How to list with events time difference greater than 0.5 secs? How do I list those events within a set of events(say expand the below query) wherein say 2 consecutive's event time ... by msg4sunil Path Finder in Splunk Search 03-22-2022 0 2	0	2
How to create Splunk search for getting average of max per 10mins? Hi team I am trying to create a query in order to get average of all max values in a period of 10 mins for any select... by ayushig New Member in Splunk Search 03-22-2022 0 1	0	1
How can I filter results for type 2 only? Dear Professional, I have a Search string like below index="hcg_oapi_prod" relatedPersons\| regex "\"relatedPersons\":... by lamnguyentt1 Explorer in Splunk Search 03-22-2022 0 3	0	3
How to add a field that sums cash value by device_id? Currently my search query is: sourcetype="transactions" AND (additionalMessage.requestUrl="*/cashIn/initialize" OR ad... by Rapidz Explorer in Splunk Search 03-22-2022 0 1	0	1
How to create a table of availabilities of a given service for a set of hosts? I'm trying to create a table of availabilities (percent uptime) for a given service for a set of hosts. My desired o... by bsg273 Path Finder in Splunk Search 03-22-2022 0 5	0	5
How to compare CutoffTime with current time? I have created a lookup table with filename and cutofftime within which we have to receive the file. I have to compa... by pradeepkm Explorer in Splunk Search 03-22-2022 0 2	0	2