Splunk Search

Community Activity

	how to use one token with different evaluation for 2 panels query under different conditions. Hi, Splunkers，I have a dashboard with 2 panels.there is one input token, Gucid_token,what I need is when Gucid_token... by wangkevin1029 Communicator in Splunk Search 01-11-2022 0 12	0	12
	Automatic extraction bug? Hi,I am facing the next problem. When having the next _raw: process="\"C:\\Windows\\regedit.exe\" /s \"C:\\Program Fi... by ursol New Member in Splunk Search 01-11-2022 0 1	0	1
	How can I identify which heavy forwarder or universal forwarder are sending logs? Hi, I have a problem in my infrastructure the logs are being duplicated, I am trying to identify from which origin (H... by germancho88 Engager in Splunk Search 01-11-2022 0 4	0	4
	Identifying inactive Hosts that crashed I'm trying to identify inactive hosts that crashed (through an alert).Inactive hosts - hosts that haven't logged in t... by legosawyer Engager in Splunk Search 01-11-2022 0 3	0	3
	How to calculate the percentage of certain field occurence in the events ? In my events, there is a field called "is_interactive" which has value of either 0 or 1.Now the thing is, not all of... by zacksoft_wf Contributor in Splunk Search 01-11-2022 0 1	0	1
	How to build a table from different fields from a single event HelloI'm having this situation where I have a query returning a single event and I need to build a compound table fro... by Shaft Explorer in Splunk Search 01-11-2022 0 2	0	2
	Field subtraction Can anyone assist me with the SPL to subtract EBVS% and PFAVS% fields to allow the successful plays field to improve?... by EvansB Path Finder in Splunk Search 01-10-2022 0 3	0	3
	How to make the dashboard to display latest result by default I have made my search query for all time because I have created dropdown for month date and year. But I want the sear... by Azwaliyana Path Finder in Splunk Search 01-10-2022 0 2	0	2
	time chart only computing the first part of the calculation Hello,I am working with the timechart command on my following query and I am running into some problems.I am trying t... by splunk3341 Loves-to-Learn Lots in Splunk Search 01-10-2022 0 4	0	4
	Eval with stats on multiple fields I am looking for help on stats with eval Input Events (each json is a event): { "app_name": "app1","logEvent": "Recei... by rangarbus Path Finder in Splunk Search 01-10-2022 0 3	0	3
	Splunk - How to not perform search for greater than 30 days in Time Picker. I have a Panel in a Dashboard which shows results of a Query and picks the time range from a TimePicker. Goal: If the... by kirti_gupta12 Path Finder in Splunk Search 01-10-2022 0 1	0	1
	Search performance issues after Splunk Upgrade 8.0.7 to 8.2.3 with mostly metrics based indexes After we upgraded from 8.0.7 to 8.2.3, we are having lots of problems with search performance. We noticed that the a... by walkerhound Path Finder in Splunk Search 01-10-2022 0 1	0	1
	multiple searches for stats I have two searches where I need to run an stats count on to do some calculations. First search isindex=xxx wf_id=xx... by kishan2356 Explorer in Splunk Search 01-10-2022 0 5	0	5
	Time doesnot show millisecond With Splunk (splunk-library-javalogging) library update to version 1.11.4 , _time doesnot show millisecond . Having... by suprithbhaskar New Member in Splunk Search 01-10-2022 0 0	0	0
	How to overcome append 10k limit without modifying conf file is it possible to append more than 10k records between 2 index?How to overcome this withou modifying conf file and ad... by DataOrg Builder in Splunk Search 01-10-2022 0 4	0	4
	Regex Field Extraction in Data Model Hi all. I'm fairly new to Splunk and regex. I've got many event logs and I'm making use of data models beforing gener... by han Engager in Splunk Search 01-10-2022 0 2	0	2
	Need help with combining two searches Hello Team,How can I combine given below two searches and get the AWS instance name .aws-description-resource( (aws_a... by neeltiwari Observer in Splunk Search 01-10-2022 0 1	0	1
	More than 10 accounts disabled within five minutes. Hi guys,I'm working on a search that shows more that 10 accounts disabled within a five minute time frame. I feel lik... by weetabixsplunk Explorer in Splunk Search 01-09-2022 0 1	0	1
	JOIN on some of the columns I have a table (that is a spitted URL) in the following format: field1field2field3field4field5field6aaaaa11111qqqqqaa... by michael_vi Path Finder in Splunk Search 01-09-2022 0 5	0	5
	stats count by field and show total Hello,I want to calculate the count of total events, count of errors and show the total percent of the failures from ... by sarit_s Communicator in Splunk Search 01-09-2022 0 3	0	3
	Getting the Date for the max() value Howdy I have a search like this:Everything is great! Would it be possible to add a column that contains the timestamp... by modulussplunk Loves-to-Learn in Splunk Search 01-09-2022 0 4	0	4
	rex extract number Hi2022-01-04 23:10:43,224 INFO [APP] sessionDestroyed, Session Count: 02022-01-04 23:12:34,238 INFO [APP] sessionCrea... by indeed_2000 Motivator in Splunk Search 01-09-2022 0 9	0	9
	Searching a 2nd index with a field extraction using rex I have a index=weblogs where I filter results and then REX extract an IP address to a new field called RemoteIP.I wan... by dhabbal Explorer in Splunk Search 01-08-2022 0 4	0	4
	Using "earliest" and other time modifiers in ad hoc queries Is it possible to put time modifiers like "earliest" into a search and essentially disregard the time range drop-down... by mv10 Path Finder in Splunk Search 01-07-2022 0 3	0	3
	Using stats command to return 0 value Hi There:I'm trying to return the list of access_users with 0 web hits from the web_hits table. How can i adjust this... by mdeterville Path Finder in Splunk Search 01-07-2022 0 2	0	2