Splunk Search

Community Activity

Query to display if 500 error http status count is more then 30 percentage of total api calls by Sarvoday New Member in Splunk Search 12-13-2021 0 1	0	1
How to use substr in an eval with if I try to use the query eval ID = if(ORG="MC",ID=substr(ID,-6),0) Basically, I want in my result, if ORG="MC", I want ... by phamxuantung Communicator in Splunk Search 12-13-2021 0 1	0	1
Need help in formulate query for our use case Team,I'm newbie in writing Splunk queries. Could you please provide me guidance how to design a SPL for below use cas... by kapoorsumit2020 Loves-to-Learn Everything in Splunk Search 12-13-2021 0 7	0	7
Splunk map search by chunks or any other way to make it faster Hello!Could somebody please suggest if it is possible to do a map search search more effectively?What I am trying to ... by AndreiIssakov Explorer in Splunk Search 12-13-2021 0 6	0	6
Why can't I delete lookup table files? Hello, As an admin, I tried to delete a lookup table file. I had copied all the apps back to the search head cluster... by tkw03 Communicator in Splunk Search 12-13-2021 2 3	2	3
How can I use sha1 in my Splunk search We save hash values from our ids and I want to search for them. I would expected I can do it this way:index=blub id=s... by pk87 Engager in Splunk Search 12-13-2021 0 9	0	9
How can we add a single column from 2nd table to 1st table using search query in Splunk Hi,I have two tables and in first table it contains 13 columns and from second table only one column i need to add to... by Narendra045 Explorer in Splunk Search 12-13-2021 0 3	0	3
How to Optimize Splunk Search to avoid "auto-finalized after disk usage limit of 100MB" When running the following search for a 24hr period it is always being auto-finalized due to disk usage limit of 100M... by nateNpgh Loves-to-Learn Lots in Splunk Search 12-13-2021 0 13	0	13
showing table despite no results TYPEMonthKPI_1KPI_2GLOBALOct'217624LOCALOct'214667 I'm searching the table like \| search TYPE="GLOBAL" \| search Mont... by lostcauz3 Path Finder in Splunk Search 12-12-2021 0 2	0	2
How to Combine two Rex fields and get results in a Table Hi there,I have 2 separate queries that I built using Rex.1. This query captures the logg on and logg off status of t... by GRC Path Finder in Splunk Search 12-11-2021 0 2	0	2
Subsearch in tstats causing issues I am encountering an issue when using a subsearch in a tstats query. Specifically, I am seeing the count of events in... by GindiKhangura Explorer in Splunk Search 12-10-2021 0 3	0	3
If specified field value does not exist in the current time period do this Hi, hoping to get some more insight on my current problem. My problem is the following I am using a where clause to c... by splunk3341 Loves-to-Learn Lots in Splunk Search 12-10-2021 0 2	0	2
Alert when host stops reporting data (IT Essentials Learn) I am attempting to use a search from IT Essentials Learn named "Alert when host stops reporting data - Linux - IT Ess... by jackjack Path Finder in Splunk Search 12-10-2021 0 3	0	3
Calculate the session duration by the same field's with different values from 2 different events. RAWDATA:user_namemachine_nameevent_namelogon_timeuser1machine1logon12/9/2021 7:20user1machine1logout12/9/2021 7:22use... by psmp Explorer in Splunk Search 12-10-2021 0 10	0	10
SubSearch Hi, I would have this need, that is to carry out a search that extracts all users who use iphone with SO = 9. * and t... by giorgioanastasi Explorer in Splunk Search 12-10-2021 0 7	0	7
Fields extract values, display Hi everyone, I'm new here and having a problem filtering of numbers from a message. message: Generated non direct de... by radi09 Engager in Splunk Search 12-10-2021 0 7	0	7
Pie chart using 2 inputlookup files Aloha, We’ve a reporting requirement to create a Pie chart using 2 input files. So far we’ve successfully created Ba... by marceloalejandr Path Finder in Splunk Search 12-10-2021 0 9	0	9
Include source file that ended with date (not bz2) Need to declare in spl Include only those file that has ended with date not .bz2 (I don’t want to use NOT) Here is s... by indeed_2000 Motivator in Splunk Search 12-10-2021 0 3	0	3
Wildcards with "\| lookup" Hi,I'm trying to get wildcard lookups to work using the "lookup" function. I've followed guidance to set up the "Matc... by geomore Explorer in Splunk Search 12-10-2021 0 7	0	7
{} equivalent on right hand side of eval I hate hardcoding dynamic things. Sooner or later those thing break. I have data with fields ... forecast_2020=400, f... by usd0872 Path Finder in Splunk Search 12-10-2021 0 4	0	4
Generating _events_ in search Hello there.I was wondering... is there any way to generate _events_ in search?I mean, I know of the makeresults comm... by PickleRick SplunkTrust in Splunk Search 12-10-2021 0 6	0	6
feed query results to raw data in makeresults \| makeresults\| eval _raw = "user_name machine_name event_name logon_timeuser1 machine1 logon 12/9/2021 7:20user1 mach... by psmp Explorer in Splunk Search 12-09-2021 0 3	0	3
How to extract json fields from json inside single quotes? Hey I am having difficulties trying to extract fields from my splint logs. They are in the format of’{“field”: “value... by Alanshiau717 New Member in Splunk Search 12-09-2021 0 1	0	1
SEDCMD vs Transforms to mask data Hi,When we use sedcmd command to mask data it is Indexed time extractions and when we use transforms to mask data it ... by VijaySrrie Builder in Splunk Search 12-09-2021 0 2	0	2
Timezone offset causing blanks during conversion I have a date column that I'm trying to convert to %m/%d/%Y. The date stamp is a little complex but I got it to work ... by rhilderbrand1 Observer in Splunk Search 12-09-2021 0 4	0	4