Splunk Search

Community Activity

Count events with differing strings in same field So this search...index="myindex" source="/data/logs/log.json" "Calculation Complete"... the results return a MessageB... by guywood13 Path Finder in Splunk Search 09-28-2021 0 4	0	4
Merge raws based on common substring Hi,Let's imagine I have those raws :NameValue1Value2foo12foo1216foodazd56fooaoke43foo5623bar12barjodpez74barjo74bar12... by gaglimax Loves-to-Learn Lots in Splunk Search 09-28-2021 0 0	0	0
% difference in errors over the last 5 minutes Im looking to get a query that will tell me the difference in an error rate increase i.e 5 minutes ag it was 120 erro... by samneo Path Finder in Splunk Search 09-28-2021 0 7	0	7
how to reduce the time of a search? Hi, I have a search that contains millions of events and is extremely slow, is there a way to speed it up? This is th... by francesco1g Engager in Splunk Search 09-28-2021 0 2	0	2
Find 2 way communication in flow Looking for the most efficient way to find 2 way traffic in flow data for a particular set of IP/port/protocol combin... by ky129q Engager in Splunk Search 09-28-2021 0 0	0	0
Every timespan of transaction need time format hello, I have alert transaction at "ACK" and at "Resolved", i have created table for each value, but unable to edit t... by Manasi25 Explorer in Splunk Search 09-28-2021 0 15	0	15
Removing rows from table based on more than one field Hi,I am trying to filter out fields from a table based on its content, example:LP. NAME SURNAME STREET CITY1. Bob Smi... by kxmorrr Engager in Splunk Search 09-28-2021 0 3	0	3
Creating a timechart with duration Hey guys. I have multiple events combined to transactions. I'd like to view the duration of each transaction on a tim... by username13 Explorer in Splunk Search 09-28-2021 0 6	0	6
How to show a list that compare the thing which not show up in a csv file So in detail, I have a dashboard that read log files to monitor the list of host's status which is UP or DOWN. But wh... by phamxuantung Communicator in Splunk Search 09-28-2021 0 1	0	1
stats count conditional for multi field Hello dears,I want to list my search if "B" total count higher than >3 than list by "A"A and B fields could have var... by corehan Explorer in Splunk Search 09-28-2021 0 7	0	7
Field Extraction Hi Experts,I'm having some difficulties to extract the correct information from a file that was add to splunk.I tried... by cauhe Explorer in Splunk Search 09-28-2021 0 4	0	4
adding value output rows from a stats table I have the following search. index=main_index sourcetype="hec:google" operationName=createMobileAuthenticationOutcome... by rhallinan Engager in Splunk Search 09-27-2021 0 2	0	2
Table column split I have requirement to split the single cell into two columns, in which i need to add different search result data.I n... by sahana Engager in Splunk Search 09-27-2021 0 1	0	1
Where to find "Detected Anomaly" notable events in ITSI? Our ITSI is showing some "Detected Anomaly" for the kpi "Index Usage".Where and how can I find the notable events for... by vl951f Path Finder in Splunk Search 09-27-2021 0 0	0	0
How do I exclude Mondays from a Timechart There are no data on Mondays so my timecharts always dip to 0. {search string} \| eval date_wday=lower(strftime(_time,... by splunkuser2127 Loves-to-Learn in Splunk Search 09-27-2021 0 12	0	12
Base search on a dashboard Hello!I have been trying to make a base search on a dashboard with a time and environment input as a drop-down.It onl... by N-W Explorer in Splunk Search 09-27-2021 0 3	0	3
How to use values from inputlookup for date comparison? Hi, I want to create a dashboard, where a user has a drop down input to select a named time frame ($value$). The star... by Jochen_Widmaier Engager in Splunk Search 09-26-2021 0 6	0	6
multisearch Hi , I have 2 queries :index="bar_" sourcetype =foo crm="ser"\| dedup uid\| stats count as TotalCountand index="bar_"... by zakura Explorer in Splunk Search 09-26-2021 0 3	0	3
"What to search" is not showing. Hey, I am working towards Slunk Fundamentals 1 and doing the eLearning assignments. Currently on Module5. I have impo... by P_Viz Engager in Splunk Search 09-26-2021 1 3	1	3
Get mean response time for each endpoint in log. I have an api which has a number of endpoint, e.g., /health, /version, /specification and so on...I have a query whic... by ashvini_mishra Explorer in Splunk Search 09-26-2021 0 3	0	3
Macro for Backslash Substitution I have a macro that adds a backslash to an existing backslash: [backslash(1)] args = arg definition = replace("$arg$"... by ephemeric Contributor in Splunk Search 09-25-2021 0 0	0	0
Is it possible to implement base search in query with multiple appendcols index=test sourcetype=test_access tag=prod server_name!="www.test.com" earliest=-4h latest=now \| timechart eval(avg(r... by ronsri Observer in Splunk Search 09-25-2021 0 1	0	1
How to exclude combinations of values in lookup from search? Hi, Team!I have a rule:index = example source = "Rule" \| fields user, src_time, src_app, src, src_lat, src_long, src_... by ilya New Member in Splunk Search 09-25-2021 0 1	0	1
Stats count use last event Hello,I'm trying to make a report to count the number of interfaces available and used.I found the query that matches... by yoan Explorer in Splunk Search 09-25-2021 0 2	0	2
outputlook with a subset of fields I have an alert that joins RAW events with a lookup containing thresholds (and yes, it has to be a join). I would li... by middlemiddle Explorer in Splunk Search 09-24-2021 0 3	0	3