Splunk Search

Community Activity

How to sort the counts of the sub-category items in the categories? Hi Splunkers,My event example is as follows. fruit_type size --------------- apple big banana medium melon smal... by homer07 Explorer in Splunk Search 09-07-2021 0 11	0	11
Show subtotals as percentages in Pivot Statistics Table I have a Pivot displayed as a Statistics Table, which is defined by the following search: \| pivot My_Object SearchOb... by postrational Engager in Splunk Search 09-07-2021 1 3	1	3
How to edit my timechart search that shows the number of successful/failed logins over time, with a distinct count by user? I am trying to find the number of successful/failed logins to my machine over time with a distinct count by user. Th... by WhatTheSplunk Engager in Splunk Search 09-07-2021 1 3	1	3
REX-Field Extraction Issues with Special Characters Hello,I have following Sample Event.Q17CNB_L_0__20210630-235755_5828.html@^@^2021/06/30@^@^23:57:55@^@^ Q17CNB @^@^I ... by SplunkDash Motivator in Splunk Search 09-07-2021 0 3	0	3
Regex for last IP Address Can someone please help with the Splunk query for the below scenario:I want to extract last IP address by a regular e... by VS0909 Communicator in Splunk Search 09-07-2021 0 5	0	5
winprintmon search results aren't showing the proper results for "total_pages" Hello, I'm having some issues with results for "total_pages" and "page_printed" field(s) showing the incorrect print ... by pmac22 Path Finder in Splunk Search 09-07-2021 0 2	0	2
stream rex substitution to stats I have the following rex substitution in a query to aggregate various log messages (with the string Liveness and Read... by ddebroy Engager in Splunk Search 09-07-2021 0 1	0	1
Joining two files with derived field Greetings,I am very new to Splunk and I am sure my question may have been asked multiple times. I went through multi... by tva000 Observer in Splunk Search 09-07-2021 0 1	0	1
Field Extraction from SQL Coded Events Hello,I have some issues to extract fields from this SQL coded events. Is there any way we can perform field extracti... by SplunkDash Motivator in Splunk Search 09-07-2021 0 20	0	20
Icons Disappear From A Table While Word Wrap Is Disabled I have a table where the first four columns includes an icon. I want to have word wrap disabled. When I disable wor... by rkeq0515 Path Finder in Splunk Search 09-07-2021 0 0	0	0
Combine the results of a table in one single row I have a splunk query that results in a table , while creating alert it just sends the first row of the results ,so w... by nandhiniG Explorer in Splunk Search 09-07-2021 0 2	0	2
Map search Hi,I am using below query to search all correlation ID based on a search string and get the SOAPResponse using map se... by BhuvanM New Member in Splunk Search 09-07-2021 0 1	0	1
Create fields from the lookup content Hi,In order to parametrize the search, I created a lookup with a couple of numerical values that I would like to easi... by corti77 Contributor in Splunk Search 09-07-2021 0 3	0	3
Parse the log and get average time. Response time for User Identifier for fsreqid: " + fsreqid + SIDKEY + sid + " is "+responseTimePlease help us out her... by fidankur New Member in Splunk Search 09-07-2021 0 1	0	1
How do I get subquery results Hi all, I have two indexes, and I want to check whether the data from one index=a exists in the other index=b, an... by bella Loves-to-Learn Lots in Splunk Search 09-07-2021 0 1	0	1
how to add a value to a fieldvalue if a certain field exists? Hello everyone!I struggle to find a way to add a value (for example 1) to a fieldvalue in case a certain field exists... by avoelk Communicator in Splunk Search 09-07-2021 0 3	0	3
Backreferences in Fieldnames of rex Hey There,i have n Systems.I would like to apply a rex query, where each fieldname contains the system ID which i hav... by SaltyHash123 Explorer in Splunk Search 09-07-2021 1 5	1	5
How to create a new field from existing fields after a sum Hi,I need a help in creating a field using/grouping sum of 2 existing fields .Ex:field 1- count_of_true(These will ha... by dtccsundar Path Finder in Splunk Search 09-07-2021 0 9	0	9
How to show sparkline for failures % in a table Hi,I have different sourcetypes like ( A ,B,C,D)Each sourcetype has have field "Status" with (True,False,Error,Not av... by dtccsundar Path Finder in Splunk Search 09-07-2021 0 1	0	1
values 你好，我有个问题。我需要更少的值， l stats count list(fileame) as filename by user当我使用它时，心灵返回100个值。我需要快乐的值，10-20个值 by yin_guan Explorer in Splunk Search 09-06-2021 0 1	0	1
Extracting Office365 ModifiedProperties fields data into table Hello Team,I not sure what I am missing but I am unable to extract or display ModifiedProperties{}.Name fields into t... by spodda01da Path Finder in Splunk Search 09-06-2021 0 2	0	2
Not able to read more than 100 entries in the stream https://community.splunk.com/t5/Splunk-Search/Why-am-I-only-getting-a-maximum-of-100-events-returned-through-a/m-p/20... by raksh New Member in Splunk Search 09-06-2021 0 0	0	0
Why am I only getting a maximum of 100 events returned through a oneshot search via Java SDK? I'm using Splunk's Java SDK to get Splunk events, and the problem I'm facing is that Splunk only returns a maximum of... by ahmadka2 New Member in Splunk Search 09-06-2021 0 3	0	3
inputlookup field help My index has client_ip.However, I want to use the client_ip that exists in the user_ip.csv field.index="my_index" [ \|... by splfedor Loves-to-Learn Lots in Splunk Search 09-06-2021 0 1	0	1
Windows EventLogs: 3 failed logins from 3 different users from same host Using Windows EventCodes I want to find 3 or more users failing to log in. So far my syntax is \| stats values(user) a... by Fe-atSplunk Explorer in Splunk Search 09-06-2021 0 2	0	2