Splunk Search

Community Activity

why it is not giving the results of all commands but on the 90 days command bin _time span=1d \|stats count by _time\| eval time_chunk = case(_time > relative_time(now(), "-30d") AND _time < rela... by haripotu Loves-to-Learn Everything in Splunk Search 06-15-2021 0 4	0	4
I need get the no.of events over 30 days, 60days and 90 days over column cart Hi, I need to get the no.of events happened over last 90 days, 60 days, 30 days in one column chart. Using eval, if. ... by haripotu Loves-to-Learn Everything in Splunk Search 06-15-2021 0 3	0	3
How do I find transaction that does not contain an event? Hi I have a log like below.x INFO id=abc123 Started Processingx+1 INFO id=abc123 Ended Processingx+2 INFO id=abc123 N... by vgodavarty0116 Engager in Splunk Search 06-14-2021 0 1	0	1
Join multiple fields into few unique field Hi,I'm looking something similar to this, but please note that the description* wildcard can go up to 20+ fields, sam... by yuming1127 Path Finder in Splunk Search 06-14-2021 0 1	0	1
Output fields based on values(current row) and values(previous row) Hi,Im looking a way to eval values between 2 subsequence row. Please take a look on below.my statictis table:Product ... by yuming1127 Path Finder in Splunk Search 06-14-2021 0 2	0	2
How can I join results from one search to another based on time durations? Hello all,I have two searches. One is for finding session info/durations and the other is for finding error info/dura... by Traer001 Path Finder in Splunk Search 06-14-2021 0 0	0	0
How to get a line chart of a ratio of time based values using a condition I have attached a picture of the data to get a better understanding of it. What I am trying to do is to show the rati... by Rokas_Strazdas Engager in Splunk Search 06-14-2021 0 0	0	0
How to replace time series chart giving no results Hi All,I created single value panels using a time-series chart. If there is no data it's display's "no results found"... by kirrusk Communicator in Splunk Search 06-14-2021 0 2	0	2
SENS-PRD splunk not listing events in search result Good morning. I added new PRD Splunk forwarders and sourcetypes last Wednesday night, June 9. I can see the events in... by anil1432 Explorer in Splunk Search 06-13-2021 0 1	0	1
How my file path name is modified automatically I have one file which is monitoring from 1 year in deployment server in inputs my file name is sourcetype: D:\Appl... by anil1432 Explorer in Splunk Search 06-13-2021 0 2	0	2
Subsearch error Hii everyone, Please can any one do splunk query optimization.Phenomenon we are facingThe report count looks incorrec... by anil1432 Explorer in Splunk Search 06-13-2021 0 2	0	2
Saved searches lifetime: difference between dispatch.ttl and alert.expires in savedsearches.conf I'm trying to accurately control the lifetime of the search artifacts of a saved search. I have set the "Expiry" time... by BernardEAI Communicator in Splunk Search 06-12-2021 0 2	0	2
Is there an SPL search for Searches (saved or scheduled) that run in Real time? Is there an SPL search for Searches (saved or scheduled) that run in Real time? Should the all scheduled or saved sea... by SamHTexas Builder in Splunk Search 06-12-2021 0 6	0	6
Plot average time between events. Can someone help me with the query to plot average time between events matching a field having certain value e.g msg=... by picktheneedle Loves-to-Learn in Splunk Search 06-12-2021 0 1	0	1
Fill Multiple values in a field I have some numeric values that is coming from job search results and the result is saved in tokens. These values are... by Jazzyb New Member in Splunk Search 06-12-2021 0 2	0	2
How to deal with varied time formats? I have some data containing timestamps with varied formats, e.g., sometimes "%m/%d/%y %H:%M", sometimes use "%m/%d/%Y... by yuanliu SplunkTrust in Splunk Search 06-12-2021 0 3	0	3
Filter Specific results & include specific result in query If the user's AD & Logon locations are the same, then I am filtering the results with the below query. \| rex field=Lo... by alexspunkshell Contributor in Splunk Search 06-12-2021 0 6	0	6
How do you use tstats to list the number of unique hosts over time? Hi, Is there a way to use the tstats command to list the number of unique hosts that report into Splunk over time? ... by a212830 Champion in Splunk Search 06-12-2021 0 3	0	3
Query with bin and stat calculations produces different results I'm trying to get the total number of hours a user is connected to a workspace per month. I am getting the raw data ... by ChihiroK New Member in Splunk Search 06-12-2021 0 2	0	2
How to Extract Any Values With a Decimal in my Rex String Hello,This may be an easy one, but I've been struggling with finding an answer for it.I have events that look like th... by Traer001 Path Finder in Splunk Search 06-11-2021 1 2	1	2
How to find standard deviation of the aliase I calculate the mean of the four weeks using the aliases, but how do I calculate the standard deviation of the four p... by aayushshah Engager in Splunk Search 06-11-2021 0 4	0	4
Showing >100% Complete status Using Python in Jupyter notebooks to run Splunk API. The queries run fine from both Python and Splunk itself. However... by kcull997 Observer in Splunk Search 06-11-2021 0 0	0	0
Subsearch filtering not working between sourcetypes Just started getting data flowing from a new machine that produces data which is similar in content, but different in... by jcarlock Explorer in Splunk Search 06-11-2021 0 2	0	2
How to get the total sum value and top 10 values in same timechart I am trying to get the top 10 users based on GB used in a timechart graph visualization and also the the total GB us... by vrmandadi Builder in Splunk Search 06-11-2021 0 0	0	0
How to get top 10 users by usage per day for last 30 days I have an index which gives user information of how much GB of data they used and from what source .I would like to g... by vrmandadi Builder in Splunk Search 06-11-2021 0 5	0	5