Splunk Search

Community Activity

How to Use Transaction to Retrieve Groups of Events Hi all, I'm trying to use a transaction to get multiple pairs of events (the selection and release of a node). So I h... by Traer001 Path Finder in Splunk Search 04-06-2021 0 4	0	4
how to rearrange the table/chart layout Hi, I have:index=............\|stats avg(test) by OrderNr Sub_OrderNrBut I want to something like this:OrderNr S... by zoe Path Finder in Splunk Search 04-06-2021 0 1	0	1
Excluding Messages With Custom Field Matching List of Values I'm tasked with auditing syslog messages from some network devices for suspicious activity. I can use the IN operator... by deees New Member in Splunk Search 04-06-2021 0 1	0	1
How to print a splunk variable? How to print a splunk default variable in search query? Actually I have two variables like $job.earliestTime$ and $jo... by satyajit7 Explorer in Splunk Search 04-06-2021 0 4	0	4
Get customer ID form logs I have a log of the form"Associated integration for customer AAA is Integration{id=1865, clientID}, carrying out deac... by bharat149 Explorer in Splunk Search 04-06-2021 0 1	0	1
Query for exclude words in a raw data Hello!As shown in the below picture, those are the events with a timestamp. I want when a "Kafka" service or "Jps" se... by phanichintha Path Finder in Splunk Search 04-06-2021 0 14	0	14
How to query an automatic lookup Hi Guys, How can I query an automatic lookup? Now, this is not the fields created through an automatic lookup, but t... by luna Explorer in Splunk Search 04-05-2021 0 1	0	1
'Error in 'fit' command' when using Machine Learning Toolkit Hi Community,I encountered the following error message when using the ML Toolkit:'Error in 'fit' command: Invalid mes... by ronaldtan1993 New Member in Splunk Search 04-05-2021 0 0	0	0
Is automatic new line insertion deprecated? A convenience feature was introduced in 7 (well I noticed it in a Splunk 7 installation and not in 5 and 6) that auto... by yuanliu SplunkTrust in Splunk Search 04-05-2021 0 1	0	1
Search events - remove events matching certain values on 3 fields Currently search will display events with "Rejected" File Status, but if this Rejected file gets fixed and then is "D... by Dirkoh Engager in Splunk Search 04-05-2021 0 3	0	3
How to Use IF or Case condition Hi,My logs are in following format:{[-]logger: .......message: ..........severity: Error}{[-]exception: .........logg... by alex5441 Explorer in Splunk Search 04-05-2021 0 3	0	3
How to get last weekday of last month and check logs for an date field in the logs having that value I have something that runs every day but i need to see it only for previous EOM which is also a weekdayI have a field... by ashutoshwalke Explorer in Splunk Search 04-05-2021 0 6	0	6
How to get environment in customized order How can I sort so that I can get the Stage_INT 1st and others after that and below is the output image. Can someone p... by Engineer_Zen Observer in Splunk Search 04-05-2021 0 1	0	1
Conditional drilldown Hi..I have a table(panel 1) with the below columns..Col_A Col_BAnd based on the values of Col_B i will have to create... by prettysunshinez Explorer in Splunk Search 04-05-2021 0 2	0	2
Search using lookup Hello, I have two indexes to which I need to compare the source ip and if it is the same, show me a message like true... by splunkcol Builder in Splunk Search 04-05-2021 0 4	0	4
Splunk ITSI Maintenance Window Hello,I need to enable alert suppression during maintenance window in splunk ITSI. I have correlation searches where ... by vijaybaskarss Loves-to-Learn Lots in Splunk Search 04-05-2021 0 0	0	0
How to calculate the index size from all indexers Is there a way to calculate total size of an index from all indexers? I can see index size from each individual index... by adityapavan18 Contributor in Splunk Search 04-05-2021 2 21	2	21
To get the greatest value for each day and graph it for a week Hi,Can you please assist with the query to get the greatest value (for one field) on that day and graph the data for ... by dinumayu Observer in Splunk Search 04-05-2021 0 1	0	1
memory SH cluster Hello! I ran out of memory for the search head located in the cluster. The status is "AutomaticDetention". Is it poss... by gitingua Communicator in Splunk Search 04-05-2021 0 1	0	1
How to efficiently calculate max events per second (eps) by hour over long timeranges, like 30 days? I could count against the raw data but it takes a long time. How can I more efficiently count on such stats? by the_wolverine Champion in Splunk Search 04-04-2021 2 3	2	3
How to dynamically compare and come up with new fields Using the extract function, I can arrive with the below columns: I need to compare the values, and come up with a... by yoshilog Explorer in Splunk Search 04-04-2021 0 4	0	4
Using a resulting time from one query as the latest time in another query Hello!I am having trouble with a query where I want the results to depend on the time results of another query. This ... by Traer001 Path Finder in Splunk Search 04-04-2021 0 1	0	1
Why use eventstats and stats together? Hello,I have seen eventstats and stats used together, but I’m not clear on why and when the use of the mentioned woul... by luna Explorer in Splunk Search 04-04-2021 0 2	0	2
Chart Percentage Issue Percentage is miscalculated Hello Splunk Community, Here is my code and explanation of the issue below:I am having a very annoying issue that I c... by Mary666 Communicator in Splunk Search 04-03-2021 0 3	0	3
How to replace hostnames with own names When i use below query i can see multiple servers in the index.Index=abc sourcetype=vmstat (host=windows1* OR host=... by svalivarthey New Member in Splunk Search 04-03-2021 0 1	0	1