Splunk Search

Community Activity

Timechart stats I have simple search: index=xyz logLevel IN (ERROR, INFO)How do I plot two different color in a timespan chart?See... by noman377 Explorer in Splunk Search 03-23-2021 0 1	0	1
To generate two sets of values from one field Hi all,I am new to Splunk and I would like to seek help from the Splunk Community to generate the net power consumpti... by splunk_rookie Engager in Splunk Search 03-23-2021 0 4	0	4
ipinfo I am executing a query in splunk which is below : \| makeresults \| eval ip="$ip$" \| makemv delim="," ip \| mvexpand ip ... by ismail_salma198 Explorer in Splunk Search 03-22-2021 0 4	0	4
Dashboard panel statistic using extracted field not working HiI have a dashboard panel that displays (for a given server) 4 statistic values. Backups started, running, successfu... by owulz Explorer in Splunk Search 03-22-2021 0 0	0	0
collect command generates multiple rows in summary index for single event I am using the collect statement to collect a single event to a summary index. When run as a search, it will generate... by bowesmana SplunkTrust in Splunk Search 03-22-2021 0 0	0	0
_time and the timestamp in the row data are having slight variation I could see there is a slight difference ( in seconds - from 1 to 10) between the _time and the timestamp field in th... by ethanthomas Path Finder in Splunk Search 03-22-2021 0 3	0	3
SPL data input to SQL search? Hello All,I have a situation in which I need to use local lookup file as input in another search, however, the second... by sarge338 Path Finder in Splunk Search 03-22-2021 0 2	0	2
FieldSelector - p-values higher than >.05 in selected fields I've recently begun exploring the FieldSelector command to better understand what fields are the best predictor for a... by jpawloski Path Finder in Splunk Search 03-22-2021 0 0	0	0
How to make _time field to get the exact value of timestamp ? I have diffeence between _time and timestamp in terms of second . ( 5 to 50) . How to make the _time to get the exac... by ethanthomas Path Finder in Splunk Search 03-22-2021 0 1	0	1
How to view the contents of .kmz lookup files I do \| inputlookup geo_ocean.kmz for example but get an error. Please advise by SamHTexas Builder in Splunk Search 03-22-2021 0 0	0	0
Average alarms per reader So I'm having trouble figuring this one out. Basically for example we have 1000 alarms per day and 100 readers in our... by msage Path Finder in Splunk Search 03-22-2021 0 1	0	1
The "Where" command How do I search multiple field values with the "where" command. I am trying to search multiple field values that are... by antaeuslogan New Member in Splunk Search 03-22-2021 0 1	0	1
How do i get a count of each value of a field, and then extract the values whose count matches a certain number Hi,I have the below SPL which gets the count of each value of the field named "subject". I want to be able to select ... by ezmo1982 Path Finder in Splunk Search 03-22-2021 1 3	1	3
REgex to extract fields AZImaging/Projects/IMG2012002/WSI/D419BC00001/E7004004/SM/96b819b9-fc86-b81b-a999-55a72df0e05a.svsHi ,Above is the st... by hashsplunk Loves-to-Learn Lots in Splunk Search 03-22-2021 0 2	0	2
New field with conditional value I have a dashboard panel with a table that show 3 fields, each of which contain numeric values.A) "Backups started (c... by owulz Explorer in Splunk Search 03-22-2021 0 9	0	9
Adding increments of time to an event Hi Splunkers,I have gotten help on this type of problem and it has been very useful. However, I still stuck, but almo... by Mary666 Communicator in Splunk Search 03-21-2021 0 10	0	10
How to calculate duration for repeated event by unique string Hi,I am new to Splunk, just started for few days. Below is the events that I have searched and sorted, I would like ... by nraf Loves-to-Learn in Splunk Search 03-21-2021 0 3	0	3
Can I use data from other rows and set them to a different row who have the same key? Hi everyone, I would like to ask if it's possible to use data from another row, to be set as the value of a different... by yoshilog Explorer in Splunk Search 03-21-2021 0 2	0	2
Isolate date by adding greater than or equal to Hi,So my search window is from Feb 19 - Feb 23. I would like to have isolate Feb 19 - to have my events start on this... by luna Explorer in Splunk Search 03-20-2021 0 0	0	0
Where is Indexer specific props.Conf files saved? Is there individual indexer specific conf files present specially for Props.conf file ? In Linux , how can we identi... by ethanthomas Path Finder in Splunk Search 03-20-2021 0 2	0	2
Setting up earliest and latest time with relative date and fixed time I am trying to define a query where I have to use the earliest time as 2 days ago at 22:20:45 and latest time 1 day a... by AruBhende Explorer in Splunk Search 03-20-2021 0 1	0	1
Are the App Data Input fields extractable? I have an app that configures data inputs with columns for "Name" and "Destination". Once there is data in the sourc... by dglass0215 Path Finder in Splunk Search 03-20-2021 0 1	0	1
Issues with the schedule PDF generation While doing the schedule and export option of PDF generation , the graph format is getting truncated . However , the ... by ethanthomas Path Finder in Splunk Search 03-19-2021 0 0	0	0
Need to change the value of field using sed I want to replace the values of alertnateId and displayName to "****", I tried with below sed command but its not cha... by Vignesh-107 Path Finder in Splunk Search 03-19-2021 0 2	0	2
If there are multiple results in field2, for one value of field2 within a time interval So what I'm attempting to do, is I have a list of user, IP, city, state, country, time. I want to alert if I see a u... by jkw117 Observer in Splunk Search 03-19-2021 0 1	0	1