Splunk Search

Community Activity

Why is the field count double the amount of total events? Hi there, I am new to Splunk and have sent some dummy JSON-data to Splunk. I notice that for example there are 20 e... by JosIJntema Explorer in Splunk Search 02-26-2021 1 8	1	8
Find Largest Files of Linux Using Splunk Hi everyone, On my Linux machine, which has Splunk Forwarder and Splunk Add-on for Unix and Linux installed, I'm usin... by hishamjan Explorer in Splunk Search 02-26-2021 0 3	0	3
Issue with Splunk Query Stats not brining in all values Hi All,I have a log which has below lines in it:"Results":{"Elapsed":"0","Message":"No of Application to Obsolete in ... by bhartiya008 Explorer in Splunk Search 02-25-2021 0 6	0	6
help on subsearch wich truncate events HiI use the search below but I lose some events because I have the following message :[subsearch]: Subsearch produced... by jip31 Motivator in Splunk Search 02-25-2021 0 16	0	16
How do I add two rows with different identifiers and chart? Hi,I have a table like this:Tag \| Valueaa \| 15.5bb \| 20cc \| 23I want to chart the value "dd ... by sriramv2006 Explorer in Splunk Search 02-25-2021 0 4	0	4
Can tables be used with top to display additional event fields Goal is to return a table that displays the Top 10 (md5) hashes in recorded alerts received over a 60 days period. ... by kelie Path Finder in Splunk Search 02-25-2021 0 9	0	9
How to make the values in a column the column names for a table? Hi all, I would like to make the values of a column the column names for a table. Currently, I am using the command... by chrismok Path Finder in Splunk Search 02-25-2021 1 2	1	2
Work around if sub-search does not return data for a where clause. Search: source=D:\XSP\importhelper source=IH_Daily\DebugImportHelper End \| eval dayBuffer=strftime(now(), "%d") \| ev... by griffinpair Path Finder in Splunk Search 02-25-2021 0 3	0	3
Xml path extract field <Shipment Action><ShipmentLines><ShipmentLine PrimeLine="2" /> <ShipmentLine PrimeLine="3"/><ShipmentLine PrimeLine="... by Annna Explorer in Splunk Search 02-25-2021 0 2	0	2
How to combine search results in order to use Start Time and End Time from Event 1 in JMS Queue pending messages? Hello, We are new to Splunk , learning and working customer requirments. You are requested to help on merging these t... by bojjas Observer in Splunk Search 02-25-2021 0 0	0	0
How can I search for same values within a field Hi, I have a field with multiple values, some of them share the same characters at the beginning of the values. I nee... by ynag Explorer in Splunk Search 02-25-2021 0 1	0	1
Service logs count very less to a particular host I'm having trouble writing a query which displays the action and host count where log count is below average on any h... by kgaurav Observer in Splunk Search 02-25-2021 0 1	0	1
Hide Drop Down Hi All,I want to always hide my drop down <input type="dropdown" token="TransactionID_filter" searchWhenChanged="tr... by rj1408 Path Finder in Splunk Search 02-25-2021 0 1	0	1
Count number of diefferent field values Hi,My events contain a field named "fruit" that distinguishes, what kind of fruit the event is about. I would like t... by schufi01 Path Finder in Splunk Search 02-25-2021 0 1	0	1
Evaluating content of a list of JSON key/value pairs in search I have a search where 2 of the fields returned are based on the following JSON structure:"tags": [ {<!-- --> ... by pracsys Engager in Splunk Search 02-25-2021 0 3	0	3
Subtract Dates/Time Hi,can somebody explain, why I dont get any results?index=... \| eval Timestamp=strftime(_time,"%d-%m-%Y %H:%M:%S") \|... by schufi01 Path Finder in Splunk Search 02-25-2021 0 1	0	1
Automated an Alert with a complicated search query Hi, I want make a report(or Alert) each month to count the Total transaction success in 1 month and compare it to 3 m... by phamxuantung Communicator in Splunk Search 02-24-2021 0 4	0	4
Enlist size of files and directories in acsending order Hi,Is there a way to enlist the size of files that are indexed using the local host and universal forwarders? From th... by hishamjan Explorer in Splunk Search 02-24-2021 0 3	0	3
How to translate mv field extraction from SPL to configuration files? SituationI am trying to parse events with an unrestricted number of key value pairs that might also include empty va... by jmartens Path Finder in Splunk Search 02-24-2021 0 1	0	1
inputlookup to match a field value using a variable Hello Splunk team, I'm trying to append columns based in a search of a field (Network = Network_CIDR) in Ashland-Netw... by omun0z Explorer in Splunk Search 02-24-2021 0 2	0	2
Rest search with input from inputlook Hi,I'm bouncing my head against the wall for this (probably) simple question.. I've got a inputlookup "indexers". As ... by jariw Path Finder in Splunk Search 02-24-2021 0 3	0	3
Sending emails using sendemail and map command not sending empty emails I have the following question regarding using the sendemail command together with the 'map' one.Using the below searc... by assennikolov Explorer in Splunk Search 02-24-2021 0 4	0	4
Default value in Dashboard dynamic drop-down & hiding chart with depends My Dashboard contains 4 inputs : Time , 2 Drop Downs ( One Static whose value changes Second Dynamic Drop Down query... by ppatkar Path Finder in Splunk Search 02-24-2021 0 1	0	1
log volume by host Hello,I have 26 hosts reporting data to a specific index. These hosts are prone to malfunction at any time Is there ... by bgill0123 Loves-to-Learn in Splunk Search 02-24-2021 0 2	0	2
extract the value for the field incoming/d0000c00002/data_reuse/d000/d0000c00002/ar/shared/sdtm/prod/data/idap_20191011/dm.sas7bdat what I need is to... by hashsplunk Loves-to-Learn Lots in Splunk Search 02-24-2021 0 5	0	5