Splunk Search

Community Activity

Field extraction for multiple types of values Hello all,I am trying to extract the data from the field evtComponent from the below event, and this has a multiple t... by srinivasgowda Explorer in Splunk Search 03-04-2021 0 2	0	2
Need output value Hi, Output of the below query has been attached, I need only the total value to be displayed in the dashboard. Here t... by VijaySrrie Builder in Splunk Search 03-04-2021 0 1	0	1
Comparision of hourly Log count by average log count of last 7 days. I have a Query need to compare hourly log count of today with the average value of last 7 days, if the count is great... by phanirohith97 Observer in Splunk Search 03-04-2021 0 4	0	4
join search with condition I have two searches:search-A gives values like typestatushostnameidportSizebasecachehttpOFFhost-117NANANANAhttpONhost... by arandy01 Explorer in Splunk Search 03-04-2021 0 4	0	4
Why isn't transaction working for me? I have a process where I load data into database tables. My log file has the following entries for each :TableLoad=... by VictorCrunch Loves-to-Learn in Splunk Search 03-04-2021 0 0	0	0
How to pull latest scan data with full EST date/time? Currently we are having issues with our scan data comming in to out indexer, so we have to use CSV's for scan data .... by UMDTERPS Communicator in Splunk Search 03-04-2021 0 7	0	7
Unique users by application over time periods in a timechart table As a example, I have a search that calculates "Unique Users per Application" and this can be constrained to a particu... by nickstone Path Finder in Splunk Search 03-04-2021 0 5	0	5
How to Add time in the Dashboard Hello,I have a query (e.g. "....... " \| stats count, avg(...)) and after that I get as resultOwnColumn Count AVGXYZ ... by exchanger Path Finder in Splunk Search 03-04-2021 0 1	0	1
How to write VPN DHCP pool stats by AnonymousPerson New Member in Splunk Search 03-04-2021 0 1	0	1
Using sub search result to add to main search Hi, I have a main search that look like this index=main RESPONSE_CODE="0" earliest =-4mon@mon latest=mon@mon \|stats c... by phamxuantung Communicator in Splunk Search 03-04-2021 0 6	0	6
how to excluse a result from a search hiin the search below I need to excluse the results when instance=_total index="perfmon-fr" \| fields %_User_Time hos... by jip31 Motivator in Splunk Search 03-04-2021 0 1	0	1
ML Users hitting Limits Our ML team use the API to export large numbers of events for model training.They are hitting limits: [searchresults]... by jonaclough Path Finder in Splunk Search 03-04-2021 0 0	0	0
How to convert tabular data to distinct count How to convert tabular data to distinct countHi,I have a splunk query\| stats count by operation (under field operatio... by VijaySrrie Builder in Splunk Search 03-04-2021 0 5	0	5
Nested stats and json keys grouping Hi ,I have a json structure like this : { "zip": 67452, "location": "NY", "author": { "book1": { "pr... by mkiran18 Loves-to-Learn in Splunk Search 03-04-2021 0 4	0	4
how to read comment line Hi ,I have data where i want to read comment line and store value in field.for example , I have log where first 4... by pragycho Loves-to-Learn in Splunk Search 03-04-2021 0 2	0	2
How to round stats average to 2 decimal places? Hello, I have this: stats count by opentime \| stats avg(count) and I want the average to be in 2dp. Anyone have an... by markthompson Builder in Splunk Search 03-03-2021 5 11	5	11
Getting Syslog logs into Splunk last version Hi, I'm new in Splunk and I'm trying to collect Syslog log to indexers. I have read in Splunk documentation that Splu... by porbea01 New Member in Splunk Search 03-03-2021 0 8	0	8
Extract field from another dynamic field I have a field from the search query called source which has a pattern of "text:text:text:dynamicText:dynamicText:dyn... by thenormalone Path Finder in Splunk Search 03-03-2021 0 3	0	3
calculates the availability of a service with active server and passive server Hello,@rnowitzki @renjith_nair could you help me on the following question please:I index every day at 6 p.m. splunk ... by wcastillocruz Path Finder in Splunk Search 03-03-2021 0 8	0	8
Can we get a query to fetch the savedsearches/dashboards which are running with timerange more than 24 hours Can we get a query to fetch the savedsearches/dashboards which are running with timerange more than 24 hours In oour ... by Naga Engager in Splunk Search 03-03-2021 0 1	0	1
Filter records from Table based on a column value as a number Here is my Splunk Query:index=test "Entry Done for Id=" \| rex field=_raw Id=(?<Id>.*?)# \| rex field=_raw UserID=(?<Us... by nits Explorer in Splunk Search 03-03-2021 0 1	0	1
Add transactions with a sub-search Hello,@scelikokCould you help me on the following search please?I have a main search which groups me together all the... by wcastillocruz Path Finder in Splunk Search 03-03-2021 0 0	0	0
How to get average count of one field by day as a line chart I have events that contain a userId field and I would like to make a line chart to visualize the average count per da... by vmvd Explorer in Splunk Search 03-03-2021 0 3	0	3
How to handle \n in regex In some of the events, I have '\n' in the events :message: org.springframework.jdbc.UncategorizedSQLException: Calla... by ppatkar Path Finder in Splunk Search 03-03-2021 0 1	0	1
Adding column based on values from other columns I have this code that shows me the start and end times of runs of a program:index=index1 source=source1 \| transaction... by Soogbad Engager in Splunk Search 03-03-2021 0 3	0	3