Splunk Search

Community Activity

Find maximum value in one column where a second column meets criteria I believe as with all things Splunk, there is more than one way to solve thisMy data consists of this \| makeresults \|... by bowesmana SplunkTrust in Splunk Search 11-05-2020 1 4	1	4
Date sorting Hi, I have below data: Date: Sep 2020 Aug 2018 Feb 2020 July 2017 Sep 2019 I want to sort the date by month and yea... by ND Path Finder in Splunk Search 11-05-2020 0 2	0	2
reconciliation of field value from Splunk DB connect query HI All,I need to reconcile 2 different swift messages from Splunk DB connectThe key pattern should be<<YYYYMMDD>>#SWI... by ashrafsj Path Finder in Splunk Search 11-05-2020 0 1	0	1
Sum duration to iterations of same id Hey,I have an index 'test_iterations' which contains test data (start time, end time, iterationIndex ane TestName).Ea... by noa Loves-to-Learn in Splunk Search 11-05-2020 0 2	0	2
Can't use stats with custom streaming searchcommand I have a custom search command that extracts a domain name from a url string field you specify into a new "domain" fi... by wesleya Explorer in Splunk Search 11-05-2020 0 2	0	2
Adding values from multiple arrays Hi,I am trying to add the values from 2 array functions to get the overall sum.\| eval {1_month_last_day_prior} = case... by shonac Explorer in Splunk Search 11-05-2020 1 6	1	6
Adding new expected Value to serach result Hi,I tried search some data from logs using this statement: index=* sourcetype="mySource" Types* \| stats count by Typ... by mikroice90 Explorer in Splunk Search 11-05-2020 1 5	1	5
Alerting on free space AND % free space - Windows-based systems We are collecting perfmon information - "Free Megabytes" and "% Free Space". All is well in the collection on the... by jmo1 Path Finder in Splunk Search 11-05-2020 0 3	0	3
Fetch fields in json I hava data in statistics.. it has the below format: START Request Id: 62529168377 :$LATEST{"Name": "abc","Alarm":"al... by tsm0099 Explorer in Splunk Search 11-05-2020 0 1	0	1
How to extract latest events of particular field. Hi Folks,I need your help in fetching latest event from a particular field.Sharing you a sample event and query when... by prateeksawhney Explorer in Splunk Search 11-05-2020 0 10	0	10
Using REGEX to extract portion of a string from a field Hi Everyone:I'd like to extract everything after the third "/" below (starting from the left) in the url field below:... by mdeterville Path Finder in Splunk Search 11-04-2020 1 3	1	3
combine events based on a common field I have data being pushed onto Splunk in JSON format. What I am trying to do is combine events. For example, 2 events ... by quirkyUnicorn28 Loves-to-Learn in Splunk Search 11-04-2020 0 0	0	0
normalize columns in timechart Hi allconsider this search:source=bandwidth \| timechart sum(packets_in) by hostwhich will produce rows indexed by a t... by splnk1391 Engager in Splunk Search 11-04-2020 0 1	0	1
How to get an average per day I am trying to get an average for the last (x) days for a that specific day and hour. This search lists a count for t... by tefa627 Explorer in Splunk Search 11-04-2020 0 2	0	2
What does "bin _time span=100ms, eval H=len(_raw),transaction and maxevents" mean in this whole search? Hi, I am having confusion in understanding some portion of following search. Can anyone help me in understanding it ... by M_fahad_hassan Engager in Splunk Search 11-04-2020 0 2	0	2
DNS logs showing IP addresses and not DNS names. My DNS is now only showing IP addresses in the logs. How do I get to see DNS names in the logs? by waJesu Path Finder in Splunk Search 11-04-2020 0 1	0	1
Modify Field with Regex at Index Time Hey guys, I have IIS logs that are logging multiple IPs to the X-Forwarded-For field as below: 114.119.136.78,+162.1... by dbuehler Loves-to-Learn Everything in Splunk Search 11-04-2020 0 6	0	6
Splunk Base Search issues Having issues with splitting the complete search between "basesearch" and "remaining search in other panels". Complet... by dustintroop Explorer in Splunk Search 11-04-2020 0 5	0	5
Lookup Table Hello All,Actually i have an lookup table DIUSERS.csv, i would like to build a query as like below :index=* \|inputloo... by mailmetoramu Explorer in Splunk Search 11-04-2020 0 1	0	1
mstats with host subquery Hi all!I have this query which gets me the list of hostsstuff stuff stuff \| rename host as host_changed \| dedup host_... by matthewwhittle Explorer in Splunk Search 11-04-2020 0 3	0	3
field value is a whitespace I have a field that sometimes has only what appears to be a whatspace. How would I replace the existing whitespace w... by wtaylor149 Explorer in Splunk Search 11-04-2020 0 2	0	2
How to show the mapped field when using map I am attempting to use the map command and table the data. I am trying to map in values to run through the a predict ... by aohls Contributor in Splunk Search 11-04-2020 0 2	0	2
Splunk Search Query Looking for an search query to monitor some bunch of users on all indexes activity. Tried the below one but couldn't ... by mailmetoramu Explorer in Splunk Search 11-04-2020 0 2	0	2
Dashboard As per the below screenshot, when i used to select any host from the dropdown, i want to hide first four panel and ot... by uagraw01 Motivator in Splunk Search 11-04-2020 0 1	0	1
Append data from an Index to a lookup Hello, Splunk newbie here. I have a CSV file with a bunch of hostnames titled 'Device' that I added as a lookup 'hos... by dgitdos Loves-to-Learn in Splunk Search 11-04-2020 0 3	0	3