Splunk Search

Community Activity

How to get multiple values of one id in different columns I got the output in the form ofsearch is : stats values(status) by id..Id statusIDStatus1AgreedN/ANegoiate2AgreedSu... by renuka Path Finder in Splunk Search 10-08-2020 1 10	1	10
Need help with timestamp recognition I have struggled with getting splunk to recognize timestamps in timestamps from an udp input. I have tried for many h... by hethu Path Finder in Splunk Search 10-08-2020 0 3	0	3
Filter duplicate rows based on a condition Hello Everyone!I have an output in the below format and would like to filter the duplicate ids with 'fieldA' value as... by kiru2992 Path Finder in Splunk Search 10-07-2020 0 8	0	8
use rex to define a string as a field Hi, I have an index that returns alarms with details as string. I want to define the text in bold as a field. The s... by c799651 Explorer in Splunk Search 10-07-2020 1 3	1	3
Trending sum count Hi,I am trying to create a trending single value however having trouble setting it up. Essentially the stats below su... by munisb Explorer in Splunk Search 10-07-2020 0 2	0	2
Converting strings I've got email subjects extracted into a field, which are encoded in UTF-8 or ISO-8859-* Examples: =?ISO-8859-15?Q?... by mborner Explorer in Splunk Search 10-07-2020 2 4	2	4
Capture peak hour and use the same hour in a sub search I am preparing a volume report for my project. My requirement is to capture the peak hour (hour which has highest cal... by Allampally Path Finder in Splunk Search 10-07-2020 0 11	0	11
Can the precision of numerical results be changed in the search? Let's say you have the following search:... \| stats sum(eval(sc_bytes/1073741824)) AS Gigabytes BY date The resulting... by CarbonCriterium Path Finder in Splunk Search 10-07-2020 0 3	0	3
How do I edit my search to have a moving timespan to count user connections within any 60 seconds? We're looking to identify the users that connect the most within a 60 second window. Currently our search looks like ... by solson3 New Member in Splunk Search 10-07-2020 0 4	0	4
Help with search Hi, I am using Splunk to grab disk drive metrics but often times I am pulling metrics for drives I don't care about. ... by unifirst101 Engager in Splunk Search 10-07-2020 0 3	0	3
Help with API query HelloIm trying to run this query from Splunk API and getting this error:'rex' is not recognized as an internal or e... by havatz Explorer in Splunk Search 10-07-2020 0 0	0	0
How To String Multiple Searches To Update KV Store Hello, I have been banging my head on a problem. What I am trying to do is run a first query to get a list of assets,... by joemarty82 Explorer in Splunk Search 10-07-2020 0 0	0	0
How to count the values of a field and add it to existing chart? Hi There, we have a search which covers multiple values as below (each field has a single value)\| chartcount(serviceN... by 2chs Explorer in Splunk Search 10-07-2020 0 3	0	3
Alert trigger condition on field sum Hi.I created the following search which reports events of Active Directory users being locked aggregated by username:... by diconium Explorer in Splunk Search 10-07-2020 0 7	0	7
Searching for period of months without rerunning search every month for complete timerange I have a search which counts all ids events of the last 12 months by the severity. This search needs really long to r... by igschloessl Explorer in Splunk Search 10-07-2020 0 1	0	1
100% schedule searches are skipped failing due to "searchable rolling restart or upgrade is in progress"" Hi All, In our distributed deployment we are getting the issue where 100% schedule searches are skipped failing due t... by arjit Path Finder in Splunk Search 10-07-2020 0 2	0	2
Splunk 8.0.1: Getting error when using \| from datamodel:$model$ to put parameters on a saved search. I have a saved search that does: \| from datamodel:"Performance.Storage" But, I am trying to make this saved searc... by bowesmana SplunkTrust in Splunk Search 10-06-2020 0 2	0	2
Splunk Date/Time comparison using _time generated through timechart for a Span of 1 Month Hello Experts,I am having a search as below \|search \| eval _time=new_t \| timechart span=1mon sum(alloc) as used \| ... by promukh Path Finder in Splunk Search 10-06-2020 0 2	0	2
How to match a regex field using wildcard Hi, I have the following search:search\| spath input=rawJsonData output=UserActionAttributes path=UserActionAttributes... by adj24 Engager in Splunk Search 10-06-2020 1 2	1	2
Configuring a Radio button Good evening,I am trying to configure two radio buttons. I want the first radio button (a csv file in a table form wi... by antaeuslogan New Member in Splunk Search 10-06-2020 0 1	0	1
help creating alert port 443 for 1 hour by action I know that someone may have asked this, but the truth is I did not find anything similar.I need to create a query f... by splunkcol Builder in Splunk Search 10-06-2020 0 2	0	2
Getting data out of an event with a regular expression I am trying to figure out how to get data out of the event and into a field. I need to get all the data in brackets.S... by MattPainting New Member in Splunk Search 10-06-2020 0 2	0	2
finding alerts (saved searchs) based on alarm IDs or other event contents Usually I find an individual alert, i.e., a saved search, among a large number of alerts by searching for it by name.... by MarcRiese Explorer in Splunk Search 10-06-2020 0 1	0	1
How to remove first 8 numbers of a field I have a set of devices that are identified by a very long 15 number. The first 8 numbers are just a prefix which we ... by adrianrepublic Explorer in Splunk Search 10-06-2020 1 3	1	3
Splunk relative time Today is 10/2/2020. I need to execute 6 searches using relative time for last month (earliest= & latest=) that are ea... by jdmclemore Path Finder in Splunk Search 10-06-2020 1 6	1	6