Splunk Search

Community Activity

	Continue on dbxquery Failure I have a search that performs a basic dbxquery connection and SQL search. If the database table were to be dropped o... by ohbuckeyeio Communicator in Splunk Search 08-06-2020 0 0	0	0
	Display result when comparing 3 fields, only show greater by 100 for one field I have a search that is giving me this data set:ID status Stampalex esb 15959898... by baustin612 Explorer in Splunk Search 08-06-2020 0 4	0	4
	How to count and sum fourth column if second and third column are certain value and group by first column? So my data structure has four columns: "Month", "Status", "Accepted", "Value". As the title suggest I'm trying to det... by Username1 Path Finder in Splunk Search 08-06-2020 0 11	0	11
	Split unix commands There is a command fields in my logs and consists of unix commands.One value is /usr/bin/ssh -q -o ConnectTimeout=5 -... by dwibedi03 Explorer in Splunk Search 08-06-2020 0 6	0	6
	How to rewrite/correspond MySQL queries in Splunk? Hey community I have my data in both MySQL and in Splunk. I'm trying to mimic the MySQL queries in Splunk so I can ma... by Username1 Path Finder in Splunk Search 08-06-2020 0 8	0	8
	Adding Event Count to Table I am trying to get the Date (altering _time in a specific format shown below), number of events (which I am using sta... by bburns2122 Explorer in Splunk Search 08-06-2020 0 7	0	7
	exclude certain event type from count Hi, I have a stat on eventtype like thisindex=xyz \| stats count by eventtypeThis query generates:All_logs = 14Error ... by noman377 Explorer in Splunk Search 08-06-2020 0 5	0	5
	Remove peer from Index Cluster and re-add after maintenance I need to take one peer down for maintenance, so i do splunk stop on it.cluster handles and brings cluster back to va... by jiaqya Builder in Splunk Search 08-06-2020 0 9	0	9
	Help with regex Hi,I have below in column default_message1st regex :default_message= <14>shell: cmd by abcd: mkdir testcan you please... by surekhasplunk Communicator in Splunk Search 08-06-2020 0 3	0	3
	Why does my token in my search query not work? I've created a dropdown input field that shows the user accounts that are locked out And this is the search string th... by rkris Explorer in Splunk Search 08-06-2020 0 2	0	2
	How to create inventory that matches user to the devices they have logged into? Hello All, I am looking for a solution to establish a kind of IT inventory, based on logins. Is there any working sol... by Yokova New Member in Splunk Search 08-05-2020 0 1	0	1
	how to use transaction to Group multiple events with field values in a specific order hello , i have many logs like:"_time1 user=A eventid =45""_time2 user=A eventid=46""_time3 user=A eventid=48""_time4 ... by qiuxiaoping New Member in Splunk Search 08-05-2020 0 5	0	5
	How to perform Rolling Percentiles (e.g. P90) over a time period? I need help on doing cumulative percentiles, such as p90, over a period of time. This is different from rolling avera... by splunkuserCA1 Path Finder in Splunk Search 08-05-2020 0 3	0	3
	Compare value of row'1', column'1' with row'n', column'n' and if matched then diff=(Size_In_MB_new-Size_In_MB) I want to compare (OWNER)(TABLE_NAME) to (OWNER_New)(TABLE_NAME_New). And once the value matched then want to find di... by RajanRaj New Member in Splunk Search 08-05-2020 0 1	0	1
	SPLUNK architecture Hi, I am very new to SPLUNK and inherited an environment without much documentation. Can anyone help with the followi... by Jeronimo317 Explorer in Splunk Search 08-05-2020 0 1	0	1
	count Events per minute but only for same users Hi Splunkers, some examples from our logs.. [Time:11:03:01] [Function:upload] [User:aaa][Time:11:03:10] [Function:upl... by summerura Explorer in Splunk Search 08-05-2020 0 1	0	1
	How to check whether splunk is receiving logs from particular IP Hi Guys, Syslog is sent to forwarder IP through TCP 514 port. I am unable to receive those syslog in forwarder or ind... by alexspunkshell Contributor in Splunk Search 08-05-2020 0 2	0	2
	Stats StatusCode error Rate Hi There,Need help to find the status code error rate where status code is >400.I have below Query to time chart t... by dpdwibedy Explorer in Splunk Search 08-05-2020 0 4	0	4
	Time duration filter Hi All, Need help in getting the data for those Downtime > 15 mins. below is the query am using. index=opennms "uei.... by jerinvarghese Communicator in Splunk Search 08-05-2020 0 3	0	3
	How to query alerts by a specific personal domains? Hello,I'm trying to put a query together to monitor/view emails being sent externally to a personal domain. i.e. john... by brc55 Explorer in Splunk Search 08-05-2020 0 3	0	3
	src_ip, with all dest_ips and dest_ports The following search is not giving me what I want.. sourcetype="sidewinder" action="blocked" direction="internal" \| ... by mcbradford Contributor in Splunk Search 08-05-2020 0 6	0	6
	How to add final total count of results without adding another column? I can't seem to figure out a way to add a bottom row for a total count of results (records) to the end of the results... by splunkin11 Path Finder in Splunk Search 08-04-2020 0 10	0	10
	Timechart issue I have created a dashboard panel that shows all the users with failed logins in the form of a timechart I'm trying t... by rkris Explorer in Splunk Search 08-04-2020 0 2	0	2
	How to create a search for date compare to get the exact output? I am trying on date compare but i am unable to get the exact output The condition for Date Compare: if(First_Date.bef... by renuka Path Finder in Splunk Search 08-04-2020 0 2	0	2
	How to perform a field extraction on a field from a lookup table? Hi, How to perform a field extraction on a field from a lookup table? I'm trying to add another field so the data mod... by dkorlat Explorer in Splunk Search 08-04-2020 0 5	0	5