Splunk Search

Community Activity

How to combine two field values into one I have got a query like this index=* request in (request1, request2, request3)eval request&& = request1 + request2Pl... by skodak Explorer in Splunk Search 08-07-2020 0 3	0	3
Table with true and false (column) counts for specific users (rows) Hi there, I have just started using Splunk and it is quite alien to me. Hope you guys can help me out! I have the fo... by Matthew86 Explorer in Splunk Search 08-07-2020 0 2	0	2
Join index's together. HI all,I have 2 index, that have same common field together. I want to join both together.Query 1: index=opennms "... by jerinvarghese Communicator in Splunk Search 08-07-2020 0 3	0	3
Help With Event Cleanup - Remove "-" I am having a problem with what i believe is writing a regex to clean up some events before i report on them in dashb... by ghostdog920 Path Finder in Splunk Search 08-07-2020 0 4	0	4
Generate timechart with normalized/rescaled data points Hello,I'm trying to analyze an A/B test results on access pattern changes for a specific field.Simplified query looks... by izx New Member in Splunk Search 08-06-2020 0 0	0	0
mvexpand issues and alternative needed Hi all,I have below situation. Actual query is much longer so I just need the logic.cve is the multivalue field. It i... by mbasharat Builder in Splunk Search 08-06-2020 0 0	0	0
Join two field with similar values and stats by an uncommon field How do I combine a field with similar value (where one value might or might not exist in one of the field) and use st... by icosine Engager in Splunk Search 08-06-2020 0 2	0	2
[Report Acceleration] Can we benefit from the accelerated summary outside the app? If a report is accelerated in the search app, are the other apps supposed to benefit from its acceleration? The repor... by sylim_splunk Splunk Employee in Splunk Search 08-06-2020 2 1	2	1
How to make a field cover multiple events I have a transaction of events. In the first event of the transaction, it contains an event that I am using\| rex fiel... by tbrown Path Finder in Splunk Search 08-06-2020 0 1	0	1
Continue on dbxquery Failure I have a search that performs a basic dbxquery connection and SQL search. If the database table were to be dropped o... by ohbuckeyeio Communicator in Splunk Search 08-06-2020 0 0	0	0
Display result when comparing 3 fields, only show greater by 100 for one field I have a search that is giving me this data set:ID status Stampalex esb 15959898... by baustin612 Explorer in Splunk Search 08-06-2020 0 4	0	4
How to count and sum fourth column if second and third column are certain value and group by first column? So my data structure has four columns: "Month", "Status", "Accepted", "Value". As the title suggest I'm trying to det... by Username1 Path Finder in Splunk Search 08-06-2020 0 11	0	11
Split unix commands There is a command fields in my logs and consists of unix commands.One value is /usr/bin/ssh -q -o ConnectTimeout=5 -... by dwibedi03 Explorer in Splunk Search 08-06-2020 0 6	0	6
How to rewrite/correspond MySQL queries in Splunk? Hey community I have my data in both MySQL and in Splunk. I'm trying to mimic the MySQL queries in Splunk so I can ma... by Username1 Path Finder in Splunk Search 08-06-2020 0 8	0	8
Adding Event Count to Table I am trying to get the Date (altering _time in a specific format shown below), number of events (which I am using sta... by bburns2122 Explorer in Splunk Search 08-06-2020 0 7	0	7
exclude certain event type from count Hi, I have a stat on eventtype like thisindex=xyz \| stats count by eventtypeThis query generates:All_logs = 14Error ... by noman377 Explorer in Splunk Search 08-06-2020 0 5	0	5
Remove peer from Index Cluster and re-add after maintenance I need to take one peer down for maintenance, so i do splunk stop on it.cluster handles and brings cluster back to va... by jiaqya Builder in Splunk Search 08-06-2020 0 9	0	9
Help with regex Hi,I have below in column default_message1st regex :default_message= <14>shell: cmd by abcd: mkdir testcan you please... by surekhasplunk Communicator in Splunk Search 08-06-2020 0 3	0	3
Why does my token in my search query not work? I've created a dropdown input field that shows the user accounts that are locked out And this is the search string th... by rkris Explorer in Splunk Search 08-06-2020 0 2	0	2
How to create inventory that matches user to the devices they have logged into? Hello All, I am looking for a solution to establish a kind of IT inventory, based on logins. Is there any working sol... by Yokova New Member in Splunk Search 08-05-2020 0 1	0	1
how to use transaction to Group multiple events with field values in a specific order hello , i have many logs like:"_time1 user=A eventid =45""_time2 user=A eventid=46""_time3 user=A eventid=48""_time4 ... by qiuxiaoping New Member in Splunk Search 08-05-2020 0 5	0	5
How to perform Rolling Percentiles (e.g. P90) over a time period? I need help on doing cumulative percentiles, such as p90, over a period of time. This is different from rolling avera... by splunkuserCA1 Path Finder in Splunk Search 08-05-2020 0 3	0	3
Compare value of row'1', column'1' with row'n', column'n' and if matched then diff=(Size_In_MB_new-Size_In_MB) I want to compare (OWNER)(TABLE_NAME) to (OWNER_New)(TABLE_NAME_New). And once the value matched then want to find di... by RajanRaj New Member in Splunk Search 08-05-2020 0 1	0	1
SPLUNK architecture Hi, I am very new to SPLUNK and inherited an environment without much documentation. Can anyone help with the followi... by Jeronimo317 Explorer in Splunk Search 08-05-2020 0 1	0	1
count Events per minute but only for same users Hi Splunkers, some examples from our logs.. [Time:11:03:01] [Function:upload] [User:aaa][Time:11:03:10] [Function:upl... by summerura Explorer in Splunk Search 08-05-2020 0 1	0	1