Splunk Search

Community Activity

How to remove an entire column from results if all the values of the column are zero? Is there any possibility to remove an entire column if all the values of the column are zero? by Naren26 Path Finder in Splunk Search 08-01-2020 0 4	0	4
Education is down for maintenance on last day of 30 days. I need to take the final quiz. I will need an additional day to complete the final quiz for Fundamentals 3 if this doesn’t come up in next couple of... by mangopickle New Member in Splunk Search 08-01-2020 0 1	0	1
How to determine missing entries for a given time I have a scenario where when a device checks in, it sends multiple records of it's inventory with the same time stamp... by warren_h Observer in Splunk Search 07-31-2020 0 3	0	3
Percentage of value combinations in the dataset Hello,I am looking to figure out the percentage of times certain value combinations appear in the data. The field I... by CarbonCriterium Path Finder in Splunk Search 07-31-2020 0 3	0	3
How to perform regex on latest event? I have a query statement like so index=* "account balance:" \| rex "blah blah account balance:(?P<balance>(\d{1,3}(,... by splunktest_ Loves-to-Learn Lots in Splunk Search 07-31-2020 0 2	0	2
Explicit Search/Alert for an Error I am looking at setting up Search/Alert if i see an only "ERROR OGG-01296", however don't want to receive any alert w... by kvallala Explorer in Splunk Search 07-31-2020 0 2	0	2
Is there a "keepdup" command? HI, I am looking for something that is the 'opposite' of dedup; where the duplicate events are kept, and singular eve... by hirschel New Member in Splunk Search 07-31-2020 0 1	0	1
use eval variable in my search hi, i'm trying to use an eval variable in my search. i've tried many different things and i've failed, and i'm sure t... by gpSplunk123 Engager in Splunk Search 07-31-2020 0 3	0	3
How to search for all outward bound data? I'm a noobie here, and I'm trying to figure out how to search for all outward bound data. How does one accomplish thi... by splunktest_ Loves-to-Learn Lots in Splunk Search 07-31-2020 0 1	0	1
Connecting "remotely" instead of using localhost I want to test an HEC script that is hosted remotely by pointing it to the Splunk instance at my desk.Up to this poin... by chris94089 Path Finder in Splunk Search 07-31-2020 0 1	0	1
Count of events by field where field has multiple instances of same value Hi there We presently have a setup where error codes are extracted and put into their own field. The way it's been s... by djohnson99 Explorer in Splunk Search 07-31-2020 0 2	0	2
query the number between a range Hi,I have alerts when the number goes above certain % of the disk usage. So there are alerts at 70, 80, 90. It works ... by deepakaakula Explorer in Splunk Search 07-31-2020 0 8	0	8
Search for sample to convert my Pivot Table from excel to SPL, have raw data Hi, I am a beginner of SPLUNK and SPL. Recently I am asked to replace my statistic table from excel into SPLUNK to c... by puppy0723 New Member in Splunk Search 07-31-2020 0 0	0	0
Troubles pivoting from dnslookup results to index search I am trying to use the results of dnslookup to pivot the results to query my index.\| makeresults\| eval domain="google... by cbakes New Member in Splunk Search 07-31-2020 0 1	0	1
map command Can I use the map command with the variable being the index and/or sourcetype?\| makeresults\| eval User = "12345", ind... by kgrahamLM Observer in Splunk Search 07-31-2020 0 7	0	7
Sum in timechart I want to display earliest invested amount based on type (stock,fd,mutual fund,etc) over a month and want to keep num... by shravanikarale Loves-to-Learn Lots in Splunk Search 07-31-2020 0 0	0	0
How can we make first tab as default when dashboard is opened Hi All,We have a dashboard which uses three layers of tabs- (please refer attached screenshot)Issue- when we load the... by shugup2923 Path Finder in Splunk Search 07-31-2020 0 1	0	1
How to change default from "All time" in Pivot time filter? Currently when building a pivot table the default time is set to "All Time". Is it possible to set it to some other v... by jwebster0000 Engager in Splunk Search 07-31-2020 2 8	2	8
while using chart i see null value and that particular col is not visible in dashboard HI, While use chart command i am getting null values for status in search and the same in dashboard i do not see in t... by vikashperiwal Path Finder in Splunk Search 07-31-2020 0 2	0	2
How to use "setfields" command to assign the value based on field value rather than field name? I want to use the setfields command to set fieldA to a particular value. That value is located in fieldB. How can I... by sirching Loves-to-Learn Lots in Splunk Search 07-30-2020 0 5	0	5
Binary/square Time chart I have a field that contains either 0 or 1 according to the state of a process. What command could I use to make a ti... by tbrown Path Finder in Splunk Search 07-30-2020 0 10	0	10
Filtering Hosts within a Transaction So I have a search that is structured as follows index=main <filtering for start and end events> OR <filtering for ev... by tbrown Path Finder in Splunk Search 07-30-2020 0 4	0	4
Search and compare data within 3 fields to find positive and negative matches I have a search yielding data from three different email fields, call them msg.header.to{}, msg.header.cc{} and orig_... by Glioblaster Explorer in Splunk Search 07-30-2020 0 6	0	6
Cannot convert a rex pattern variable to use in a chart I have the following splunk event:2020-Jul-30 18:19:02.891Z level=DEBUG thread=https-jsse-nio-2720-exec-9 pid=20 code... by gsbpp Explorer in Splunk Search 07-30-2020 0 2	0	2
How to search for machines that are not reporting? We are using 100+ machines...Could you please help me in splunk search...The scenario is I am having 100 machines and... by shweths New Member in Splunk Search 07-30-2020 0 3	0	3