Splunk Search

Community Activity

Does maxTotalDataSizeMB parameter in indexes.conf still apply if we use volume for coldPath and homePath? Hello guys, does maxTotalDataSizeMB parameter in indexes.conf will still apply if we use volume for coldPath (and hom... by splunkreal Motivator in Splunk Search 07-24-2020 0 1	0	1
I need a search to find mapping of roles to AD Groups and indexes I have been able to find searches for roles mapped to AD Groups, but I need to get the indexes those roles are allowe... by nls7010 Path Finder in Splunk Search 07-24-2020 0 1	0	1
Help with field extraction and table Hi I hope someone can help me .. I am completely new to Splunk. Although I love it so far I don't really know how to ... by splunknoob Engager in Splunk Search 07-24-2020 0 3	0	3
data extraction from Nested JSON data and print only corresponding details H Team, Am trying to fetch the nicSwitch* details of only corresponding nicName from the below json data, which i cou... by bala1185 Engager in Splunk Search 07-24-2020 0 3	0	3
Count for same field but for non occurring values based on other field. In below example I want only count of "a" as he has not paid till the end. And also the data entries are many which c... by shravanikarale Loves-to-Learn Lots in Splunk Search 07-24-2020 0 5	0	5
time span = week Hello, I am trying to span for 1 week and 1 month chart from the summary index search, but When in use \| bin span=1w,... by gowtham08091 Explorer in Splunk Search 07-24-2020 0 3	0	3
How to make another search in if condition using eval Hello,I think this might be simple but need some guidance. Any help would be really appreciated.I have a log and in w... by mnarmada Path Finder in Splunk Search 07-24-2020 0 4	0	4
Performance in inputlookup vs lookup (command) There is a big difference in term of performance in using "inputlookup" and "lookup" from the following queries with ... by lucas4394 Path Finder in Splunk Search 07-24-2020 0 5	0	5
Convert from any timezone to UTC How do I convert a timestamp from any timezone to UTC in splunk? I have a field "DeviceTime" that can hold any time z... by rockstarter New Member in Splunk Search 07-23-2020 0 2	0	2
Using mstats with eval grouped by field I wanted to graph the computed value of two fields and group the result by another field: \| mstats avg(kube.pod.cpu.l... by prandelicious Loves-to-Learn Lots in Splunk Search 07-23-2020 0 9	0	9
How to get current GMT time? I have a search: search \| eval difference=now() - strptime(createdDate,"%Y-%m-%d %H:%M:%S.%3N") This works, excep... by Sundried Explorer in Splunk Search 07-23-2020 1 5	1	5
Unable to divide output of two queries Hi team, I want to divide the output result of one query with output of second query and get a remainder. I am using ... by preetham2215 New Member in Splunk Search 07-23-2020 0 2	0	2
Comparing two search results and listing unique ones as table Hi,Have logs for both request to a server and its response. However, in some cases the response won't be received and... by renjithk Observer in Splunk Search 07-23-2020 0 1	0	1
help to display field header in ordinate axis hiThe stats command below allows me to display data in a table panelI would like to display the fields header in an o... by jip31 Motivator in Splunk Search 07-23-2020 0 3	0	3
How to count IPs that match fields in two different searches? I need to create a search that counts IPs which return events for two different fields in the same index. Search 1 wi... by sbhuie New Member in Splunk Search 07-23-2020 0 5	0	5
Splunk dashboard HI Team ,i need to edit existing dashboard and need to display :time taken for 90, 97 and 99 percentile of transactio... by splunkuser_tr Observer in Splunk Search 07-23-2020 0 3	0	3
How to get the missing devices in a index comparing with yesterday Hi,index=myindex \|search name=*\| bin span=1d _time \| stats dc(name) as name by _timehere i am getting the number of n... by surekhasplunk Communicator in Splunk Search 07-23-2020 0 1	0	1
savedsearch command replace with a literal string not working Hi using a Report (cause I need to allow permissions to the data) in a dashboard passing tokens. Looking at the docs,... by chrisboy68 Contributor in Splunk Search 07-23-2020 0 4	0	4
How to send a calculated multivalued field from a search as an input to another search Hello Everyone!I have a scenario to extract a particular set id's from index1 in search1 and run a search2 on index2 ... by kiru2992 Path Finder in Splunk Search 07-23-2020 0 3	0	3
Pass splunk command from lookup table for execution Hi,I am very new in Splunk and need some help to understand Splunk command execution structure.Case: We are having in... by rahul15601 Engager in Splunk Search 07-23-2020 0 3	0	3
CLI search query not giving results. Working fine on searchhead GUI Hi,/opt/splunk/bin/splunk search " index=** sourcetype="***:proxylogs" earliest=-15m@m latest=now \| fields actio... by Reethika Path Finder in Splunk Search 07-23-2020 0 1	0	1
Why am I receiving this error? Hi @gcusello ,While running the following search we are getting error as stated in topic.Search: \|dbquery wmsqlprd "... by rahul2gupta Path Finder in Splunk Search 07-23-2020 0 2	0	2
Check certificats Hello,I make a script that retourne a certificats list in Excel form then I display uniquely the certifcat about to e... by miguel1423 Explorer in Splunk Search 07-22-2020 0 2	0	2
help on single panel abackground color following value displayed hiIn the code below, I would like that if the condition "No patch in late" in my single panel = true, the color back... by jip31 Motivator in Splunk Search 07-22-2020 0 0	0	0
Melding continuation events while cherrypicking data from each Hello all,I've tried to search here and through search engines with no luck. I can't seem to get the knack for refer... by CrailAtWork Engager in Splunk Search 07-22-2020 0 3	0	3