Splunk Search

Community Activity

What is the command to check if a field exists in one column but not in the other column? hello what is the command to check if a field exists in one column but not the other? for example, to count the "10... by avivn Explorer in Splunk Search 07-25-2020 0 8	0	8
How to calculate average based on 2 fields and group the result by values in the third field? Hi everyone, This is the first time, I've used Splunk. I have the data like this:ORDER_IDPRICEGROUP0000110A0000220B0... by dominhthe110 Explorer in Splunk Search 07-25-2020 0 4	0	4
how to refer to data between 2 sourcetypes I am running a search against my windows event logs, lets call it sourcetypeA. I need to use the IP address obtained... by sirching Loves-to-Learn Lots in Splunk Search 07-25-2020 0 1	0	1
How can i list the the results of saved reports simultaneously I have created the reports based on the errors in the OS.Saved Reports:Report_Name -- DescriptionNetwork -- Repo... by bala1185 Engager in Splunk Search 07-25-2020 0 0	0	0
Add Filter Query if Field Exists Hi. I already have a Splunk query that we use in a production environment. We are now adding a new field that we'd li... by lmattar Engager in Splunk Search 07-24-2020 0 2	0	2
Help for diisplay a message in a single panel following a token value HII use the code below and I would like that if the host I fill in my drilldown doenst exists J have the message "No ... by jip31 Motivator in Splunk Search 07-24-2020 0 3	0	3
How to use timechart to display failed user login info, sorted by time/date of each login attempt? I'm trying to display failed user login information by using a timechart but I'm not sure how to show the time and da... by rkris Explorer in Splunk Search 07-24-2020 0 5	0	5
Taking daily "OPEN"/"CLOSED" reports and creating a monthly avg So suppose that everyday Splunk takes in a report that houses 9 different fields, one of which is called 'status'. St... by Username1 Path Finder in Splunk Search 07-24-2020 0 6	0	6
Why is the rename command not working when using it to rename with _time field? Hello Team, Whenever i use the rename command to rename the _time field than output comes in the binary fomart. For E... by harsh5523 New Member in Splunk Search 07-24-2020 0 2	0	2
Does maxTotalDataSizeMB parameter in indexes.conf still apply if we use volume for coldPath and homePath? Hello guys, does maxTotalDataSizeMB parameter in indexes.conf will still apply if we use volume for coldPath (and hom... by splunkreal Influencer in Splunk Search 07-24-2020 0 1	0	1
I need a search to find mapping of roles to AD Groups and indexes I have been able to find searches for roles mapped to AD Groups, but I need to get the indexes those roles are allowe... by nls7010 Path Finder in Splunk Search 07-24-2020 0 1	0	1
Help with field extraction and table Hi I hope someone can help me .. I am completely new to Splunk. Although I love it so far I don't really know how to ... by splunknoob Engager in Splunk Search 07-24-2020 0 3	0	3
data extraction from Nested JSON data and print only corresponding details H Team, Am trying to fetch the nicSwitch* details of only corresponding nicName from the below json data, which i cou... by bala1185 Engager in Splunk Search 07-24-2020 0 3	0	3
Count for same field but for non occurring values based on other field. In below example I want only count of "a" as he has not paid till the end. And also the data entries are many which c... by shravanikarale Loves-to-Learn Lots in Splunk Search 07-24-2020 0 5	0	5
time span = week Hello, I am trying to span for 1 week and 1 month chart from the summary index search, but When in use \| bin span=1w,... by gowtham08091 Explorer in Splunk Search 07-24-2020 0 3	0	3
How to make another search in if condition using eval Hello,I think this might be simple but need some guidance. Any help would be really appreciated.I have a log and in w... by mnarmada Path Finder in Splunk Search 07-24-2020 0 4	0	4
Performance in inputlookup vs lookup (command) There is a big difference in term of performance in using "inputlookup" and "lookup" from the following queries with ... by lucas4394 Path Finder in Splunk Search 07-24-2020 0 5	0	5
Convert from any timezone to UTC How do I convert a timestamp from any timezone to UTC in splunk? I have a field "DeviceTime" that can hold any time z... by rockstarter New Member in Splunk Search 07-23-2020 0 2	0	2
Using mstats with eval grouped by field I wanted to graph the computed value of two fields and group the result by another field: \| mstats avg(kube.pod.cpu.l... by prandelicious Loves-to-Learn Lots in Splunk Search 07-23-2020 0 9	0	9
How to get current GMT time? I have a search: search \| eval difference=now() - strptime(createdDate,"%Y-%m-%d %H:%M:%S.%3N") This works, excep... by Sundried Explorer in Splunk Search 07-23-2020 1 5	1	5
Unable to divide output of two queries Hi team, I want to divide the output result of one query with output of second query and get a remainder. I am using ... by preetham2215 New Member in Splunk Search 07-23-2020 0 2	0	2
Comparing two search results and listing unique ones as table Hi,Have logs for both request to a server and its response. However, in some cases the response won't be received and... by renjithk Observer in Splunk Search 07-23-2020 0 1	0	1
help to display field header in ordinate axis hiThe stats command below allows me to display data in a table panelI would like to display the fields header in an o... by jip31 Motivator in Splunk Search 07-23-2020 0 3	0	3
How to count IPs that match fields in two different searches? I need to create a search that counts IPs which return events for two different fields in the same index. Search 1 wi... by sbhuie New Member in Splunk Search 07-23-2020 0 5	0	5
Splunk dashboard HI Team ,i need to edit existing dashboard and need to display :time taken for 90, 97 and 99 percentile of transactio... by splunkuser_tr Observer in Splunk Search 07-23-2020 0 3	0	3