Splunk Search

Community Activity

events results time in milliseconds hi,i sent Splunk value, for example x=1. after 10 milliseconds i send again x=2 etc.when i search for x. i see in the... by erez10121012 Path Finder in Splunk Search 07-14-2020 0 9	0	9
Why `where match(...)` but not `search match(...)`? What is the difference between `... \| when match(a,b)` and `...\| search match(a,b)`?Why in such cases `when` works an... by pm771 Communicator in Splunk Search 07-14-2020 0 1	0	1
reset_on_change, reset before, reset after what is the major difference of these in streamstats command. I could understand why these function are used as I get... by tara12121007 New Member in Splunk Search 07-13-2020 0 0	0	0
How to get results from last 1 week and last 3 week for the exact time frame of the search I am new to Splunk, I am trying to get results in the below pattern. Any help is appreciated.Lets say I am doing sear... by achittela Loves-to-Learn in Splunk Search 07-13-2020 0 2	0	2
Stats include all fields \| stats sum(Score) AS TotalScore, values(value1) AS value1, values(value2) AS value2, values(value3) AS value3, by Us... by tmontney Builder in Splunk Search 07-13-2020 0 2	0	2
Using CSV field as time I have a CSV file with a column labeled published. Timestamp values in that field are listed like so: 2020-07-01T01:1... by bvan Explorer in Splunk Search 07-13-2020 0 2	0	2
Why is the save button greyed out when attempting to modify a report/search? Hello, I am new at this and I have been emailed some search examples to meet an objective. I copied and pasted the s... by infra2sec Path Finder in Splunk Search 07-13-2020 0 2	0	2
Get a Server Error running certain searches and unable to saving a report or alert for any search Hi,We are using Splunk Enterprise 8.0.4.1 with a Search head and two indexing cluster.As a splunk administrator, I a... by mfeigel Observer in Splunk Search 07-13-2020 0 4	0	4
Eval statement based of 1 field using If I have a bunch of storage clusters that we monitor, 60% of the envrioment uses normal GB, the other 40% uses GiB. I... by codedtech Path Finder in Splunk Search 07-13-2020 0 3	0	3
Use an intermediate universal forwarder Hi at all, I need to send logs from many Universal Forwarders to an Indexer Cluster using an Intermediate Forwarder. ... by gcusello SplunkTrust in Splunk Search 07-13-2020 0 4	0	4
Search using MAP COMMAND I have dropdown which has to execute the two different searches based on token picker I am trying to implement the me... by ssadanala1 Contributor in Splunk Search 07-13-2020 0 1	0	1
Cluster Command Based on Multiple Fields Can the cluster command cluster based on more than one field? I know we can change which field to cluster by, but can... by michaelsplunk1 Path Finder in Splunk Search 07-13-2020 0 2	0	2
Comparing multiple values for a result HI All,need your help in below query. I use below query to get below output.Query : index=nw_syslog\| rex field=_raw "... by jerinvarghese Communicator in Splunk Search 07-13-2020 0 3	0	3
Splunk SPL best practice Will a parentheses Surrounded SPL queries make any difference?For Example:(index IN (“indexA”,”indexB”) source=”sou... by sivaranjiniG Communicator in Splunk Search 07-13-2020 0 5	0	5
Delete redundant information in fields Hallo,I would like to investigate the login behaviour of users. I use this search:I receive the following example log... by caplog Engager in Splunk Search 07-13-2020 0 1	0	1
matching two different events and create new table Dear Folks,I've the below two different type of events, the matching attributes from first event to second event are,... by Madhuranthakan Loves-to-Learn Lots in Splunk Search 07-13-2020 0 0	0	0
How to best track the frequency of repeating events Hi,I'm after suggestions on how to best approach this problem.I want to track over time how often I am seeing a mac a... by pwild_splunk Splunk Employee in Splunk Search 07-13-2020 0 1	0	1
How to display the SLA status based on the SLA time Hi Experts, I have data as shown below, Whenever we run the search, if the current time is greater than start time we... by rock_s Engager in Splunk Search 07-13-2020 0 13	0	13
Create table with yxz I have the query below, but i i dont want the services to like this.. how can i get the names of the services to be v... by sphiwee Contributor in Splunk Search 07-13-2020 0 1	0	1
Sort fieldnames AccountName FAILURE SUCCESS IMPACT LOSS% TotalAccount120001490.111.3310804Account220812620.109.552043Account316301554... by skodak Explorer in Splunk Search 07-12-2020 0 5	0	5
Extract a ";" delimited field in table My log sample looks like this: testServiceName,testTransName,DEVTEST,,,3375598402,15,754,5,2020-07-11 18:41:31.982,20... by Nidd Path Finder in Splunk Search 07-12-2020 0 2	0	2
How to group events by date? Hi, I manage to get the view i want using below search command. May I know how to group the events by Month_Year for... by thl8490123 New Member in Splunk Search 07-12-2020 0 4	0	4
Compare Dates and exclude event if it is older Hi,How do I compare dates and exclude the event if it is older?I have here my table from transaction command. I want ... by Noob_splunker Explorer in Splunk Search 07-11-2020 0 3	0	3
Universal forwarders no longer sending data - SSL23 unknown protocol Our universal forwarders can no longer connect to the indexer, seemingly after upgrading openssl to the newest versio... by adamsimpsondevo Engager in Splunk Search 07-11-2020 1 2	1	2
Split one field values into multiple fields based on values statussuccesssuccess failurefailureerrorerror I want output like status status 1 status2success failure ... by skodak Explorer in Splunk Search 07-10-2020 0 3	0	3