Splunk Search

Community Activity

splunk subsearch query help Hi,I have a main query which returns below 4 columns:rule, result, name, departmentNow i have to add another query as... by surekhasplunk Communicator in Splunk Search 06-29-2020 0 1	0	1
How to get duration between a start and stop event and trigger an alert if duration is greater than 1 week? Here the logs I have 04/24/2017 02:42:08 PM LogName=System SourceName=Microsoft-Windows-Service Control Manager Eve... by dmenon84 Path Finder in Splunk Search 06-29-2020 0 8	0	8
Monitoring disk space Hi, I'm using the following search to monitor disk space. I have 2 partitions, drive D and E. I am only returning ... by steveo2 Engager in Splunk Search 06-29-2020 0 1	0	1
Why do I have to use eval for this search? Hi everyone, Why does this search return nothing \| stats count(status=200) AS Success While this search returns wha... by adamfrisbee Explorer in Splunk Search 06-29-2020 0 5	0	5
DBSCAN Cluster Visualization Interpretation, Machine Learning Toolkit Hi!I used the "Cluster Behavior by App Usage" example in the Clustering Numeric Fields workflow within the Splunk ML... by michaelsplunk1 Path Finder in Splunk Search 06-29-2020 0 0	0	0
searching the records of the table with empty field Hi I have an interactive dashboard with form inputs, i have set default value as * for all the form inputs, depends o... by Mubarish Path Finder in Splunk Search 06-29-2020 1 4	1	4
SPL For-Loop Hi allI am using following SPL to loop through HTTP Request data in order to extract fields and values and I have 2 i... by me74fhfd Path Finder in Splunk Search 06-29-2020 0 1	0	1
Transpose lines to Column {<!-- --> "DbMaintenanceDailyRoutineSummary": {<!-- --> "success": [ {<!-- --> "server-002": [ {<!-- --> "vacuum"... by felipesodre Path Finder in Splunk Search 06-29-2020 0 7	0	7
Finding matches between 3 different indexes. I have the following case: I have 3 different indexes (A, B and C). My goal is to find what percentage of the devices... by assennikolov Explorer in Splunk Search 06-29-2020 0 4	0	4
How do you completely remove Saturdays and Sundays from displaying on a timechart? Hello, was looking at this topic : https://answers.splunk.com/answers/112838/how-can-you-restrict-a-timechart-to-di... by Zakary_n Path Finder in Splunk Search 06-29-2020 0 6	0	6
Iterate search over multiple field values Hi,I've created a search which is based on 1 field value but I need the search to run over many field values. Rather... by Sam1 Explorer in Splunk Search 06-28-2020 0 2	0	2
get the last element of repeating json payload I have a repeating j son payload appearing in my logs.I am interested in capturing the last payload from the logs.rig... by sharathk0525 Observer in Splunk Search 06-28-2020 0 5	0	5
Help with timewrap Command Hi, I am trying to show a comparison of traffic on my website for today, yesterday and last week. I am using below qu... by Shashank_87 Explorer in Splunk Search 06-28-2020 0 3	0	3
Splunk query for UPtime and Downtime? Hi Folks, Can anyone please help in forming the query for internal splunk components up and downtime reporting, i f... by Inayath_khan Path Finder in Splunk Search 06-28-2020 0 2	0	2
join/append two queries Hi, I have two different queries, I want to join two columns.Below is my query: `macro`msg="Finish import*" OR msg = ... by smahuja Explorer in Splunk Search 06-28-2020 0 1	0	1
Group by and sum Hello - I am a Splunk newbie.datetimeSrc_machine_nameCol1Col31/1/2020Machine1Value1Value21/2/2020Machine1Value1Value5... by thedonaldblake Engager in Splunk Search 06-28-2020 0 1	0	1
Regex search through splunk Is there a method to do "AND" while writing regex instead of "OR" . As when i write a reg and add to regex _raw="expr... by vplunk Explorer in Splunk Search 06-28-2020 0 2	0	2
How to calculate uptime percentage based on my data? Lets say my data is like this: 8/27/12 10:30:00.000 AM server=test1 and status=Down 8/27/12 10:29:00.000 AM server=t... by rakes568 Explorer in Splunk Search 06-28-2020 1 5	1	5
Splunk Search Hellois there a length limit in the search.? I have been using NOT operator in my query extensively due to error code... by snagatho New Member in Splunk Search 06-27-2020 0 1	0	1
When running the delete dups search, I'm reaching the 10k limit. How do I increase it? I'm trying to delete dups using this method here: https://community.splunk.com/t5/Splunk-Search/How-to-delete-duplica... by whoami_root Observer in Splunk Search 06-27-2020 0 1	0	1
Check multiple hosts for existence I have list of around 100 hosts that are sending data to index and I would love to return a table with hostname and s... by seva98 Path Finder in Splunk Search 06-26-2020 0 2	0	2
After 10000 records in lookup, new records are not getting appended. Any solution? Hi,I have used the below saved search to append the data every 15 mins into the lookup file. I use the lookup file in... by spkriyaz Path Finder in Splunk Search 06-26-2020 0 6	0	6
Looking to rewrite a join across several indexes with somewhat unusual relationships (I am reposting this question from email, with permission from the person who emailed)I need to basically join 3 inde... by sideview SplunkTrust in Splunk Search 06-26-2020 0 5	0	5
Using fireall logs to find hosts that do not use a specific protocol I have the following query for PAN firewall logs:index=pan app=ssl\| stats count by srcThis would give me a list of al... by john_byun Path Finder in Splunk Search 06-26-2020 0 3	0	3
Summary Index - Eval Issue - Need both combined & segregated data Hi Splunk ExpertsI've created a summary index where it contains 6 eval cases, for example:eval 1=case(match(something... by gopiven Explorer in Splunk Search 06-26-2020 0 3	0	3