Splunk Search

Community Activity

Count working hours after midnight Hi Splunkers, hope you guys are all well.I'm trying to do an adaptation of the search in this post (thanks to @elliot... by Wheresmydata Explorer in Splunk Search 06-22-2020 0 9	0	9
How to filter by time Hi, I am using Splunk to monitor our REST API callssearch isindex=prod-* "WEBSERVICES CALL ENDED"it gives me results... by ycherbi Explorer in Splunk Search 06-22-2020 0 7	0	7
Use Dynamic Float Value with DBSCAN Dear all! I am trying to use a dynamic value for my epsilon in the MLTK in Splunk: map search="search index = cisco_p... by Deniz_Oe Explorer in Splunk Search 06-22-2020 0 0	0	0
Alphabetically sorting a MVfield Hi All,I'm trying to combine a number of fields using:\| stats values(task_name) as task_name by idnumberThis works gr... by rvsroe Explorer in Splunk Search 06-22-2020 0 2	0	2
Get a distinct count of new values in a field per day with respect to all previous days in the time range I want a distinct count for a given field by day, but this count also needs to look at all previous days in the given... by boo Engager in Splunk Search 06-22-2020 0 4	0	4
How to work with the Seckit_sa_geolocation Hello communityA question was asked about how IP geodata information is provided.I came across an app https://splunkb... by nalia_v Loves-to-Learn Everything in Splunk Search 06-21-2020 0 0	0	0
what happens when ITSI Correlation associations is not define. Hi,can anyone explain , what happens when we kept association of correlation search none/blank. Thanks,Praveen by psoni1 Observer in Splunk Search 06-21-2020 0 0	0	0
All Time shos results in last 24 hour, but Yesterday does not Hi, I'm running Splunk Free and have a data source which has events in the last 24 hours. When I run a search for All... by jeremyhagand61 Communicator in Splunk Search 06-20-2020 0 2	0	2
Passive DNS I am trying to create a passive dns collection based on splunk stream data. My current SPL is this:index=botsv2 sourc... by kjstogn Explorer in Splunk Search 06-20-2020 0 1	0	1
How to Write Case/If Statement for Certain vs All (*) Values Hello,This is a difficult one to explain. Best to show the code and the intended outcomes. Note, there are 7+ possibl... by genesiusj Builder in Splunk Search 06-20-2020 0 7	0	7
How to reset token value on input change with a list of values from search results I have a dashboard.There are several inputs. One of them is a DateTime picker.I wish on the open as well as on choosi... by notricky Observer in Splunk Search 06-20-2020 0 0	0	0
Anyway to make tags.conf case insensitive? We use tags frequently in our environment. I recently added some new servers with differing case for their host names... by jodros Builder in Splunk Search 06-20-2020 0 6	0	6
Method to copy over the value Hello, is there any way for the ip address to be copied over to the top... The condition is whenever the root's comm... by xnx_1012 Explorer in Splunk Search 06-20-2020 0 3	0	3
Splunk 7 upgrade - "ERROR DispatchThread - Failed to read runtime settings: File :/opt/splunk/var/run/splunk/dispatch/subsearch_***/runtime.csv does not exist" Hi All, We just upgraded to Splunk 7 and a subsearch started auto-finalizing after 9000s timeout. Running this searc... by splunkyouverymu Explorer in Splunk Search 06-20-2020 1 4	1	4
Multiple inputs in dashboard I have multiple inputs(3 INPUTS) in a dashboard, I run a sql in the panels. I want to execute a query if the other tw... by Raging_Rags Engager in Splunk Search 06-20-2020 0 3	0	3
Append results in a single line. \| dbxquery connection="" query="select STOREENT_ID,count() O_C from table1 "\| appendcols[\| dbxquery connection="*"... by Raging_Rags Engager in Splunk Search 06-20-2020 0 3	0	3
Unable to query on multiple extracted fields I've a log like below and I want to extract the fields "country", "currency""{"id":1, "message":"country=US&currency... by sivathemass Engager in Splunk Search 06-20-2020 0 1	0	1
Finding Average of Time Column How do we find the average of a table column filled with time values? by michaelsplunk1 Path Finder in Splunk Search 06-19-2020 0 1	0	1
Table Displaying Lookup and Search Results; Wrapped Columns Hello,I would like to create a table for the past 14 days of events. 13 of the table cells will contain output from a... by genesiusj Builder in Splunk Search 06-19-2020 0 3	0	3
How to exclude from stats Hello,I'm trying to exclude the results that I obtain from this search. Essentially, this yields all bots hitting my ... by chuckeelos New Member in Splunk Search 06-19-2020 0 1	0	1
How to get an RSS feed for the whole community? In answers.splunk.com, there was an rss feed for whenever anyone posted a new question.When someone posts a question,... by efavreau Motivator in Splunk Search 06-19-2020 0 3	0	3
Different results when search is run in web UI then in python script. When I run this search in the Web UI I get the correct results. When it is run in a python script the "count(eval(Re... by tbeason Engager in Splunk Search 06-19-2020 0 3	0	3
Ldapsearch throwing spurious errors. Hello,I have a Search head cluster and an indexer cluster. When I am on one of the searchheads and run this ldapsearc... by ifeldshteyn Communicator in Splunk Search 06-19-2020 0 0	0	0
Email Report Only When No Results Greetings,I have a search string for the event and have been asked to figure out how to create a report that only ema... by vwilson3 Path Finder in Splunk Search 06-19-2020 0 4	0	4
Field not in logs but we need it from csv I am using the below query : index=rxc sourcetype="rxcapp" type=ERROR [\| inputlookup abc.csv \| rename id as i_d \| fi... by ksharma7 Path Finder in Splunk Search 06-19-2020 0 2	0	2