Splunk Search

Community Activity

Get values of several series during same timespan that the maximum of one series during a day Hi, I built a report that list daily maximums and averages of counts per hour on several days. (difficult to put it ... by gregory_cordier Explorer in Splunk Search 05-23-2020 0 1	0	1
Discrete count on a condition Hi Splunk team, I am trying to run a command below, I need my end output as dc(totalCustomers) and dc(Customers_520E... by priya777 New Member in Splunk Search 05-23-2020 0 1	0	1
calculate Difference between 2 time fields is not working. I tried to difference between 2 dates. It is not working properly. Here is my query, index=s_iss sourcetype=S_AD \| ... by nivethainspire_ Explorer in Splunk Search 05-23-2020 0 2	0	2
Transaction command over a large dataset Hi all, Hoping someone can give some pointers how to solve this problem: I run a transaction command on the last t... by brabagaza Explorer in Splunk Search 05-23-2020 0 7	0	7
inputlookup followed by transaction - No results found So I do the following search: \| inputlookup x \| transaction y y and z are a fields in lookup table x but the searc... by landen99 Motivator in Splunk Search 05-23-2020 0 3	0	3
How to display events in table format when same value appears multiple times? Is there a way to display events in a table when the same value appears multiple times with other values? I am lookin... by rkeq0515 Path Finder in Splunk Search 05-22-2020 0 1	0	1
How to use xmlkv in field extraction to identify values in XML? I have a huge XML file with many tiers. I use this command to limit the number of events for the XML data that I want... by 3618475 Engager in Splunk Search 05-22-2020 0 1	0	1
How to display nested tables? My events looks like this: REQUEST_NAME is the common field that ties both request and services. LogType=REQUEST st... by amerineni Loves-to-Learn in Splunk Search 05-22-2020 0 1	0	1
how to send events to nullque? Hi, how to exclude internal source IP events for a sourcetype (web_logs) with src_ip=10.0.0.0/8 before indexing. by knalla Path Finder in Splunk Search 05-22-2020 0 2	0	2
Bizarre bug with "head" 1) My boss goes to upload a small .csv to my indexer 2) My boss goes to search the .csv from my search head. Results ... by nick405060 Motivator in Splunk Search 05-22-2020 1 12	1	12
Regex and Windows XML log events Hi everyone, I was attempting to utilize this dashboard, but am having difficulty populating the user accounts. ht... by mysicksi Path Finder in Splunk Search 05-22-2020 0 2	0	2
How to get the 10 min values of a column by another column? I am trying to do something like this: \| stats limit=10 min(Speed) by customer or \| sort customer, speed \| head(... by alexandrerichar Explorer in Splunk Search 05-22-2020 0 4	0	4
when the machine was build or when the machine started communicating to Splunk I got regular question from auditors. we have 100 machines,Machine1Machine2....Machine100 and auditor asked to run/se... by brpsingara Explorer in Splunk Search 05-22-2020 0 2	0	2
Count of url hits for particular set of users i have set of users x,y,z and few url regex a,b,c. I need to know how many time these users hit the url regex in cha... by aditya22 New Member in Splunk Search 05-22-2020 0 12	0	12
Can you use tstats to get daily index or indexer volume? Just wondering if its possible to get data volume / size from TSTATS. I know you can do something like this to get c... by Glasses Builder in Splunk Search 05-22-2020 0 3	0	3
How are the lookups updated after entering them in a blacklist? good morning My question is the following, currently working in a cluster environment and these files for splunk... by efaundez Path Finder in Splunk Search 05-22-2020 0 5	0	5
Is there SPL's worst practice? I've seen a lot of join, transaction and append SPLs.Using timechart to show percentage of each time, it's hard. but ... by to4kawa Ultra Champion in Splunk Search 05-22-2020 1 23	1	23
what is the best method to learn and understand the search commands in splunk? I am pretty new to splunk and challenging myself to understand splunk. I am new to splunk and from construction background. challenging myself to do something new. How can you learn, unde... by fortoh New Member in Splunk Search 05-22-2020 0 2	0	2
drilldown of pie chart by business unit I'm currently trying to build a dashboard that would drill down by site name. Here's an example of the site name: AB... by payton_tayvion Path Finder in Splunk Search 05-21-2020 0 2	0	2
Juniper firewall search time field extraction not working "sometimes" Hello, I need help fixing an issue with search time field extractions in juniper fw logs (very chatty). The issue i... by Jarohnimo Builder in Splunk Search 05-21-2020 0 6	0	6
How to search for numbers appearing only after letters in a field? I have a field called CARDFILOGO and I want to search it for ones that start with "JU" and end in numbers. I do not w... by PDXKiel Path Finder in Splunk Search 05-21-2020 0 8	0	8
How to create a search to get number of events for HTTP status code? Hi All, I have the logs below and need to get an HTTP status code count. 10.176.242.7 - app [21/May/2020:16:09:01 +... by rajawccm16 Engager in Splunk Search 05-21-2020 0 1	0	1
Issue with eval in Dashboard XML Source Hey all, Cause of the Y2K bug we recently did an upgrade of our Splunk environment to version 8.0.1 - after this upg... by MERBAG Explorer in Splunk Search 05-21-2020 0 3	0	3
Geo Stats: Change color of description popup in geo stats I have used the geostats command to show the number of blackouts and brownouts by country and have set the pie chart ... by hawifaris Loves-to-Learn in Splunk Search 05-21-2020 0 4	0	4
want to use append instead of join Hello everyone, I just want to use append instead of a join. My code is index="yut" sourcetype="test" cd IN(*) ... by hrs2019 Path Finder in Splunk Search 05-21-2020 0 3	0	3