Splunk Search

Community Activity

How to represent fluctuating values? Hi all, I have this search: \|table a b date \|eval c=a-b \|stats sum() as by date date a b c 2019-01 5 3 2 2019-02... by pipipipi Path Finder in Splunk Search 05-25-2020 0 1	0	1
CSV lookup only updating 10 entries in the same day. II am using this lookup for bot status. I am using the "submit" button to save the status info. (disconnected or con... by hrs2019 Path Finder in Splunk Search 05-25-2020 0 5	0	5
Rename command What does \|rename field* AS * do. How to rename the fields when there are more no.of fields. Thanks by prettysunshinez Explorer in Splunk Search 05-24-2020 0 1	0	1
How to create "for cycle" routine to generate panels/rows from a search using Splunk XML? Hi. I would like to know if there is a simple way, via Splunk XML, to create a "for cycle" like routine, to generate ... by verbal_666 Builder in Splunk Search 05-24-2020 0 6	0	6
Adding First Column to the Table I'm generating the output for Column 2, 3 from search. I want to add column to the start of the table. In the below ... by dustintroop Explorer in Splunk Search 05-24-2020 0 9	0	9
search string containing alphanumeric characters and square brackets Hello, I have the following lines in logs [Kafka Server 4], shut down completed (kafka.server) [Kafka Server 4], sta... by raghul725 Explorer in Splunk Search 05-24-2020 0 5	0	5
Use of == with or operator I want to compare some data with fields and then rename the data matched with fields. Since we have large set of data... by arabhi New Member in Splunk Search 05-24-2020 0 2	0	2
Add a for loop on eval command for number of hosts Hi, i have a query that returns two lines of results based on two hosts. i then get a result from another query that... by ssaenger Communicator in Splunk Search 05-24-2020 0 2	0	2
Plot response time from this log Hi There, Thanks in advance. I am trying to plot a graph with the request time for each request on the y-axis and m... by parekhdevang New Member in Splunk Search 05-24-2020 0 2	0	2
Rename "other" in result set When making a graph, I get my result set, limited to the number of results I wish to see. The remaining results are c... by M__rt_n New Member in Splunk Search 05-24-2020 0 7	0	7
Get values of several series during same timespan that the maximum of one series during a day Hi, I built a report that list daily maximums and averages of counts per hour on several days. (difficult to put it ... by gregory_cordier Explorer in Splunk Search 05-23-2020 0 1	0	1
Discrete count on a condition Hi Splunk team, I am trying to run a command below, I need my end output as dc(totalCustomers) and dc(Customers_520E... by priya777 New Member in Splunk Search 05-23-2020 0 1	0	1
calculate Difference between 2 time fields is not working. I tried to difference between 2 dates. It is not working properly. Here is my query, index=s_iss sourcetype=S_AD \| ... by nivethainspire_ Explorer in Splunk Search 05-23-2020 0 2	0	2
Transaction command over a large dataset Hi all, Hoping someone can give some pointers how to solve this problem: I run a transaction command on the last t... by brabagaza Explorer in Splunk Search 05-23-2020 0 7	0	7
inputlookup followed by transaction - No results found So I do the following search: \| inputlookup x \| transaction y y and z are a fields in lookup table x but the searc... by landen99 Motivator in Splunk Search 05-23-2020 0 3	0	3
How to display events in table format when same value appears multiple times? Is there a way to display events in a table when the same value appears multiple times with other values? I am lookin... by rkeq0515 Path Finder in Splunk Search 05-22-2020 0 1	0	1
How to use xmlkv in field extraction to identify values in XML? I have a huge XML file with many tiers. I use this command to limit the number of events for the XML data that I want... by 3618475 Engager in Splunk Search 05-22-2020 0 1	0	1
How to display nested tables? My events looks like this: REQUEST_NAME is the common field that ties both request and services. LogType=REQUEST st... by amerineni Loves-to-Learn in Splunk Search 05-22-2020 0 1	0	1
how to send events to nullque? Hi, how to exclude internal source IP events for a sourcetype (web_logs) with src_ip=10.0.0.0/8 before indexing. by knalla Path Finder in Splunk Search 05-22-2020 0 2	0	2
Bizarre bug with "head" 1) My boss goes to upload a small .csv to my indexer 2) My boss goes to search the .csv from my search head. Results ... by nick405060 Motivator in Splunk Search 05-22-2020 1 12	1	12
Regex and Windows XML log events Hi everyone, I was attempting to utilize this dashboard, but am having difficulty populating the user accounts. ht... by mysicksi Path Finder in Splunk Search 05-22-2020 0 2	0	2
How to get the 10 min values of a column by another column? I am trying to do something like this: \| stats limit=10 min(Speed) by customer or \| sort customer, speed \| head(... by alexandrerichar Explorer in Splunk Search 05-22-2020 0 4	0	4
when the machine was build or when the machine started communicating to Splunk I got regular question from auditors. we have 100 machines,Machine1Machine2....Machine100 and auditor asked to run/se... by brpsingara Explorer in Splunk Search 05-22-2020 0 2	0	2
Count of url hits for particular set of users i have set of users x,y,z and few url regex a,b,c. I need to know how many time these users hit the url regex in cha... by aditya22 New Member in Splunk Search 05-22-2020 0 12	0	12
Can you use tstats to get daily index or indexer volume? Just wondering if its possible to get data volume / size from TSTATS. I know you can do something like this to get c... by Glasses Builder in Splunk Search 05-22-2020 0 3	0	3