Splunk Search

Community Activity

How to convert tabular data to time series data? I have a lookup file, which is of the format: "Department", "Jan FY20", "Feb FY20", "Mar FY20", "Apr FY20" "Sales", ... by hmallett Path Finder in Splunk Search 05-20-2020 0 6	0	6
How do I extract a comma separated field during search? I have event data in Splunk that look like this: 2013-02-14 11:32:46.4314 app=ws3 sev=INFO mid=1325748 , Fooo, Barr,... by andyk Path Finder in Splunk Search 05-20-2020 0 5	0	5
How to display count from last week and avg from last month on one timechart I'm trying to plot count of errors from last week per day and daily average value from month. The result from query b... by slipinski Path Finder in Splunk Search 05-20-2020 0 7	0	7
How to extract data of JSON in one row? I have this JSON, and I want extrac the value when the name is "ca-channel" and value when name is "Ca-Request-Id" bu... by jhonatancuartas New Member in Splunk Search 05-19-2020 0 2	0	2
Another method to connect two search results other than using the join command? Hello is there another way to connect these two other than join... I have read that stats is faster than join ... is ... by xnx_1012 Explorer in Splunk Search 05-19-2020 0 2	0	2
Remove extra fields I search the syntax and find Account_Domain result contains two column. How can I result first column so that I left ... by keyu921 Explorer in Splunk Search 05-19-2020 0 3	0	3
Search time knowledge and lispy I have been participating in Splunk Advanced Searching and Reporting course and there is one thing that is mentioned ... by charlesmeo Explorer in Splunk Search 05-19-2020 0 0	0	0
How to count number of API calls on multiple distributed hosts? Hi Team, I have 10 APIs, which run on two distributed hosts, and I want to know the count of API calls on each of th... by rbachu1 Explorer in Splunk Search 05-19-2020 0 4	0	4
Average of stats two fields values I have Below Splunk query to get some data from my logs index=myindex sourcetype=mysourcetype "search string" \| sta... by paragvidhi Engager in Splunk Search 05-19-2020 0 4	0	4
Field Extraction from Raw Data Hello, Im new to splunk and just started learning it and im having little issues extracting some fields from a raw d... by Dandanos Engager in Splunk Search 05-19-2020 0 3	0	3
How to search how much bandwidth a forwarder is using? I'm trying to find how much bandwidth a forwarder is using and how many hosts are sending over the forwarder. I want ... by sbattista09 Contributor in Splunk Search 05-19-2020 8 8	8	8
index vs lookup Hello All, Am trying to optimize the performance of a dashboard that was built some time back. The existing dashboar... by johnsasikumar Path Finder in Splunk Search 05-19-2020 0 1	0	1
Using sort 0 to avoid 10000 row limit Sorry for the silly attention-grabbing dancing question mark.  Thanks for any help on this. I've had to dive into t... by leica0000 Engager in Splunk Search 05-19-2020 0 2	0	2
How to rename fields in a subsearch and keep results of the original field name? I have a subsearch query that uses a wildcard keyword list as an inputlookup to find filenames that contain a keyword... by Glasses Builder in Splunk Search 05-19-2020 0 2	0	2
3 Report outputs into one Hi All, I'm fairly new to Splunk. I'm trying to save some time with an automated report on IIS Time Taken. I need ... by n1ckl0ve New Member in Splunk Search 05-19-2020 0 5	0	5
Rename values with regex Hello, I need to delete the numericals values in variables name : CETAT_UGE_11 become CETAT_UGE knowing that I have ... by widad_guerrida Engager in Splunk Search 05-19-2020 0 1	0	1
How to combine the results of two subsearches I would like to find occurences of Name and Prename in email logfiles and only report that ones that match both colum... by dusoldkai New Member in Splunk Search 05-19-2020 0 4	0	4
Can Some One Help With Query Optimization index="ocdm" source IN ("covid_collection.csv","covid_collection_lcpr.csv","covid_collection_cl.csv", "covid_collecti... by rakesh868852914 New Member in Splunk Search 05-19-2020 0 2	0	2
Search for value of FieldA, then search FieldB, Match if contains $FieldA, then pull field_C from event with match. I want to do a search for field_A in index_A. The value of field_A contains a URL minus any http(s), or query terms. ... by ArmbrusterC Explorer in Splunk Search 05-19-2020 0 4	0	4
get count of subsearch and main search Iam trying to get a inner join result which looks some thing like if there are 100 unique fields from subsearch, I wa... by sree6494 New Member in Splunk Search 05-19-2020 0 6	0	6
Different lookup csv depending on field value Hi, I´m trying to lookup different csv-files depending on an field-Value. But it seems to be a problem for the looku... by chrkohm Path Finder in Splunk Search 05-19-2020 0 2	0	2
How to get a report on time range windows from _audit logs? I need to get a report of search windows used in historical search activity. For example, we need to determine how fa... by rleviseur01 New Member in Splunk Search 05-19-2020 0 2	0	2
Last 6 months search using new date field Hello, I am trying to use another field (LAST_FIXED_DATE) as _time in my log search. LAST_FIXED_DATE got dates from ... by utk123 Path Finder in Splunk Search 05-19-2020 0 2	0	2
weekend and weekday calculations i have data on daily basis. Date Number day of the week 2019-05-02 52.55 thursday 2019-05-03 327.... by vinitpathri Path Finder in Splunk Search 05-19-2020 0 2	0	2
regex help {"device":"abcd","host":"1.2.3.4"} {"device":"efgh [ = ILO = ]","host":"2.3.4.5"} {"device":"qrst - [ab cd ef]","host... by surekhasplunk Communicator in Splunk Search 05-19-2020 0 2	0	2