Splunk Search

Community Activity

transpose xyseries not helping Need to transform like this. Please help. Before: Col1----Col2 Name1---- a ------------b --------c After:... by mukulraghuram New Member in Splunk Search 05-09-2020 0 1	0	1
extract fields from multiple events. Below are my events. Event1:contains Messages Id and Status Event2: contains Messages Id and Origin E... by valivarthiramu New Member in Splunk Search 05-09-2020 0 1	0	1
report on disk usage spikes? Need a report that: Lists volumes with significant disk usage spikes over a given timeframe.Plots those disk usage s... by mitag Contributor in Splunk Search 05-09-2020 0 10	0	10
Use field values in a query for loop Hi, I want to use field values for a search query and then export the results for each field value to a CSV For examp... by nwong1 New Member in Splunk Search 05-08-2020 0 1	0	1
Extracting Field from 2 different events Dear All, I want to extract fields from the below events. The problem I'm facing is that the fields are not in harmo... by ralam Explorer in Splunk Search 05-08-2020 0 3	0	3
Bell curve from stats I haven't seen much on creating a bell curve in Splunk. I've created a query that returns 30,000 events for 40+ assoc... by seomaniv Explorer in Splunk Search 05-08-2020 0 4	0	4
can we make a field to _time and pass values through earliest / latest in splunk can we make a field to _time and pass values through earliest / latest or through Time range button ? by rakeshksingh New Member in Splunk Search 05-08-2020 0 4	0	4
Is it possible to use base search in append sub search? I want to use base search for query2 as well Thanks! by ny34940 Path Finder in Splunk Search 05-08-2020 1 15	1	15
How do I use a field gathered from one search in a completely independent search (without a join) I need to do one search with value A in the logs to get value B, then search on value B in another, independent searc... by splunkuser2127 Loves-to-Learn in Splunk Search 05-08-2020 0 2	0	2
Is the search job inspector option the best way to determine the performance of a search query? Hi, I am pretty new to Splunk and wanted to know how to determine the performance of a query? Is it through the "Ins... by vpurushottam Explorer in Splunk Search 05-08-2020 0 2	0	2
Search Bar - large queries fail to execute and cause "Disconnected from Server" error? When I attempt to enter very large queries into the search bar I get errors in chrome and eventually a "disconnected"... by markconlin Path Finder in Splunk Search 05-08-2020 0 3	0	3
Can you specify timezone in a REST API search? I'm using the REST API with a one-shot search to pull back some previously summarized information. The summary indexi... by jedatt01 Builder in Splunk Search 05-08-2020 2 4	2	4
Create new fields based on value of another fields. Hi All, In my log, I have one field called ServerName. Below are some values of that field. DAAPP2aBANG2 DFAPP20bLON... by paragvidhi Engager in Splunk Search 05-08-2020 0 1	0	1
I want to omptimize the regex? ErrorMessage : 'rex' command: has exceeded configured match_limit, consider raising the value in limits.conf. \| rex field=_raw max_match=0 "BodyOftheMail_Script\s=\s\[\sBEGIN\s{0,}(?<BodyOftheMail>.((.\|\n)*?)(?=\s{1,}END\s\]))"... by vn_g Path Finder in Splunk Search 05-08-2020 0 2	0	2
How to merge two events with same field into one I have two rows having follwing values: Name Text Count A ABC 1 A EFG 1 I want that my result should be di... by sudeep5689 Explorer in Splunk Search 05-08-2020 0 3	0	3
timechart linechart to display in and out per device Hi, I have a query which gives me in_usage and out_usage for a device per metric bla bla ...\| table Device metric_n... by surekhasplunk Communicator in Splunk Search 05-08-2020 0 3	0	3
Not able to get number of days between now() and a date Hi Experts, I am trying to get number of days between current date and another date being generated by my query and I... by sbhatnagar88 Path Finder in Splunk Search 05-08-2020 0 3	0	3
Combine Data model data with another search for a match Hi all, I have CTI data that somes into splunk and id like to correlate for matches in indexes against the CTI data.... by geraldcontreras Path Finder in Splunk Search 05-08-2020 0 5	0	5
Rename a field Value in a lookup file? I have a lookup file called template.csv and it has field values, I want to rename a field value with another say man... by iamsplunker31 Path Finder in Splunk Search 05-07-2020 0 1	0	1
join multiple searches into field values I would like to create Cache_Hit, Cache_Miss and Revalidate_Hit based on the below and doisplay them in the pie graph... by glennstolz New Member in Splunk Search 05-07-2020 0 3	0	3
How can we deal with a negation of a transaction? We have a working code that captures transactions from the firewall into the windows servers and all is perfect as th... by danielbb Motivator in Splunk Search 05-07-2020 0 2	0	2
Bundle reload is in progress. Waiting for all peers to return the status. My splunk environment is: 1 Search Head 1 Deployment Server (Master Node) 2 Indexers (Cluster) I tried to implement ... by phanichintha Path Finder in Splunk Search 05-07-2020 0 2	0	2
subtract meterRead from Yesterday’s meterRead My electric meter sends a number but I want to subtract the current from the number an hour ago, so I can chart the u... by myron12 Explorer in Splunk Search 05-07-2020 0 8	0	8
How do I change the value of a field if a condition occurs? Hi community! I'm using Splunk Entreprise to create dashboards with my client's ServiceNow incident information. My... by diogenesloazeve Engager in Splunk Search 05-07-2020 0 10	0	10
Weekly Average Append Subsearch Optimization Hello, I have a search where I would like to compare the count of one search result against its running weekly averag... by jasonmadesometh Explorer in Splunk Search 05-07-2020 0 3	0	3