Splunk Search

Community Activity

What is Needed resource for CM, LM, DS, HF, DMC Hi, We plan to deploy Splunk with indexer clustering (with 3 indexers) in our company. We know the hardware requireme... by jg91 Path Finder in Splunk Search 05-04-2020 0 6	0	6
How to calculate cisco asa VPN session duration time Here's the cisco asa logs I have coming in broken down by eventype=cisco_vpn_start and cisco_vpn_end index=csco sour... by johnward4 Communicator in Splunk Search 05-04-2020 0 8	0	8
List of indexes not referenced in the last 30 days I am in need of a query that will list indexes not searched in the last 30 days. by sumaitasiddiky New Member in Splunk Search 05-04-2020 0 1	0	1
Is it possibile to display zero value label on chart? Hello, I've seen similar questions like this one, but not exactly what I'm looking for. I've managed to create bucke... by andrewtrobec Motivator in Splunk Search 05-04-2020 0 3	0	3
Time format for given log Hi Team, What is the Time_Format forTue Sep 17 12:43:09.925775 2019I am not able to get it exactly from the below lin... by VijaySrrie Builder in Splunk Search 05-04-2020 0 3	0	3
Return user who matches only one value in same field I appologize if this is already answered. I'm having trouble figuring out how to even search for it. I am trying to... by mmacdonald70 Explorer in Splunk Search 05-04-2020 0 2	0	2
Question on base search Hi I have the below post process search but little confused on the base search.Kindly help. Post process search: Sea... by prettysunshinez Explorer in Splunk Search 05-04-2020 0 1	0	1
what is " FATAL: Unable to read the job status.?" I am using python sdk to connect with splunk. after running python script I am getting this error . Please help me to... by ajitshukla61116 Path Finder in Splunk Search 05-03-2020 0 1	0	1
auto-arima in arima model i am creating a model for the prediction of license usage in our environment. tried many combination(around 25) of p... by vinitpathri Path Finder in Splunk Search 05-03-2020 1 7	1	7
Compare values of 2 columns in a table I have a table that has 2 columns with Transaction ID's shown by a stats values() as below: \| stats values(E-Transac... by ramonnegronvz New Member in Splunk Search 05-03-2020 0 6	0	6
Match and compare fields with different names and from different sources Ok, so I a trying my best to evaluate the differences between two search results. Search 1 gives me a list of "vm_... by garciajbg Explorer in Splunk Search 05-03-2020 0 10	0	10
how to stats counts if one of the field's value greater than 100 ? Hello, I have ALERT field and in this field has different types ALERT values, so i want filter one of them counts if... by corehan Explorer in Splunk Search 05-03-2020 0 2	0	2
Compare todays data with yesterdays for results from a custom command I have a custom command that returns results in tabular format with a _time column as well. Its something like below... by Harishma Communicator in Splunk Search 05-03-2020 0 5	0	5
Create a chart with multiple search and display events filtered by date hi i'm new to splunk, need help to write a query to get records and create a chart based on that . I am trying to com... by mujifax New Member in Splunk Search 05-02-2020 0 3	0	3
How to get the maximum value from a timechart table? Hi folks, I am trying to obtain the maximum value from any cell in a table generated by a timechart search. For exa... by avisram Path Finder in Splunk Search 05-02-2020 1 12	1	12
isuue with inputlookup file to expand multi values Hi Experts, I have a inputlookup file which consists of two fields i,e _time and names fields as shown below, _time... by james_n Path Finder in Splunk Search 05-01-2020 0 1	0	1
Rename group by value Hi, I am using splunk to monitor the performance of a number of long urls and the search strring is like : \| sta... by shangshin Builder in Splunk Search 05-01-2020 0 7	0	7
create new field from substring of another field Hi, in a search i'm trying to take my 'source' field, do a substring on it and save it as another field. Here's what ... by jedatt01 Builder in Splunk Search 05-01-2020 3 4	3	4
How to exclude some result from rex max_match I am trying to search all Measures and Dimensions captured from Extended events of sql server analytics service. ind... by dpatiladobe Explorer in Splunk Search 05-01-2020 0 3	0	3
How do you compare a previous average with the current average Hello I am trying to compare my average events in current month to previous 3 month average (per day [1,2,3...31]) ba... by henderz New Member in Splunk Search 05-01-2020 0 6	0	6
Join type and extra data? Here is my query (time range is YTD): (splunk_server=indexer* index=wsi_tax_summary sourcetype=stash capability=109*... by hollybross1219 Path Finder in Splunk Search 05-01-2020 0 6	0	6
Trying to take specific subsets of data. (15 minute resolution rather than 5 minute being stored in splunk). I have some building occupancy data generated from our wireless network that is logged as one record per floor of eac... by richmond New Member in Splunk Search 05-01-2020 0 4	0	4
How to organize a search with two lookup tables: common and event-specific? In my question I will use a manufacturing monitoring analogy. Employees (uniquely identified by name) work a certain... by pm771 Communicator in Splunk Search 05-01-2020 0 9	0	9
A user can outputlookup and overwrite existing lookups regardless of permissions We just tested in 5.0.2.2 - A user did outputlookup and overwrote a lookup file in etc/system even though in the UI, ... by raziasaduddin Path Finder in Splunk Search 05-01-2020 7 15	7	15
How do I search records for today and 120 days back? sort -date \| dedup Date_Month_Year \| where Date>1575183600 I need this query to run only for the past 120 days from... by tferranteku Explorer in Splunk Search 05-01-2020 0 8	0	8