Splunk Search

Community Activity

Response Time from Splunk Logs using Transaction starts with and within an single event I am trying to calculate the duration/timetaken between 2 strings in an event using transaction starts with and endsw... by sen8sen Engager in Splunk Search 04-30-2020 0 6	0	6
Some time questions. I'm working on a financial data dashboard, and i have a few panels that pull data from last year relative to this yea... by JDukeSplunk Builder in Splunk Search 04-30-2020 0 2	0	2
if one field is returning null value then how do i get all the fields to return null value Hi Guys, I have one search query which is combining two Searches and giving results. But based on the conditions se... by ak9092 Path Finder in Splunk Search 04-30-2020 0 4	0	4
Field extraction using props.conf and transforms.conf Hello, This is what my field extraction looks like in the GUI: Name- source::/home/user/logs/* : EXTRACT-request_id ... by mihirpradhan Explorer in Splunk Search 04-30-2020 0 0	0	0
Navigations Can anyone help me with navigation's, I have created 2 app's. In test app i have a dashboard , when i clicked my pan... by tramya96 New Member in Splunk Search 04-30-2020 0 1	0	1
What is a good convention for config file organisation? Something to ponder while working from home... I am planning on storing and managing my config files in Git. We re... by mikeydee Explorer in Splunk Search 04-30-2020 0 1	0	1
Percentage of two calculated search values don't hate me @to4kawa But can you help me one last time! Ive been stuck for a few hours trying to figure out how ... by pir8radio Path Finder in Splunk Search 04-30-2020 0 2	0	2
How to handle staggered logs Hi , Basically their server send logs one line at a time. When it came to Splunk it ingest automatically and not fol... by jadengoho Builder in Splunk Search 04-30-2020 0 17	0	17
Change the time format in time chart tool tip We have time-chart visualization on a dashboard. The events are uploaded manually on last day of every month with tim... by rajeshjlnt Path Finder in Splunk Search 04-30-2020 0 2	0	2
Can the Splunk OS TAs capture time? Apparently, the Splunk OS TAs don't capture time and if there are index time delays, _time would be skewed and actual... by danielbb Motivator in Splunk Search 04-30-2020 0 1	0	1
filtering in search also that filter value display one of the filed of stats or table column I have query like below index="us_west_prod_power_platform" sourcetype="spark:metric" metricName="HRTBT_LHIST_METRIC... by manibattula New Member in Splunk Search 04-30-2020 0 13	0	13
Submit Button not working correctly Hi Splunk Team, I am using a dropdown input form. Corresponding to a value of dropdown, it should show panel. But b... by sahiljindal290 New Member in Splunk Search 04-30-2020 0 1	0	1
Calculate total count difference per day I have a set of data like the below total=2000 date=2020-04-29 total=1975 date=2020-04-28 total=1951 date=2020-04-... by Sfry1981 Communicator in Splunk Search 04-30-2020 0 6	0	6
Copy field to another event Hello, I'm searching doing a search in splunk for the "request_id" field. For example: request_id = "XXXXXXX" It ret... by mihirpradhan Explorer in Splunk Search 04-30-2020 0 4	0	4
Why am I getting duplicate values for all fields from JSON events? I have some JSON that I am indexing, using 6.3.0.1. If I index it as sourcetype=_json, all is well. I defined a new ... by wegscd Contributor in Splunk Search 04-29-2020 0 12	0	12
Merging values with similar I want to merge values with similar string context and still be able to reverse search for those logs. Similar to thi... by exocore123 Path Finder in Splunk Search 04-29-2020 1 3	1	3
How do you search part of a text field (delimited by date)? I'm trying to search for specific words inside the last entry added to a paragraph, where each entry/addition to the ... by anelson1 New Member in Splunk Search 04-29-2020 0 29	0	29
Is it possible to use IN against a field that contains comma-separated values? Is it possible to "expand" a single variable with comma-separated values into a "list" and then use it inside IN cond... by pm771 Communicator in Splunk Search 04-29-2020 0 1	0	1
how to compare compare stats counts and highlight in new field ? Hello dear, I want to compare stats count for same host and counts are not equal than create a new field and put "!"... by corehan Explorer in Splunk Search 04-29-2020 0 4	0	4
What does the status of "info=granted" mean in my search? I am trying to find out all the searches made by users in Splunk. I am running the below search index=_audit action... by rahulrawlani Explorer in Splunk Search 04-29-2020 0 3	0	3
Extract data between multiple days.. Hi Guys, I am just trying to write a spluNk query to extract data between 1-32 days , >32 days , > 42 days , > 72 da... by Inayath_khan Path Finder in Splunk Search 04-29-2020 0 2	0	2
Finding a Sessions Length Hi All, Summary I have windows logs for remote VPN access. I want to be able to graph concurrent use by user. B... by celdridge1988 Engager in Splunk Search 04-29-2020 0 2	0	2
How to format text extracted from a lookup? Good afternoon, I have text in a lookup.csv that has hard returns in it, for example: This is the reason why the s... by ChrisCLewis Communicator in Splunk Search 04-29-2020 0 3	0	3
Sorting issue with numeric field, descending order I have a simple search with a sort command at the end as follows: .... some base search \| dedup id \| table id, name ... by pgoldweic Communicator in Splunk Search 04-29-2020 0 4	0	4
How to use IN clause in a search string? Why does the following string work: url=string1 OR url=mystring2 But, this one does not work? url in (*mystrin... by lhumbertosplunk New Member in Splunk Search 04-29-2020 0 3	0	3