Splunk Search

Community Activity

Is there a way to sort and table Data for multi-value fields based on numeric values? I have two multivalue fields that are obtained off JSON object. One field has Name, one field has (numeric) Value. ... by xinlux01rhi Explorer in Splunk Search 04-24-2020 0 4	0	4
simplifying a (field extraction error) dashboard? Possible to use the results of the same search in multiple panels on the same dashboard, and with different visualiza... by mitag Contributor in Splunk Search 04-24-2020 0 1	0	1
A way to import an externally trained model into Splunk? Hi, I have a data model trained outside of Splunk using the K-means algorithm and sampled data-set. I haven't tried... by fatemabwudel Path Finder in Splunk Search 04-24-2020 0 2	0	2
how to create a record if missing exmaple below column1:column2 1:10 2:15 4:30 5:40 in this example, column1 is missing "3", i would like to create t... by jiaqya Builder in Splunk Search 04-24-2020 0 2	0	2
need help with UI based lookup wildcard/CIDR I recently noticed that the UI for lookup definitions now has an advanced checkbox. If I select that I get the optio... by MonkeyK Builder in Splunk Search 04-24-2020 0 4	0	4
How to add a conditional where based on the field existence? mvexpand metrics \| spath input=metrics \| rename "cityCode" as pcc \| where if($selected_pcc\|s$="all",like(pcc,"%"),lik... by jieli New Member in Splunk Search 04-24-2020 0 1	0	1
Data Model acceleration not working for 1 out of 5 event datasets I have one data model accelerated which contains 5 event datasets with simple fields conditions. Now when I try to ju... by harshpatel Contributor in Splunk Search 04-24-2020 1 5	1	5
How to check total logs size in MB being sent by a host Hey Guys, Our Netflow monitoring system shows that most of the bandwidth is being consumed by port 9997 coming from ... by splunktp Explorer in Splunk Search 04-24-2020 0 6	0	6
Eval expression field not working in data model. Here is my attempt to create a new field eval in datamodels (no results): Here is the same data, just not using the... by wgawhh5hbnht Communicator in Splunk Search 04-24-2020 0 7	0	7
Why is my Splunk REST API search not working and getting error "curl: (56) Failure when receiving data from the peer"? Hi, I have the following rest call on a new 6.4 environment, and it's coming back with error: curl: (56) Failure wh... by a212830 Champion in Splunk Search 04-24-2020 1 9	1	9
Extract the name of the current running alert search Hello, I have several alerts running on minute base and would like to know within the SPL of the currently running a... by damucka Builder in Splunk Search 04-24-2020 0 4	0	4
Field Extraction needed Hi, I need extraction on below data. Variations are many but I need a specific string extracted from each variation.... by mbasharat Builder in Splunk Search 04-23-2020 0 8	0	8
How to hide the minus character from the bar graph Hello, I have generated a bar graph which has values on both positive and negative sides of the x axis. Logically, t... by varshini_97 Path Finder in Splunk Search 04-23-2020 0 1	0	1
Join across multiple sources display all sources with values present or not Hello, I have query which joins across 4 sources and correlationid may or may not exists across all sources, I want t... by msrama5 Explorer in Splunk Search 04-23-2020 0 5	0	5
Cannot update .js files on local server I have updated the .js files of a local host of an app. I have been unable to update using url commands when trying t... by lachlanmcgrath New Member in Splunk Search 04-23-2020 0 5	0	5
Splunk data for a particular time span Hi , I am looking to get a data in the format from tomcat access logs for particular time span. by aditya22 New Member in Splunk Search 04-23-2020 0 2	0	2
How to disable a search for a dashboard panel? I have a dashboard (really a form) with few panels each doing a search and export and several input fields each (all ... by avilandau Path Finder in Splunk Search 04-23-2020 1 7	1	7
rex not working as expected What is wrong with this rex?? This is the rex that the system gives me when I do a extract fields option. index=x ..... by HattrickNZ Motivator in Splunk Search 04-23-2020 0 3	0	3
how to enable Annotation based on token value. Hello, I am using event Annotation on timechart. but I want to activate only in case of specific services/ based o... by AKG1_old1 Builder in Splunk Search 04-23-2020 1 2	1	2
How to get timestamps from first and last transaction events to calculate the time difference in hours? I have multiple events in a server that I would like to get the timestamp from the very first transaction and the tim... by felipesodre Path Finder in Splunk Search 04-23-2020 0 5	0	5
How to create a conditional rex statement on file extension or directory? I'm trying to figure out how to do a conditional rex statement that looks at a windows file path and determines if th... by mjones414 Contributor in Splunk Search 04-23-2020 0 3	0	3
How to calculate the difference between the first and the last row for each page in search results? My search produced the following CSV: Date Page_1 Page_2 Page_3 Page_4 Page_5 Page_6.... by reverse Contributor in Splunk Search 04-23-2020 0 5	0	5
nested eval with stats count not working while using Data Model Below is my query: \|datamodel testing search \|search wells.API="enroll" \|stats count(eval(wells.resp_code="S" OR (we... by nagar57 Communicator in Splunk Search 04-23-2020 0 4	0	4
Splunk chart for time interval HI , I am trying to get the number of hits of users for very 3 minutes . And am able to generate the chart with bel... by aditya22 New Member in Splunk Search 04-23-2020 0 5	0	5
How to extract the username from a raw event? Here is the raw event log: Apr 22 08:04:46 10.14.10.66 1 2020-04-22T08:04:47-07:00 connect.abcd.com PulseSecure: - -... by vasuparvatham New Member in Splunk Search 04-23-2020 0 5	0	5