Splunk Search

Community Activity

Combine 2 values of multi value fields Hi, I am looking to merge 2 values of a multi valued fields and put it in a table. For example my current query is ex... by Shashank_87 Explorer in Splunk Search 04-22-2020 0 1	0	1
How to create an alert that adds the previous results to an hourly running total for a 24-hour period Hi, I need to monitor "host failure events" per hour over last 24 hours for a group of 50 hosts. When the total rea... by Glasses Builder in Splunk Search 04-22-2020 0 7	0	7
use latest as part of where clause Right now I have a search set up that compares the previous hours events to the same hour 1 week ago: foo \| timechar... by jasonmadesometh Explorer in Splunk Search 04-22-2020 0 5	0	5
How to create timechart overlap of counts of 2 different dates I want to create a visualization that combines the 2 queries like below and give a overlapping timechart of counts Q... by nytins Engager in Splunk Search 04-22-2020 0 1	0	1
Group by multiselect regex number range I have a multiselect option in my dashboard that defines regex number ranges. I want to then group the "selected" nu... by l0gik Explorer in Splunk Search 04-22-2020 0 3	0	3
How to count the number of unique values stored at multivalue field? My events are JSON based and look like this one: { "severity": "DEBUG", "message": { "list": [ [ ... by alex_firerat Engager in Splunk Search 04-22-2020 0 1	0	1
How do I get a table with a count and distinct count using a field regex I would like to get a count of errors that I have generated on splunk from different objects. All of them have a fiel... by felipesodre Path Finder in Splunk Search 04-22-2020 0 6	0	6
How to reflect Disabled Data Input with some description in search results Hi Guys, I am trying to figure out how can i represent DISABLED data input which is monitoring a web URL as planned_... by ak9092 Path Finder in Splunk Search 04-22-2020 0 3	0	3
Combining custom_table_row_expansion.js and table_cell_highlighting.js in a dashboard Hi all, I've succeeded in making a table with custom_table_row_expansion,js which expand every rows publishing the ch... by fabrizioalleva Path Finder in Splunk Search 04-22-2020 0 0	0	0
From _raw events I do not see _indextime I am wondering why from some set of _raw indexes I do not see _indextime. I should see it. Any idea? Thanks, Lp by lpolo Motivator in Splunk Search 04-22-2020 0 4	0	4
field calculation help hello, i have this query: \| tstats count as daily_count summariesonly=true allow_old_summaries=true from datamodel=... by sarit_s Communicator in Splunk Search 04-22-2020 0 3	0	3
SPLUNK search for only 3 continuous resulst Hello, I have a table: time available ------ ----------- 09:00 OK 09:05 time_out 09:10 ... by xiro New Member in Splunk Search 04-22-2020 0 8	0	8
Evaluate _time against current value and next value in a foreach and mvfilter ? Hello, I need to evaluate my _time against a list of times output from a lookup table and produce a calculated fiel... by dhtran Loves-to-Learn Lots in Splunk Search 04-22-2020 0 2	0	2
parsing multivalue subfields in cisco ise Hi, we have from a cisco ISE a syslog like this one: calling-Station-ID=15.15.15.15, NAS-Port-Type=Virtual, Tunnel-... by tfechner Path Finder in Splunk Search 04-21-2020 0 2	0	2
Compare a date field with current date Hello, I have some events into splunk which I would like to compare with today's date less than 30 days. I want to e... by rbw78 Communicator in Splunk Search 04-21-2020 5 10	5	10
Not able to search data with source. Hi Folks, we are ingested the aws vpc flow logs in splunk and able to see the data while searching with index but wh... by sridharlakshman New Member in Splunk Search 04-21-2020 0 14	0	14
how do I add an upper row with count eval? Hello, i'm doing a report (splunk 7.3) in which I need to append some counts in the first row of the table im generat... by 3DGjos Communicator in Splunk Search 04-21-2020 0 3	0	3
Separate the fields from a merged result Hi I have two events with following fields Event 1 Log.Status : IN TransactionTime : IN time Tracking id: Unique ID... by s_kandula Observer in Splunk Search 04-21-2020 0 3	0	3
NOT like multiple values Looking to exclude certain values for field instance. How can I achieve this? Propose code (not working) index=abc so... by rizwan0683 Path Finder in Splunk Search 04-21-2020 0 3	0	3
Overcoming subsearch truncation I do not have any admin privilege in my Splunk instance and cannot change any configuration. Need to search an index ... by yepyepyayyooo New Member in Splunk Search 04-21-2020 0 3	0	3
count the specific items from the list in Splunk Hi, I have a list column with different values and i want to count the number of occurence of a specific value. For e... by Shashank_87 Explorer in Splunk Search 04-21-2020 0 4	0	4
Automatic Lookup not working debug Hello, I've always had trouble with automatic lookups and every time I manage to do it it seems that I do it differe... by user93 Communicator in Splunk Search 04-21-2020 0 0	0	0
create a status field based on 3 separate avgs I have a search that looks at the output of a few scripts and lets me know if they are not running. These scripts c... by codedtech Path Finder in Splunk Search 04-21-2020 0 1	0	1
How to create a beautified time difference? We have the following code: \| stats count min(_time) as min, max(_time) as max by src, .... \| eval delta = (max - mi... by danielbb Motivator in Splunk Search 04-21-2020 1 2	1	2
Replace only if commas exist I have a dashboard (form) that I'm trying to allow a text field to accept single values or comma separated values tha... by treverce Explorer in Splunk Search 04-21-2020 0 5	0	5