Splunk Search

Community Activity

sort descending avg time field in results i have a field "avg_time" which i want to display in descending order. tried sort -avg_time but didn't worked eval n... by MOHITJOSHI Engager in Splunk Search 04-07-2020 0 1	0	1
How to arrange the common values of different fields in the same row and uncommon values after the common values Hello, I have a data from two different sourcetypes. In that data, I have two specific columns where in I have to ch... by mnarmada Path Finder in Splunk Search 04-07-2020 0 6	0	6
How to deal with repeating fields in a single event We noticed that Microsoft OWA logs produce a repeating field. How can we make them into individual ones instead of ju... by uhaba Explorer in Splunk Search 04-07-2020 0 3	0	3
Hi, I have a scenario to filter the logs events before they get index using HTTP events collector. I am using HTTP events collector on a search head directly. On this SH I am using API token to connect to get OKTA lo... by rashi83 Path Finder in Splunk Search 04-07-2020 0 1	0	1
KV_MODE=xml not working but xmlkv is I have an app on a deployment server that takes in XML data, this app includes a props.conf with KV_MODE=xml. When I... by willcwhite Explorer in Splunk Search 04-07-2020 0 1	0	1
Extract data from a txt file Hello everyone, I have the attached file that is generated every night through my client's internal system and I nee... by leandromatperei Path Finder in Splunk Search 04-07-2020 0 6	0	6
Subsearch return multiple fields Hi and thank you in advance. I've simplified the problem for brevity sake. I'm trying to return multiple fields by ... by antb Path Finder in Splunk Search 04-07-2020 0 2	0	2
use the heat map option and highlight the max and min per each column. hi there THis is my sample data. I want to use the heat map option and highlight the max and min per each column. S... by HattrickNZ Motivator in Splunk Search 04-07-2020 0 1	0	1
Math function on stats count I would like to do some math operation of retrieved count of each values. Eg: 3185.5 + 4182.5 + 545 + 832 and g... by anz999 Loves-to-Learn Lots in Splunk Search 04-07-2020 0 3	0	3
Why doesn't my rename work? Error in 'rename' command: Usage: rename [old_name AS/TO/-> new_name]+. I have this splunk search: host=app-dev-001 terminating \| convert timeformat="%Y-%m-%d" ctime(_time) AS date \| sort ... by iiooiiooiioo Explorer in Splunk Search 04-07-2020 0 1	0	1
Can someone help me with the regex for a field extraction? Below are clamav logs, I would like to create two new fields. one called: log_level one callled: message log_level ... by Jarohnimo Builder in Splunk Search 04-07-2020 0 1	0	1
Invalid value "$week$" for time term 'earliest' ? I am getting below error when the page first loads, after that when I manually select "Last 1 week" in the dropdown, ... by pgadhari Builder in Splunk Search 04-07-2020 0 4	0	4
Unable to join two search with common field, however sub-search works HI All, Please help me to debug the issue to join two searches based on common field. I have two indexes which has ... by jagdeepgupta813 Explorer in Splunk Search 04-07-2020 0 3	0	3
rex vs. extraction field Hello! Which method is faster? It seemed to me that the rex method is very slow for a large number of events. by ryastrebov Communicator in Splunk Search 04-07-2020 1 7	1	7
Passing comparison operators in a variable Is there a way to dynamically pass a comparison operator as a variable without a macro? I am looking to achieve some... by ohbuckeyeio Communicator in Splunk Search 04-07-2020 0 4	0	4
Need help of rex? Dear Friends, Need you're help on writing a rex. As per my requirement. what ever value comes before a space need t... by Shan Builder in Splunk Search 04-07-2020 0 4	0	4
Reading same field from multiple log files I have 2 log files from different sources. Both log files have statements either indicating a "Transaction-Start" or... by hegdevageesh New Member in Splunk Search 04-07-2020 0 3	0	3
RegEx help Hi All, need help in getting a regex code for the below message. 2020-04-04T15:08:01+00:00 usdaldc <44> %WAAS-HTTPAO... by jerinvarghese Communicator in Splunk Search 04-07-2020 0 3	0	3
calculate difference between 2 dates and times with strftime I have the below search: index=cd source=jenkins pr_number=* \| stats count as Total , earliest(_time) as start, lat... by Sfry1981 Communicator in Splunk Search 04-07-2020 0 2	0	2
Subsearch produced 50000 results, truncating to 50000 - Need help! Hi, I am dealing with a situation here. Trying to join 2 queries to find out the peak hour volume in last 90 days on ... by Shashank_87 Explorer in Splunk Search 04-07-2020 0 9	0	9
Calculate total continuous duration when value is equal or above static threshold with resetting calculation when it goes below I have a log that contains numerical value which is logged irregularly: I would like to calculate (and show on time... by pawelzak New Member in Splunk Search 04-07-2020 0 4	0	4
How to get a percentage calculation ? I am writing a query which is going to a scheduled report. I have 3 servers/hosts (serv1, serv2, serv3) whose average... by zacksoft Contributor in Splunk Search 04-07-2020 0 1	0	1
average for a field value per n number of events How would i find the average value of a certain field per a certain amount of events Example: i have 1000 events and... by zubairaizatron Explorer in Splunk Search 04-07-2020 0 5	0	5
インデックス別データ取り込み量確認方法 Splunk7.3.3を利用しています。複数のインデックスを持っています。インデックス毎の1日あたりのデータ取込み量を確認する方法をご教授いただきたいです。 by nw0605 New Member in Splunk Search 04-07-2020 0 1	0	1
How to rex field to a field I have a rex as such: \| rex field=host "(?<sydney>10-92-3[2-4])" \| rex field=host "(?<melbourne>10-92-11[0-2])" wh... by racans New Member in Splunk Search 04-06-2020 0 1	0	1