Splunk Search

Community Activity

How to get a percentage calculation ? I am writing a query which is going to a scheduled report. I have 3 servers/hosts (serv1, serv2, serv3) whose average... by zacksoft Contributor in Splunk Search 04-07-2020 0 1	0	1
average for a field value per n number of events How would i find the average value of a certain field per a certain amount of events Example: i have 1000 events and... by zubairaizatron Explorer in Splunk Search 04-07-2020 0 5	0	5
インデックス別データ取り込み量確認方法 Splunk7.3.3を利用しています。複数のインデックスを持っています。インデックス毎の1日あたりのデータ取込み量を確認する方法をご教授いただきたいです。 by nw0605 New Member in Splunk Search 04-07-2020 0 1	0	1
How to rex field to a field I have a rex as such: \| rex field=host "(?<sydney>10-92-3[2-4])" \| rex field=host "(?<melbourne>10-92-11[0-2])" wh... by racans New Member in Splunk Search 04-06-2020 0 1	0	1
how to loop through json array based on expression and create counter i'm hardcoding some data like names, where i will pass in a token in the future, to create a simple example of what i... by gpSplunk123 Engager in Splunk Search 04-06-2020 0 4	0	4
timechart limit: pick top 10 series with the highest peaks (of all time), not total sums I'm looking to investigate IP addresses with highest peak loads on our service. Here's my current query: application... by amomchilov Explorer in Splunk Search 04-06-2020 0 4	0	4
How can I change the field values to another value ? Hello Guys! I need to change the values that are present in the field "Item Codigo" . For example: 040500603S007C... by dbrancaglion Explorer in Splunk Search 04-06-2020 0 1	0	1
New index does not show I have created a second index called "nagios" exclusivly to collect data from my nagios install. Nagios has populated... by Mr_Robaloba Explorer in Splunk Search 04-06-2020 3 6	3	6
Timechart and Order of Operations I am struggling with the order of operations in my timechart query. I need to show the number of Users who accessed a... by mistydennis Communicator in Splunk Search 04-06-2020 0 3	0	3
can some one help me with SPL index= xxxxxx sourcetype=xxxxxx \| eval import_time=strftime(_time, "%Y-%m-%d:%H") \| eval import_timeday=strftime(_tim... by vikram1583 Explorer in Splunk Search 04-06-2020 0 1	0	1
I want to create an app which should show all the other apps in splunk ? Hello, I want to create an app which should show all the app as home page for admins. I have like 15 apps which shou... by arunsoni Explorer in Splunk Search 04-06-2020 0 2	0	2
Timechart peaks - replace sum with max Hi all, I'm looking to create a timechart from a very large dataset. I just want to count the occurrence of a custom... by rowancoleman Explorer in Splunk Search 04-06-2020 1 6	1	6
How to display the exact date from time modifiers? I would like to know how to display the exact date of the time modifiers which are specified in the earliest and late... by akarivaratharaj Communicator in Splunk Search 04-06-2020 0 4	0	4
Slow child dataset Hello, Currently, we are using multiple datamodels for same data (post filters are different). Now we are trying to... by AKG1_old1 Builder in Splunk Search 04-06-2020 0 0	0	0
extract a field from event source filename How can I configure Splunk to extract some fields from the source filename. I already specify a host_regex and that... by jstillwell Explorer in Splunk Search 04-05-2020 4 8	4	8
Can Base Searches be nested? I tried to do the following in a dashboard: First declare two base searches, the second one using the first one: <s... by roukepouw Explorer in Splunk Search 04-05-2020 1 7	1	7
Timechart visualization does not match statistics I have a csv with just 2 columns Time & memory. the events look like this, so this is basically a csv extract of a se... by Sukisen1981 Champion in Splunk Search 04-05-2020 0 6	0	6
-45m@d what it means Hi @gcusello hope you are doing good, As far as I understand, m@d means, beginning of the day, and -45m@d means, 45 m... by palisetty Communicator in Splunk Search 04-05-2020 0 2	0	2
I have a order data, I need to trend the order for last 15 days, plotting three values high, low and current in a same graph I have a order data, I need to trend the order for last 15 days, plotting three values high, low and current in a sam... by petersamueljohn New Member in Splunk Search 04-04-2020 0 2	0	2
Choose either of the available field from multiple queries I am trying to search on two indices. Both of them have a field which represents time. But in one index, that field i... by arnavzz New Member in Splunk Search 04-04-2020 0 1	0	1
Search to convert GMT to EST I have events with GMT time .I want to convert to EST. Wed, 25 Mar 2020 21:43:31 GMT title="Webex Meetings: Users co... by vrmandadi Builder in Splunk Search 04-04-2020 0 1	0	1
How to use the value of a variable as a text for a timechart field Hi, As part of my search, I'm building some strings with eval and assigning variable to it. I want to use these buil... by lsantacana Engager in Splunk Search 04-04-2020 0 1	0	1
Adding the most recent _indextime/_time to results table We are attempting to write a report querying multiple indexes, which creates a table using data from each. Our challe... by lbrhyne Path Finder in Splunk Search 04-04-2020 0 2	0	2
Expand multivalue field to show subtotals. Hi Everyone, I have a query that produces table 1 below. \| from inputlookup:"incident.csv" \| where caused_by >= " "... by jdlocklin526 Observer in Splunk Search 04-04-2020 0 2	0	2
Mass Searching for multiple domains Hello! I am trying to search for multiple malware domains in our logs. I cant figure out how to add multiple domains ... by alexman616 Engager in Splunk Search 04-03-2020 0 4	0	4