Splunk Search

Community Activity

while using streamstats avg(daycount) the resulting stats are out of order My current search string looks like this: index=cisco host=cr0* OR host=SC0* \| stats count as daycount by date_month... by caseygj Explorer in Splunk Search 01-15-2020 0 4	0	4
Data Model: TStats time-functions get latest NOT NULL Hi, I'm having trouble retrieving my fields from an accelerated data model. The main problem is that most of the fie... by hbrandt84 Path Finder in Splunk Search 01-15-2020 0 2	0	2
Replace Text result Hi i try to changue this result of Active directory : 01/14/2020 08:43:35 PM LogName=Security SourceName=Microsoft... by andreguerrero12 New Member in Splunk Search 01-15-2020 0 1	0	1
Generate a lookup for EPS Hello. I have an index with traffic from 10 devices. I want to generate a lookup that contains the avg EPS over the... by csprice Path Finder in Splunk Search 01-15-2020 0 5	0	5
splunk db connect Hello community , I would like to know where splunk db connect stored data ? by aalaa Path Finder in Splunk Search 01-15-2020 0 5	0	5
I'm trying to move fields from multi value fields using mvindex. Currently under "time" field I have only 3 values so i am easily moving them as new field. Is there anyway to automate this process without hard coding it? time = 9:30 10:30 11:30 Currently I am doing this \| eval first.time=mvindex(time, 1), s... by praneeth2050 Explorer in Splunk Search 01-15-2020 0 4	0	4
How to divide a sum based values/count ? \| stats sum("Sum of consumption") as Total_Consumption count as Session I got as a result in splunk / statistics char... by aryamehr360 New Member in Splunk Search 01-15-2020 0 1	0	1
Retrieve configuration items from a custom python search command I would like to get configuration items from within a custom search python command. I have created a setup which add... by domgkc Explorer in Splunk Search 01-15-2020 3 5	3	5
pass value of field from one search to another when using appendpipe I have a below search query: \| inputlookup splunk_report_test.csv \| where report_type="upcoming_offers" \| looku... by nagar57 Communicator in Splunk Search 01-15-2020 0 3	0	3
how to avoid breaking event order of multi value field Hi community, I am wondering, how can i keep the data of multi value field based in the order it happened, when show... by sharif_ahmmad Explorer in Splunk Search 01-14-2020 0 4	0	4
How to returns 0 or null if no results with tstats over time? First of all, I apologize if I missed the answer somewhere and for my bad english. I try to supervise my hosts, inde... by nrodrigues Engager in Splunk Search 01-14-2020 0 1	0	1
Filter multisearch results after matching on _time Definitely a noob, and I must be missing something simple... I have two log files reporting the same error at similar... by pholderness New Member in Splunk Search 01-14-2020 0 4	0	4
Search result Not consistent Hello Folks, I am new to splunk SDK and i am trying to write a code that search and return a search result from the ... by balesh New Member in Splunk Search 01-14-2020 0 0	0	0
There are a list of apps present on shcluster , how to check if any knowledge objects are associated/mapped to each apps? I have multiple apps on shcluster, "/application/splunk/etc/shcluster/apps" . I need to check if there are any Knowle... by Nilesh3110 Explorer in Splunk Search 01-14-2020 0 6	0	6
How to use rex to perform field extraction from the end of the field as opposed to the beginning I want to extract the top level domain from the CN field of a certificate in Splunk. The CN field may have multiple ... by thomas_porter Explorer in Splunk Search 01-14-2020 0 3	0	3
Index feed is having low throughput Dear All, I am a SplunkAdmin and we are facing significant data low throughput in some of the indexes. There are man... by EHariharan Explorer in Splunk Search 01-14-2020 0 2	0	2
Is it possible to run a search within an eval if statement? Hello, I am wondering if it possible to do a search within an "if" statement. I have tried what I have in the searc... by WoolarCJ New Member in Splunk Search 01-14-2020 0 6	0	6
Splunk Other category when group by Hi, I have saved search below Queryone and want to classify anything not falling under regx pattern for APIFamily in ... by msrama5 Explorer in Splunk Search 01-14-2020 0 4	0	4
Splunk group by value with pattern matching I have saved search below FirstQuery which group by values with pattern matching and want to classify anything not fa... by msrama5 Explorer in Splunk Search 01-14-2020 0 1	0	1
Search query: Unique values based on time Hi Community, I'm using the search query to search for the user activity and I get the results with duplicate rows wi... by siddharth1479 Path Finder in Splunk Search 01-14-2020 0 17	0	17
Create a query to compare Asset Inventory to see if an Asset exists between data pushes? I am trying to create a dashboard that will showcase, between data pulls, the assets that no longer exists in the ind... by dscott10 New Member in Splunk Search 01-14-2020 0 0	0	0
Convert a string in ISO 8601 to local time zone (accounting for DST) I have a string from a complex JSON event providing an ISO 8601 date/time in UTC. I want to convert it to the local t... by jkotula New Member in Splunk Search 01-14-2020 0 8	0	8
How to run a parameterized map command as a savedsearch report? Hi everyone, I have the following dummy search saved as a report: \| makeresults count=1 \| eval test="Hello" \| map ... by bojanjanisch New Member in Splunk Search 01-14-2020 0 1	0	1
Timechart mouse over Is it possible to have a mouse over hover in a dashboard with several timecharts that will highlight the exact time o... by ialahdal Path Finder in Splunk Search 01-14-2020 1 1	1	1
Return value based on missing field I want to make a search that will return a count of session_id based on the following fields logged_out, logged_in I ... by ialahdal Path Finder in Splunk Search 01-14-2020 0 4	0	4