Splunk Search

Community Activity

Lookup fails unless using a table The query below produces the results expected, but if I remove the "table PSID" section (bolded) it fails, saying 22 ... by klhogan New Member in Splunk Search 01-16-2020 0 2	0	2
How to show count of events by host as well as total count (both per minute in same search) How to show count of events by host as well as total count (both per minute in same search) by sahil237888 Path Finder in Splunk Search 01-16-2020 0 1	0	1
How can I get the Splunk Python SDK API to return results faster than 100 kB per second? How can I get the splunk SDK API to return results faster than 100 kB / second? Some context: I am trying to create ... by nikos_d Explorer in Splunk Search 01-16-2020 3 3	3	3
How to create a more efficient sitimechart for distinct count? When using index=blah \| sitimechart dc(field1) by field2 It saves every single element for field1 concatenated into a... by pr0n Explorer in Splunk Search 01-16-2020 0 3	0	3
FIPS and Splunk Compatibility I have inherited a Splunk Enterprise and FIPS is on for about half of the environment. My experience has always been ... by plymalebl Explorer in Splunk Search 01-16-2020 2 0	2	0
How to filter out results from splunk search from a set criteria.? I have a raw the i extract and filter and table them according to Country _raw [{"Conutry":"America","State":"Nevada... by NayneshPatel New Member in Splunk Search 01-16-2020 0 2	0	2
compare current hour and previous hour value in search and find difference ? I want to compare current top of an hour value with previous top of an hour value. For e.g. between 9 am to 10 am - g... by pgadhari Builder in Splunk Search 01-15-2020 0 9	0	9
How to combine two different time source fields into _time Dears; how can I combine Date/Time of two different source as follow; CSV-01(pic-1) and CSV-02(pic-2) input in spl... by kaungset New Member in Splunk Search 01-15-2020 0 6	0	6
Lookup slowing performance ways to optimize Hi , I have the following search query that lookups definition file TeamsLookupDef which has 200 mappings between ap... by msrama5 Explorer in Splunk Search 01-15-2020 0 3	0	3
for each column return max value and row key value Hello, I have SPL search that returns output in the following format: Device K1 K2 K3 A x1 y1 z1 B ... by wsabry New Member in Splunk Search 01-15-2020 0 4	0	4
while using streamstats avg(daycount) the resulting stats are out of order My current search string looks like this: index=cisco host=cr0* OR host=SC0* \| stats count as daycount by date_month... by caseygj Explorer in Splunk Search 01-15-2020 0 4	0	4
Data Model: TStats time-functions get latest NOT NULL Hi, I'm having trouble retrieving my fields from an accelerated data model. The main problem is that most of the fie... by hbrandt84 Path Finder in Splunk Search 01-15-2020 0 2	0	2
Replace Text result Hi i try to changue this result of Active directory : 01/14/2020 08:43:35 PM LogName=Security SourceName=Microsoft... by andreguerrero12 New Member in Splunk Search 01-15-2020 0 1	0	1
Generate a lookup for EPS Hello. I have an index with traffic from 10 devices. I want to generate a lookup that contains the avg EPS over the... by csprice Path Finder in Splunk Search 01-15-2020 0 5	0	5
splunk db connect Hello community , I would like to know where splunk db connect stored data ? by aalaa Path Finder in Splunk Search 01-15-2020 0 5	0	5
I'm trying to move fields from multi value fields using mvindex. Currently under "time" field I have only 3 values so i am easily moving them as new field. Is there anyway to automate this process without hard coding it? time = 9:30 10:30 11:30 Currently I am doing this \| eval first.time=mvindex(time, 1), s... by praneeth2050 Explorer in Splunk Search 01-15-2020 0 4	0	4
How to divide a sum based values/count ? \| stats sum("Sum of consumption") as Total_Consumption count as Session I got as a result in splunk / statistics char... by aryamehr360 New Member in Splunk Search 01-15-2020 0 1	0	1
Retrieve configuration items from a custom python search command I would like to get configuration items from within a custom search python command. I have created a setup which add... by domgkc Explorer in Splunk Search 01-15-2020 3 5	3	5
pass value of field from one search to another when using appendpipe I have a below search query: \| inputlookup splunk_report_test.csv \| where report_type="upcoming_offers" \| looku... by nagar57 Communicator in Splunk Search 01-15-2020 0 3	0	3
how to avoid breaking event order of multi value field Hi community, I am wondering, how can i keep the data of multi value field based in the order it happened, when show... by sharif_ahmmad Explorer in Splunk Search 01-14-2020 0 4	0	4
How to returns 0 or null if no results with tstats over time? First of all, I apologize if I missed the answer somewhere and for my bad english. I try to supervise my hosts, inde... by nrodrigues Engager in Splunk Search 01-14-2020 0 1	0	1
Filter multisearch results after matching on _time Definitely a noob, and I must be missing something simple... I have two log files reporting the same error at similar... by pholderness New Member in Splunk Search 01-14-2020 0 4	0	4
Search result Not consistent Hello Folks, I am new to splunk SDK and i am trying to write a code that search and return a search result from the ... by balesh New Member in Splunk Search 01-14-2020 0 0	0	0
There are a list of apps present on shcluster , how to check if any knowledge objects are associated/mapped to each apps? I have multiple apps on shcluster, "/application/splunk/etc/shcluster/apps" . I need to check if there are any Knowle... by Nilesh3110 Explorer in Splunk Search 01-14-2020 0 6	0	6
How to use rex to perform field extraction from the end of the field as opposed to the beginning I want to extract the top level domain from the CN field of a certificate in Splunk. The CN field may have multiple ... by thomas_porter Explorer in Splunk Search 01-14-2020 0 3	0	3