Splunk Search

Community Activity

compare current hour and previous hour value in search and find difference ? I want to compare current top of an hour value with previous top of an hour value. For e.g. between 9 am to 10 am - g... by pgadhari Builder in Splunk Search 01-15-2020 0 9	0	9
How to combine two different time source fields into _time Dears; how can I combine Date/Time of two different source as follow; CSV-01(pic-1) and CSV-02(pic-2) input in spl... by kaungset New Member in Splunk Search 01-15-2020 0 6	0	6
Lookup slowing performance ways to optimize Hi , I have the following search query that lookups definition file TeamsLookupDef which has 200 mappings between ap... by msrama5 Explorer in Splunk Search 01-15-2020 0 3	0	3
for each column return max value and row key value Hello, I have SPL search that returns output in the following format: Device K1 K2 K3 A x1 y1 z1 B ... by wsabry New Member in Splunk Search 01-15-2020 0 4	0	4
while using streamstats avg(daycount) the resulting stats are out of order My current search string looks like this: index=cisco host=cr0* OR host=SC0* \| stats count as daycount by date_month... by caseygj Explorer in Splunk Search 01-15-2020 0 4	0	4
Data Model: TStats time-functions get latest NOT NULL Hi, I'm having trouble retrieving my fields from an accelerated data model. The main problem is that most of the fie... by hbrandt84 Path Finder in Splunk Search 01-15-2020 0 2	0	2
Replace Text result Hi i try to changue this result of Active directory : 01/14/2020 08:43:35 PM LogName=Security SourceName=Microsoft... by andreguerrero12 New Member in Splunk Search 01-15-2020 0 1	0	1
Generate a lookup for EPS Hello. I have an index with traffic from 10 devices. I want to generate a lookup that contains the avg EPS over the... by csprice Path Finder in Splunk Search 01-15-2020 0 5	0	5
splunk db connect Hello community , I would like to know where splunk db connect stored data ? by aalaa Path Finder in Splunk Search 01-15-2020 0 5	0	5
I'm trying to move fields from multi value fields using mvindex. Currently under "time" field I have only 3 values so i am easily moving them as new field. Is there anyway to automate this process without hard coding it? time = 9:30 10:30 11:30 Currently I am doing this \| eval first.time=mvindex(time, 1), s... by praneeth2050 Explorer in Splunk Search 01-15-2020 0 4	0	4
How to divide a sum based values/count ? \| stats sum("Sum of consumption") as Total_Consumption count as Session I got as a result in splunk / statistics char... by aryamehr360 New Member in Splunk Search 01-15-2020 0 1	0	1
Retrieve configuration items from a custom python search command I would like to get configuration items from within a custom search python command. I have created a setup which add... by domgkc Explorer in Splunk Search 01-15-2020 3 5	3	5
pass value of field from one search to another when using appendpipe I have a below search query: \| inputlookup splunk_report_test.csv \| where report_type="upcoming_offers" \| looku... by nagar57 Communicator in Splunk Search 01-15-2020 0 3	0	3
how to avoid breaking event order of multi value field Hi community, I am wondering, how can i keep the data of multi value field based in the order it happened, when show... by sharif_ahmmad Explorer in Splunk Search 01-14-2020 0 4	0	4
How to returns 0 or null if no results with tstats over time? First of all, I apologize if I missed the answer somewhere and for my bad english. I try to supervise my hosts, inde... by nrodrigues Engager in Splunk Search 01-14-2020 0 1	0	1
Filter multisearch results after matching on _time Definitely a noob, and I must be missing something simple... I have two log files reporting the same error at similar... by pholderness New Member in Splunk Search 01-14-2020 0 4	0	4
Search result Not consistent Hello Folks, I am new to splunk SDK and i am trying to write a code that search and return a search result from the ... by balesh New Member in Splunk Search 01-14-2020 0 0	0	0
There are a list of apps present on shcluster , how to check if any knowledge objects are associated/mapped to each apps? I have multiple apps on shcluster, "/application/splunk/etc/shcluster/apps" . I need to check if there are any Knowle... by Nilesh3110 Explorer in Splunk Search 01-14-2020 0 6	0	6
How to use rex to perform field extraction from the end of the field as opposed to the beginning I want to extract the top level domain from the CN field of a certificate in Splunk. The CN field may have multiple ... by thomas_porter Explorer in Splunk Search 01-14-2020 0 3	0	3
Index feed is having low throughput Dear All, I am a SplunkAdmin and we are facing significant data low throughput in some of the indexes. There are man... by EHariharan Explorer in Splunk Search 01-14-2020 0 2	0	2
Is it possible to run a search within an eval if statement? Hello, I am wondering if it possible to do a search within an "if" statement. I have tried what I have in the searc... by WoolarCJ New Member in Splunk Search 01-14-2020 0 6	0	6
Splunk Other category when group by Hi, I have saved search below Queryone and want to classify anything not falling under regx pattern for APIFamily in ... by msrama5 Explorer in Splunk Search 01-14-2020 0 4	0	4
Splunk group by value with pattern matching I have saved search below FirstQuery which group by values with pattern matching and want to classify anything not fa... by msrama5 Explorer in Splunk Search 01-14-2020 0 1	0	1
Search query: Unique values based on time Hi Community, I'm using the search query to search for the user activity and I get the results with duplicate rows wi... by siddharth1479 Path Finder in Splunk Search 01-14-2020 0 17	0	17
Create a query to compare Asset Inventory to see if an Asset exists between data pushes? I am trying to create a dashboard that will showcase, between data pulls, the assets that no longer exists in the ind... by dscott10 New Member in Splunk Search 01-14-2020 0 0	0	0