Splunk Search

Community Activity

Higher Skipping Searches from Datamodel Acceleration Searches We have more than 90% of skipping rate from our datamodel acceleration searches, and most of them show like 99.96% co... by lucas4394 Path Finder in Splunk Search 01-08-2020 0 0	0	0
Can you put a non-tabled field in an alert title? I want to be able to put a token in my alert title that is derived from a field NOT in the displayed results table. ... by nick405060 Motivator in Splunk Search 01-08-2020 1 3	1	3
How to get ratio of different values in the same field? How do I get the ratio for two values of the same field? When I run the following command: host=web_app action=* fi... by constantinetabs New Member in Splunk Search 01-08-2020 0 1	0	1
how to insert a macro name as field value if the results on the search match to a macro? I have a query which displays some statistical results. Now I want to add a column macro_match which contains the mat... by pavanae Builder in Splunk Search 01-08-2020 0 1	0	1
How to join below 2 indexes? Join below 2 indexes on basis of user index=_internal sourcetype=splunkd_ui_access q!="" \| rex field=uri_query "disp... by utkarsh_s New Member in Splunk Search 01-08-2020 0 1	0	1
how to convert sumologic query to splunk? Hi, How to convert this sumologic query to splunk _collector="M2" "Memory Monitor" \| parse ",DB Job-Connection-Poo... by dbashyam Explorer in Splunk Search 01-08-2020 0 3	0	3
Splunk Transaction command for events multiple time/day I am using this query "index=oswin* source="WinEventLog:System" (EventCode=6005 OR EventCode=1074 OR EventCode=6006) ... by sarwshai Communicator in Splunk Search 01-08-2020 0 1	0	1
Calculate percentage from 2 tstats searches EDIT: The below search suddenly did work, so my issue is solved! So I have two searches in a dashobard, but resultin... by ftonen Explorer in Splunk Search 01-08-2020 0 7	0	7
Aws dns field extraction We are trying to do field extraction of the aws dns events, currently we are getting the events with below indexname,... by martinnepolean Explorer in Splunk Search 01-08-2020 0 6	0	6
Problem With keeping relevant data in the same row while expanding multi value fields Hello, i have been trying to expand multi value fields from different source-type. Problem is that when i do expand ... by sharif_ahmmad Explorer in Splunk Search 01-07-2020 0 3	0	3
LOOKUP operation in default/props.conf disable FIELDALIAS in local/props.conf Hi, I upgrade in 7.3.3 and i have a problem with one fieldalias I know the ASNEW settings since 7.2.4 restore old b... by secuc2r83 Path Finder in Splunk Search 01-07-2020 0 0	0	0
Data not being displayed with previous working query. Hi Community, I've been using Splunk enterprise search and reporting since a month now and now when I try to search w... by siddharth1479 Path Finder in Splunk Search 01-07-2020 0 8	0	8
Highlight line chart depending on value from 2nd column. I have 2 columns. First column has values on which my splunk line chart is dependent on. Second column has values onl... by raj00350 New Member in Splunk Search 01-07-2020 0 2	0	2
Calculate Maximum transaction per seconds (TPS) day wise Hi, I want to calculate max TPS on a particular day for last 3 months for some specific URL's. I just have 5 URL's so... by Shashank_87 Explorer in Splunk Search 01-07-2020 0 0	0	0
What is the difference between a "lookup" and a "lookup file"? Wildly frustrated poring over the Splunk documentation -- there are absolutely no good introductions to any topic! An... by jkotula New Member in Splunk Search 01-07-2020 0 3	0	3
Issues with props.conf and EVAL function Hi, I am trying to add new evaluation for a field in search-time. For some reason, when I run query from my search h... by shayhibah Path Finder in Splunk Search 01-07-2020 0 1	0	1
Expand two multi value field with different format using mvexpand Trying to expand two multi value field using mvexpand for below scenario: Jhon purchased Mango and Banana both. Co... by ahmadshakir1952 Explorer in Splunk Search 01-07-2020 0 6	0	6
Overlay 2 time based grouped results in a Chart Given the 2 following searches which are both over a 30 day period (and each having multiple countries in the results... by GadgetGeek Path Finder in Splunk Search 01-07-2020 0 20	0	20
Different results using stats vs timechart I'm building a dashboard that shows a stacked column chart of different items sold in the last 6 months (using timech... by wu_weidong Path Finder in Splunk Search 01-06-2020 0 3	0	3
Are there any lint type tools for the Splunk SPL? As part of a testing plan, we would like to have a tool check syntax of our block of Splunk queries. Are there any ... by miburo Explorer in Splunk Search 01-06-2020 1 2	1	2
Is there any way to customize the default list of data fields collected by Splunk Mint iOS SDK? We are using Splunk Mint SDK in our iOS app. By default it collects a lot of fields listed here - https://docs.splunk... by gorbikvv New Member in Splunk Search 01-06-2020 0 0	0	0
How can I find out the average run time of a query? Based on Can I see the top skipped searches? I got a couple of offending queries, with a message such as - The maxim... by danielbb Motivator in Splunk Search 01-06-2020 0 3	0	3
Chart not sorting dates the way I would expect Hello everyone, I have a self-service dashboard running in our Splunk Cloud V6.2 environment which displays indexed... by jeck11 Path Finder in Splunk Search 01-06-2020 0 0	0	0
How to optimize a subsearch with a wide range? I have a subsearch that I use to determine the first occurrence of the issue logged. I currently have an earliest=-4d... by lmzheng Explorer in Splunk Search 01-06-2020 0 3	0	3
Exporting search results to Amazon S3 buckets How can I export my search results or send alert results to an AWS S3 bucket? by Vijeta Influencer in Splunk Search 01-06-2020 0 1	0	1