Splunk Search

Community Activity

Combine result from 2 queries into same bar chart I see such questions are frequently asked on this forum, but I still don't get a clear picture yet. I have my first ... by hardywang Explorer in Splunk Search 01-06-2020 0 4	0	4
Compare field value from different sourcetypes to list the value of the third field Hi All, i have 2 files indexed as 2 different source types. In Sourcetype1 i created: 1. Field1 presents the value o... by mardix86 New Member in Splunk Search 01-06-2020 0 1	0	1
Using 'by' clause overrides 'limit'? I have used the following source="C:\Users\spali\Downloads\products\*" host="DESKTOP-K35HBNT" \| top product_name pri... by palisetty Communicator in Splunk Search 01-06-2020 0 2	0	2
How to extract the same URL with dynamic values such as Session ID,CategoryID? I want to group all the URL with dynamic values such as sessionid , category id ,etc, and display as 1 URL with count... by raghul1117 New Member in Splunk Search 01-06-2020 0 2	0	2
Can I see the top skipped searches? Is there a way to categorize the skipped searches by volume, by time of invocation, etc? We are trying to understand ... by danielbb Motivator in Splunk Search 01-05-2020 0 5	0	5
How can I find the related search job to an error message in splunkd.log Hi, we have an error message in splunkd.log. Error Message: "Invalid value "*" for time term 'earliest'" It happe... by dietertaucher New Member in Splunk Search 01-05-2020 0 1	0	1
what's max # events I can have timestamped with a particular second? millisecond? If that limit is breached, what will stop working? Is there a way to raise the limit? Merged question: I'm running... by V_at_Splunk Splunk Employee in Splunk Search 01-05-2020 6 15	6	15
Your search did not return any events because you are in Smart Mode. @gcusello @richgalloway @woodcock Your search did not return any events because you are in Smart Mode. In what all s... by palisetty Communicator in Splunk Search 01-04-2020 0 2	0	2
REST vs. Normal Search What is the difference between a normal search in Splunk and a search that incorporates the REST command? by itsmevic Communicator in Splunk Search 01-03-2020 0 4	0	4
timechart and verbose mode Why does when we run timechart, search mode changes to verbose? I ran this with smart mode and suddenly see it in ver... by palisetty Communicator in Splunk Search 01-03-2020 0 1	0	1
How to change color of row after column has a certain value? I'm somewhat new to Splunk. I have a dashboard displaying a table with data. I have code that fills in the columns ... by bmendez0428 Explorer in Splunk Search 01-03-2020 0 2	0	2
Why dedup when we have stats values function @gcusello @woodcock @richgalloway Why do we need two functions for the same functionality? 'dedup' displays unique v... by palisetty Communicator in Splunk Search 01-03-2020 0 2	0	2
Get daily event count with reference to a field called "TIME_CREATED" rather than using index time Tried to use the below query but unfortunately events are grouped with reference to _time index=omi_UAT host=* sour... by anz999 Loves-to-Learn Lots in Splunk Search 01-03-2020 0 3	0	3
Need Regex Hi Please help me with the regex for below 1) Hostname 2) IP address 3) UserID (for eg: vijay_111) 4) mail id by VijaySrrie Builder in Splunk Search 01-03-2020 0 5	0	5
comparing data from index and input table Hi Everyone, Thanks for your support too. I have indexed data of staff events from a source. One field in that da... by 60150134 New Member in Splunk Search 01-03-2020 0 1	0	1
Change value of field at index time based on condition Hi, I am wondering if its possible t change value of field based on condition at index time. For example: If the l... by shayhibah Path Finder in Splunk Search 01-03-2020 0 3	0	3
On Splunk Search UI, The column and "edit mark" to edit the column are overlapped When I run my custom search command, the results in Splunk's Statistics tab are appearing in a weird UI. The column a... by umairahmad3985 Path Finder in Splunk Search 01-02-2020 0 2	0	2
confusion with @ symbol I know that '@' rounds off to the nearest time. For example, if we have 9:37, shouldn't it round off to 10 instead of... by palisetty Communicator in Splunk Search 01-02-2020 0 12	0	12
There is no way to base a search on a date time field other than _time when using the datetime picker in the search app. Change my mind. PLEEEEEEASE!!! All, I love Splunk as it makes tons of things super simple. Until it comes time to use the date time picker with any ... by mumblingsages Path Finder in Splunk Search 01-02-2020 0 8	0	8
How do I find the average time (by day) of an event? I have a search that returns the time of the first instance of a specific event (field "firstaction") by date (field ... by drmorgan78 New Member in Splunk Search 01-02-2020 0 8	0	8
Finding Outliers on event counts I am trying to build a query to find outliers using avg and stdev on a perfmon counter but the counter is not a value... by childroland Explorer in Splunk Search 01-02-2020 0 11	0	11
Can an alert's actions be data-driven? Suppose, one has an alert defined for checking multiple application-instances. Can the actions defined for the alert... by unitedmarsupial Path Finder in Splunk Search 01-02-2020 0 11	0	11
How to search records sequentially? I have a search: index=lab-testresults sourcetype=lab-testresults type=testCase and inside of the testCase I have a f... by disillusioned New Member in Splunk Search 01-02-2020 0 2	0	2
How to Display Only Count of 0 Greetings, I've been trying to tweak an inherited report to only show the results where the count of events is blank... by vwilson3 Path Finder in Splunk Search 01-02-2020 0 5	0	5
Stats Sum question I have sum (field) which has been piped into stats sum of another field, Not sure what is happening here. Kindly help... by palisetty Communicator in Splunk Search 01-02-2020 0 7	0	7