Splunk Search

Community Activity

How to fill the gaps from days with no data in tstats + timechart query? Hello, I'm trying to get the statistics of the bytes transferred each day with a query like this: \| tstats prestat... by mciudad Explorer in Splunk Search 01-12-2020 0 4	0	4
role (ess_analyst) create lookup file users with ess_analyst role cannot create new lookup file through lookup_editor. whereas i as admin can create lookup... by riqbal47010 Path Finder in Splunk Search 01-12-2020 0 1	0	1
click data point in chart when lines overlap I have a chart in a dashboard with multiple lines showing different error types over time. The lines often overlap an... by swazimodo Path Finder in Splunk Search 01-12-2020 0 3	0	3
Why does limit=x on chart command doesn't work? this search string sourcetype=something \| chart sum(views) as Views over Uploader limit=5 \| sort - Views... by morethanyell Builder in Splunk Search 01-11-2020 1 3	1	3
How to overlay daily avg on count per day using timechart? I have the basic search of for count by day index=foo \| bin _time span=1d \| timechart count How can I overlay the... by jwalzerpitt Influencer in Splunk Search 01-11-2020 0 2	0	2
spath outputs wrong percentage for fields in inner jsons Hi It look like spath calculates its percentage based on the number of available events instead on the number of oc... by electronicsplun New Member in Splunk Search 01-10-2020 0 1	0	1
spath vs rename This is the data: message: { [-] operation: create_session .... I am trying to list the na... by GailLeshinsky New Member in Splunk Search 01-10-2020 0 3	0	3
Rename a field whose name is stored in a lookup at search time I have data that looks like this: List_Data Type A, B, C type_1 .. or it might instead look like this Totally... by chancerose91 Explorer in Splunk Search 01-10-2020 0 3	0	3
How to use eval to find percentage for field values? I have values for a field named action, block, passed, and alerted. How would I go about creating a search to looks f... by jwalzerpitt Influencer in Splunk Search 01-10-2020 0 3	0	3
can we get 4 different fields count per hour I am trying to get count of four fields [ company_name companyID CustomerId Provider] by each hour index=IndexName... by snallam123 Path Finder in Splunk Search 01-10-2020 0 3	0	3
How can you clean up an entry in rest /services/search/jobs? How do you clean out an old dashboard search entry in rest /services/search/jobs ? There is not an entry on the Jobs ... by jaburke1 Path Finder in Splunk Search 01-10-2020 0 1	0	1
Strange Splunk Search Exclusion Results Hello. I am creating a search to see when the Account_Name called "helpdesk" logs in via EventCode 4624 with Logon_Ty... by johann2017 Explorer in Splunk Search 01-10-2020 0 5	0	5
LOOKUP errors Hello, I have been receiving a "could not load lookup=LOOKUP-minemeldfeeds_dest_lookup" error and I am not sure how... by rclifford New Member in Splunk Search 01-10-2020 0 2	0	2
How do I table the average KBps for all my indexers I am using the following command which gives me what I am looking for regarding a single indexer, but I would like a ... by rholm01 Explorer in Splunk Search 01-10-2020 0 1	0	1
Linux Indexer root partition 100% full I had a previous case open on this (#1591420) but cannot seem to find it anymore. In there Joe Love validated my ide... by johnklaiber New Member in Splunk Search 01-10-2020 0 2	0	2
Extracting values (with rex) out of the last two events and concat as one string? Hey everbody I have two different evens for the same file. I need to extract the latest values and concat it to one... by amatthes Observer in Splunk Search 01-10-2020 0 2	0	2
How can i extract keywords from my log as field values for field name API's How can i extract the below block letter keywords (OrderUpdateWithAccountInfoRequest ,VinValidationRequest,GetEntitle... by Sujithkumarkb Observer in Splunk Search 01-10-2020 0 9	0	9
Filter to last value for each day Hello, I have a query like this: action="dateAccuracy" OR action="updateDate->handleEvent[dateAccuracy]" \| reverse \|... by ruhtraeel Path Finder in Splunk Search 01-10-2020 0 3	0	3
Need help in getting the value in vizualization as 0 instead of no result. Need help in getting the value in vizualization as 0 instead of no result. index=nw_syslog "FPC" \|rex field=_raw "F... by jerinvarghese Communicator in Splunk Search 01-10-2020 0 4	0	4
unable to view the events with data lab input i have created a data lab input. the query is configured to fetch the data in batch manner which runs every 30 mins. ... by sagar0907 Engager in Splunk Search 01-09-2020 0 0	0	0
rounding decmials I've tried everthing I've found but for some reason cant round the value for "%_Committed_Bytes_In_Use". different va... by dbagdanoff Explorer in Splunk Search 01-09-2020 0 5	0	5
How to read White spaces in a Field i am trying to count the White space in a Field and extract the rest of the text after 5 white spaces Input string ... by hyn New Member in Splunk Search 01-09-2020 0 3	0	3
ITSI - Some Notables Are Missing intermittently. Intermittently some notables have been missing over time where ITSI runs in a SHC env, ITSI 4.2.1 + Splunk 7.2.8 in S... by sylim_splunk Splunk Employee in Splunk Search 01-09-2020 1 2	1	2
Is there a way to limit a scheduled search by its run time? The skipped searches we have are ones that run for over an hour. Is there a way to limit by configurations the run ti... by danielbb Motivator in Splunk Search 01-09-2020 0 4	0	4
Trying to map IP address from lookup table in search Hi, I am trying to map the ip address in my search to my lookup table, and it should return me the countries of the ... by wailoont Engager in Splunk Search 01-09-2020 0 3	0	3