Splunk Search

Community Activity

confusion with @ symbol I know that '@' rounds off to the nearest time. For example, if we have 9:37, shouldn't it round off to 10 instead of... by palisetty Communicator in Splunk Search 01-02-2020 0 12	0	12
There is no way to base a search on a date time field other than _time when using the datetime picker in the search app. Change my mind. PLEEEEEEASE!!! All, I love Splunk as it makes tons of things super simple. Until it comes time to use the date time picker with any ... by mumblingsages Path Finder in Splunk Search 01-02-2020 0 8	0	8
How do I find the average time (by day) of an event? I have a search that returns the time of the first instance of a specific event (field "firstaction") by date (field ... by drmorgan78 New Member in Splunk Search 01-02-2020 0 8	0	8
Finding Outliers on event counts I am trying to build a query to find outliers using avg and stdev on a perfmon counter but the counter is not a value... by childroland Explorer in Splunk Search 01-02-2020 0 11	0	11
Can an alert's actions be data-driven? Suppose, one has an alert defined for checking multiple application-instances. Can the actions defined for the alert... by unitedmarsupial Path Finder in Splunk Search 01-02-2020 0 11	0	11
How to search records sequentially? I have a search: index=lab-testresults sourcetype=lab-testresults type=testCase and inside of the testCase I have a f... by disillusioned New Member in Splunk Search 01-02-2020 0 2	0	2
How to Display Only Count of 0 Greetings, I've been trying to tweak an inherited report to only show the results where the count of events is blank... by vwilson3 Path Finder in Splunk Search 01-02-2020 0 5	0	5
Stats Sum question I have sum (field) which has been piped into stats sum of another field, Not sure what is happening here. Kindly help... by palisetty Communicator in Splunk Search 01-02-2020 0 7	0	7
Multisearch on one index. need to add wieght to results and Timechart final results All, I've been banging my head against the wall on this. Maybe its not possible, I don't know. I'm doing a multi se... by matt1t Explorer in Splunk Search 01-02-2020 0 2	0	2
How to pattern match with the extracted field I have a report generated with following fields, Field 1 , Field 2, Field 3. I have to create an alert based on the... by Deprasad Path Finder in Splunk Search 01-02-2020 0 2	0	2
multiple stats count function in the same search component @gcusello I have multiple count functions in the same search component. What does it mean by that? What is really ha... by palisetty Communicator in Splunk Search 01-02-2020 0 1	0	1
How to display media field Hi everyone, I'm trying this search but apparently Splunk doesn't have the same logic as SQl. Can someone give me he... by tahasefiani Explorer in Splunk Search 01-02-2020 0 3	0	3
How to search the results produced by the multireport command? I have the following search: index="main" \|rename Proj_repo AS Project \| multireport [ stats values(Project) AS Proj... by jlkokko Path Finder in Splunk Search 01-02-2020 0 7	0	7
Using NOT and != would return the same results. (T/F) Using NOT and != would return the same results. For me, the answer is false but quizlet says true. I say false ... by palisetty Communicator in Splunk Search 01-01-2020 1 4	1	4
Help with stats count between two urls Hi all, hope there is a way to do the following. I am trying to find out how many events it takes for a user to go f... by stephenreece New Member in Splunk Search 01-01-2020 0 8	0	8
Help extracting totalCount out of nested JSON { [-] detailMap: { [-] critical: false result: 0 totalCnt: 5 txnCountWithIgnoredIRC: 0 wa... by bhavya49 New Member in Splunk Search 01-01-2020 0 2	0	2
Search terms are case sensitive or case insensitive. Search terms are case sensitive or case insensitive? (components of search language)? For me, the answer is case sen... by palisetty Communicator in Splunk Search 01-01-2020 0 9	0	9
categorize or classify dissimilar field values at search time? The goal is to generate a new field "Category" and assign it an arbitrary value (e.g. "Error") depending on which reg... by mitag Contributor in Splunk Search 12-31-2019 0 4	0	4
Correlating two alerts question I have the following 2 alerts and need to correlate them. The first one is looks for an OS reboot. The second one l... by sbgoldberg13 Explorer in Splunk Search 12-31-2019 0 5	0	5
Why is the Splunk Enterprise 'WGet' link so slow? I'm trying to automate the deployment of the Heavy Forwarder, as part of that i'm automatically fetching the Splunk H... by patrick112 New Member in Splunk Search 12-31-2019 0 0	0	0
Create more efficient "IF"statement that looks at the last 30 days \| eval nessus = if(like(nessus, "%2019") AND relative_time(now(), "-30d@d") < strptime(nessus,"%m/%d/%Y"), 1, 0) Ab... by UMDTERPS Communicator in Splunk Search 12-31-2019 0 2	0	2
Systemd support with Splunk does not work on SLES When we set up Splunk to start under systemd it prompts us recursively for the root password even we're running Splun... by dchoi_splunk Splunk Employee in Splunk Search 12-31-2019 0 5	0	5
Is max_searches_per_cpu at 6 a good set-up? On our primary search head max_searches_per_cpu is set to 6. I wonder if it’s a good effective set-up. Where can I fi... by danielbb Motivator in Splunk Search 12-31-2019 0 7	0	7
How to group events by time after using timechart span? I'm using the following search with timechart span=1h to show how many events appear by the day and hour: \|inputlook... by russell120 Communicator in Splunk Search 12-31-2019 0 7	0	7
How to assign a custom scoring scale based on device type? (eval related) Hello, Currently we have a scoring for our systems that counts each server, router, switch, firewall, workstation, e... by UMDTERPS Communicator in Splunk Search 12-31-2019 0 8	0	8