Splunk Search

Community Activity

REST vs. Normal Search What is the difference between a normal search in Splunk and a search that incorporates the REST command? by itsmevic Communicator in Splunk Search 01-03-2020 0 4	0	4
timechart and verbose mode Why does when we run timechart, search mode changes to verbose? I ran this with smart mode and suddenly see it in ver... by palisetty Communicator in Splunk Search 01-03-2020 0 1	0	1
How to change color of row after column has a certain value? I'm somewhat new to Splunk. I have a dashboard displaying a table with data. I have code that fills in the columns ... by bmendez0428 Explorer in Splunk Search 01-03-2020 0 2	0	2
Why dedup when we have stats values function @gcusello @woodcock @richgalloway Why do we need two functions for the same functionality? 'dedup' displays unique v... by palisetty Communicator in Splunk Search 01-03-2020 0 2	0	2
Get daily event count with reference to a field called "TIME_CREATED" rather than using index time Tried to use the below query but unfortunately events are grouped with reference to _time index=omi_UAT host=* sour... by anz999 Loves-to-Learn Lots in Splunk Search 01-03-2020 0 3	0	3
Need Regex Hi Please help me with the regex for below 1) Hostname 2) IP address 3) UserID (for eg: vijay_111) 4) mail id by VijaySrrie Builder in Splunk Search 01-03-2020 0 5	0	5
comparing data from index and input table Hi Everyone, Thanks for your support too. I have indexed data of staff events from a source. One field in that da... by 60150134 New Member in Splunk Search 01-03-2020 0 1	0	1
Change value of field at index time based on condition Hi, I am wondering if its possible t change value of field based on condition at index time. For example: If the l... by shayhibah Path Finder in Splunk Search 01-03-2020 0 3	0	3
On Splunk Search UI, The column and "edit mark" to edit the column are overlapped When I run my custom search command, the results in Splunk's Statistics tab are appearing in a weird UI. The column a... by umairahmad3985 Path Finder in Splunk Search 01-02-2020 0 2	0	2
confusion with @ symbol I know that '@' rounds off to the nearest time. For example, if we have 9:37, shouldn't it round off to 10 instead of... by palisetty Communicator in Splunk Search 01-02-2020 0 12	0	12
There is no way to base a search on a date time field other than _time when using the datetime picker in the search app. Change my mind. PLEEEEEEASE!!! All, I love Splunk as it makes tons of things super simple. Until it comes time to use the date time picker with any ... by mumblingsages Path Finder in Splunk Search 01-02-2020 0 8	0	8
How do I find the average time (by day) of an event? I have a search that returns the time of the first instance of a specific event (field "firstaction") by date (field ... by drmorgan78 New Member in Splunk Search 01-02-2020 0 8	0	8
Finding Outliers on event counts I am trying to build a query to find outliers using avg and stdev on a perfmon counter but the counter is not a value... by childroland Explorer in Splunk Search 01-02-2020 0 11	0	11
Can an alert's actions be data-driven? Suppose, one has an alert defined for checking multiple application-instances. Can the actions defined for the alert... by unitedmarsupial Path Finder in Splunk Search 01-02-2020 0 11	0	11
How to search records sequentially? I have a search: index=lab-testresults sourcetype=lab-testresults type=testCase and inside of the testCase I have a f... by disillusioned New Member in Splunk Search 01-02-2020 0 2	0	2
How to Display Only Count of 0 Greetings, I've been trying to tweak an inherited report to only show the results where the count of events is blank... by vwilson3 Path Finder in Splunk Search 01-02-2020 0 5	0	5
Stats Sum question I have sum (field) which has been piped into stats sum of another field, Not sure what is happening here. Kindly help... by palisetty Communicator in Splunk Search 01-02-2020 0 7	0	7
Multisearch on one index. need to add wieght to results and Timechart final results All, I've been banging my head against the wall on this. Maybe its not possible, I don't know. I'm doing a multi se... by matt1t Explorer in Splunk Search 01-02-2020 0 2	0	2
How to pattern match with the extracted field I have a report generated with following fields, Field 1 , Field 2, Field 3. I have to create an alert based on the... by Deprasad Path Finder in Splunk Search 01-02-2020 0 2	0	2
multiple stats count function in the same search component @gcusello I have multiple count functions in the same search component. What does it mean by that? What is really ha... by palisetty Communicator in Splunk Search 01-02-2020 0 1	0	1
How to display media field Hi everyone, I'm trying this search but apparently Splunk doesn't have the same logic as SQl. Can someone give me he... by tahasefiani Explorer in Splunk Search 01-02-2020 0 3	0	3
How to search the results produced by the multireport command? I have the following search: index="main" \|rename Proj_repo AS Project \| multireport [ stats values(Project) AS Proj... by jlkokko Path Finder in Splunk Search 01-02-2020 0 7	0	7
Using NOT and != would return the same results. (T/F) Using NOT and != would return the same results. For me, the answer is false but quizlet says true. I say false ... by palisetty Communicator in Splunk Search 01-01-2020 1 4	1	4
Help with stats count between two urls Hi all, hope there is a way to do the following. I am trying to find out how many events it takes for a user to go f... by stephenreece New Member in Splunk Search 01-01-2020 0 8	0	8
Help extracting totalCount out of nested JSON { [-] detailMap: { [-] critical: false result: 0 totalCnt: 5 txnCountWithIgnoredIRC: 0 wa... by bhavya49 New Member in Splunk Search 01-01-2020 0 2	0	2