Splunk Search

Community Activity

Data manipulation. Is this feasible ? Let's say I have a CSV with 2 columns So I have transactions count per day mentioned against the date.. Now I want to... by reverse Contributor in Splunk Search 11-13-2019 0 2	0	2
Timechart for a span=2hrs not splitting from 00:00 For example in the below search, when I try to perform timechart for span=2hrs, why it always takes from 23:00 of the... by vinaybandaru Path Finder in Splunk Search 11-13-2019 1 11	1	11
Conditional search Below is the log example. Fri Oct 11 20:01:48 2019: History was not closed with a proper agent termination after the ... by zzhao05 New Member in Splunk Search 11-13-2019 0 5	0	5
How do I find the time period when my events were in a particular state I am new to splunk and I am ingesting data from smart lights from my home into splunk, I want to create dashboard to ... by smucheli_splunk Splunk Employee in Splunk Search 11-13-2019 0 1	0	1
How to use a lookup after an inputlookup I can't get a search to work, the column I want to add with a lookup stays empty. The following example lookup I'm u... by atsin New Member in Splunk Search 11-13-2019 0 1	0	1
How to add different marker types for different lines in one chart? Hi, I have 3 lines in 1 chart (average, threshold, total_alarm) I would like to use different marker types for the 3 ... by bux187 New Member in Splunk Search 11-13-2019 0 1	0	1
Convert audit.log TTY data I'm sending my splunk server /var/log/audit.log data from each client machine (splunkforwarder). I have logging of TT... by cgkades Explorer in Splunk Search 11-13-2019 1 5	1	5
Search _internal for metrics from non-indexer instances Hi, I need to perform a search on forwarder data from the _internal index, but I need to exclude my indexers from th... by eden881 Path Finder in Splunk Search 11-13-2019 0 2	0	2
send job to background - resume after splunkd windows service restart? Hi, I have sent a query manually to the background as a job. It will run quite long since the disks are not the fast... by madingdisk Explorer in Splunk Search 11-13-2019 0 1	0	1
Not able to map 2 different type of events I have following below scenario Different stages of orders placed happens in below sequence order-process started -... by nilbak1 Communicator in Splunk Search 11-12-2019 0 3	0	3
Update search command string of search Manager by js i have an button that change the search command string, i want to update that string to "search" of searchManager and... by cuongnguyen112 Engager in Splunk Search 11-12-2019 0 1	0	1
count users who access the system only once per week or only 52 times per year Hi, I have user names in the field ContextUsername in index/ sourcetype index=otcs sourcetype=OtcsSummarytimings. To... by madingdisk Explorer in Splunk Search 11-12-2019 0 2	0	2
Parameters in script Hi, I have a script which needs parameters to be passed. I know that I can enroll the script in the input.conf file... by dbashyam Explorer in Splunk Search 11-12-2019 0 3	0	3
Calculating fields containing multiple values I have two fields that each contain the same number of multiple values. One contains epoch times for the start of an ... by kamryn Explorer in Splunk Search 11-12-2019 0 6	0	6
How do I divide my other results from one specific result? Currently I have index=* Name=rateA OR rateB OR rateC OR rateD OR rateE \| stats sum(Rate) as sumRate by _time, Name ... by sbentley_ea Explorer in Splunk Search 11-12-2019 0 3	0	3
How do I select a time frame for events? For the following search, I want to display the earliest and latest events within a duration of a year. However, I wa... by lmzheng Explorer in Splunk Search 11-12-2019 0 1	0	1
Append Column Header Field with Multivalues I need to show my table column header in below format. I need to get column name and static header under my column. ... by cchange Path Finder in Splunk Search 11-12-2019 0 4	0	4
eval condition help on manipulating a field which has multiple field values? I have an eval condition in my query as follows My_query \| eval object=host." (".id.")" \| table host object whic... by pavanae Builder in Splunk Search 11-12-2019 0 1	0	1
SPL: Clicking sort order in a table, doesn't display null values Hello, Here is my SPL (although I don't believe it is necessary(?) as this is a (mis)functioning of SPL in general). ... by genesiusj Builder in Splunk Search 11-12-2019 0 4	0	4
Time input is not displaying the correct time Hi I have a table in Splunk dashboard where there is one time input that picks what gets displayed on the panel. Say... by kishan2356 Explorer in Splunk Search 11-12-2019 0 0	0	0
How to avoid the overuse of appendcols? Hi Splunkers! Just wondering whether anyone can advise me on how to tune the following search statement? The reason... by leandromatperei Path Finder in Splunk Search 11-12-2019 0 3	0	3
Why are there no results when time range is set between anything less than time posted? I am plotting a timechart based on a datetime field (timestamp) in the event. The search looks like: * "logname=cus... by angshul Path Finder in Splunk Search 11-12-2019 0 6	0	6
Has anyone created a Splunk search using IBM z/OS SMF type 70 records and calculated the CPU percentage? We are trying to replicate some data that was in an RMF report and imported into Excel for a graph. We are trying to... by bdh5574 New Member in Splunk Search 11-12-2019 0 3	0	3
How to run round on multiple values? The following works on one value - \| eval devicedowntime2 = round(devicedowntime,4) but not on two or more. Is there... by danielbb Motivator in Splunk Search 11-12-2019 0 3	0	3
How to get the plain text of pass4Symmkey? Hi, Please help us to get the plain text of pass4Symmkey. Is there a way to decrypt it? by VijaySrrie Builder in Splunk Search 11-12-2019 1 4	1	4