Splunk Search

Community Activity

Update search command string of search Manager by js i have an button that change the search command string, i want to update that string to "search" of searchManager and... by cuongnguyen112 Engager in Splunk Search 11-12-2019 0 1	0	1
count users who access the system only once per week or only 52 times per year Hi, I have user names in the field ContextUsername in index/ sourcetype index=otcs sourcetype=OtcsSummarytimings. To... by madingdisk Explorer in Splunk Search 11-12-2019 0 2	0	2
Parameters in script Hi, I have a script which needs parameters to be passed. I know that I can enroll the script in the input.conf file... by dbashyam Explorer in Splunk Search 11-12-2019 0 3	0	3
Calculating fields containing multiple values I have two fields that each contain the same number of multiple values. One contains epoch times for the start of an ... by kamryn Explorer in Splunk Search 11-12-2019 0 6	0	6
How do I divide my other results from one specific result? Currently I have index=* Name=rateA OR rateB OR rateC OR rateD OR rateE \| stats sum(Rate) as sumRate by _time, Name ... by sbentley_ea Explorer in Splunk Search 11-12-2019 0 3	0	3
How do I select a time frame for events? For the following search, I want to display the earliest and latest events within a duration of a year. However, I wa... by lmzheng Explorer in Splunk Search 11-12-2019 0 1	0	1
Append Column Header Field with Multivalues I need to show my table column header in below format. I need to get column name and static header under my column. ... by cchange Path Finder in Splunk Search 11-12-2019 0 4	0	4
eval condition help on manipulating a field which has multiple field values? I have an eval condition in my query as follows My_query \| eval object=host." (".id.")" \| table host object whic... by pavanae Builder in Splunk Search 11-12-2019 0 1	0	1
SPL: Clicking sort order in a table, doesn't display null values Hello, Here is my SPL (although I don't believe it is necessary(?) as this is a (mis)functioning of SPL in general). ... by genesiusj Builder in Splunk Search 11-12-2019 0 4	0	4
Time input is not displaying the correct time Hi I have a table in Splunk dashboard where there is one time input that picks what gets displayed on the panel. Say... by kishan2356 Explorer in Splunk Search 11-12-2019 0 0	0	0
How to avoid the overuse of appendcols? Hi Splunkers! Just wondering whether anyone can advise me on how to tune the following search statement? The reason... by leandromatperei Path Finder in Splunk Search 11-12-2019 0 3	0	3
Why are there no results when time range is set between anything less than time posted? I am plotting a timechart based on a datetime field (timestamp) in the event. The search looks like: * "logname=cus... by angshul Path Finder in Splunk Search 11-12-2019 0 6	0	6
Has anyone created a Splunk search using IBM z/OS SMF type 70 records and calculated the CPU percentage? We are trying to replicate some data that was in an RMF report and imported into Excel for a graph. We are trying to... by bdh5574 New Member in Splunk Search 11-12-2019 0 3	0	3
How to run round on multiple values? The following works on one value - \| eval devicedowntime2 = round(devicedowntime,4) but not on two or more. Is there... by danielbb Motivator in Splunk Search 11-12-2019 0 3	0	3
How to get the plain text of pass4Symmkey? Hi, Please help us to get the plain text of pass4Symmkey. Is there a way to decrypt it? by VijaySrrie Builder in Splunk Search 11-12-2019 1 4	1	4
Comparing lists from day1 with the list of day2 and etc. to get difference I need to compare a list consisting of one field from day1 to day2 and get what values where not listed on day 1 but ... by igschloessl Explorer in Splunk Search 11-12-2019 0 0	0	0
How can one represent different values for a single extracted field? This issue comes from the error logs of a login service. When a user scans their badge and attempts to log in with an... by cb046891 New Member in Splunk Search 11-12-2019 0 2	0	2
Using field from subsearch in stats I have one type of log (let's call A) with format: type=log a; name={name}; I also have log type B with format: type... by infcl Explorer in Splunk Search 11-12-2019 0 2	0	2
Can the Returned Value From a Case Function be a Search Hello, Can the Returned Value From a Case Function be a Search? index="pay_test" AND host IN ("pay20", "pay21") ... by genesiusj Builder in Splunk Search 11-12-2019 0 8	0	8
Detecting Multiple Logins where distinct count I am trying to figure out how to create a search where I am using multiple counts for an alert I am wanting to write.... by willadams Contributor in Splunk Search 11-12-2019 0 4	0	4
combine multiple fields to a single field I need to combine 3 fields as single field eg: Field1 Field2 Field3 3 6 xyz 4 7 ... by kranthimutyala Path Finder in Splunk Search 11-12-2019 0 3	0	3
Custom IP Reputation Hi My end goal is to create a custom IP reputation table that tracks successful and failed logins by IP address and... by bbraun New Member in Splunk Search 11-12-2019 0 2	0	2
union search with same field from different sourcetype I have two sources as below: source x: CreateTime, CreateUser,ChangeTime,ChangeUser,....... 2019/0... by lllidan New Member in Splunk Search 11-11-2019 0 2	0	2
Extract fields from multiple events based off of min( id ) and max(id) by a common field. I would like to extract the time, did, and callerid from the event with the min(id) by apiid Additionally, extract ex... by fmatera Explorer in Splunk Search 11-11-2019 0 4	0	4
How to join two fields in a source with one field in another source? I have events from one source that look like: source=foo fieldA=100 source=foo fieldB=200 source=foo fieldA=300 fie... by justinnaldzin Engager in Splunk Search 11-11-2019 3 7	3	7