Splunk Search

Community Activity

How to calculate the difference between two fields on two paired events matched via the contents of a third field? Trying to calculate out a "TransactionTime" time by pairing two events by one matching field (ECID) and then working ... by jamesofthedead8 Explorer in Splunk Search 10-28-2019 0 4	0	4
How to run stats for just user and return values for other fields? I have the following search looking for > three login attempts with > 0 successes and two or > failures by user, src,... by jwalzerpitt Influencer in Splunk Search 10-28-2019 0 6	0	6
Could not construct lookup Hi, I'm having an issue with a splunk lookup and I can't work out what the issue is. I have a lookup file, that amon... by gopenshaw Explorer in Splunk Search 10-28-2019 0 1	0	1
Why only one condition works for where clause in a tstats search Hi Splunkers, when I set 2 conditions for the same field to where stanza - I get 0 results. Example: \| tstats summa... by evelenke Contributor in Splunk Search 10-28-2019 1 6	1	6
How to create a search to alert me when a user is part of one or more groups in a specific OU? I'm having trouble writing a query in splunk to notify me when a user has been added to one or more groups in a speci... by loza176 New Member in Splunk Search 10-27-2019 0 4	0	4
How do I subtract values from different events and fields based on a common field? Please help, I'm stuck on this problem for a while. Basically, lets say I have different events with fields like this... by thomaszheng New Member in Splunk Search 10-26-2019 0 1	0	1
Sorting Question for joins I have been trying to sort this and I can not seem to be able to get it. index=uberagent* sourcetype=uberAgent:Syst... by jgillman Explorer in Splunk Search 10-26-2019 0 5	0	5
how to exclude sending logs to heavy forwarder which ends with a specific string using transforms.conf in cluster master? The following are my transforms.conf and props.conf in my cluster master transforms.conf [send_to_heavyforwarder]... by pavanae Builder in Splunk Search 10-26-2019 0 3	0	3
After configuring LDAP authentication with AD groups. Few users are unable to login although they belong to same AD group. We have newly setup the Splunk Environment in AWS platform where we have used LDAP authentication method and created ... by shashwatsandeep New Member in Splunk Search 10-25-2019 0 1	0	1
Can you help me extract the following field using regular expression? I want to extract the Autosys_Job from the below log snippet and so used the below rex. Log Snippet : Query : rex ... by Deepz2612 Explorer in Splunk Search 10-25-2019 0 2	0	2
Is it possible to define multiple evals as default for each search? Hi, I would like to know whether it is possible to perform something like this per default for each and every search... by HeinzWaescher Motivator in Splunk Search 10-25-2019 0 4	0	4
Rounding off percentage values in pie chart not working? I displayed the percentage values by enabling this: <option name="charting.chart.showPercent">1</option> And I t... by lsy9891 Engager in Splunk Search 10-25-2019 0 1	0	1
Calculate average on two different times I want to get a 7 day and 30 day average in a single search. sourcetype="businessService" OR sourcetype="bpmservice-... by aohls Contributor in Splunk Search 10-25-2019 0 3	0	3
Use strftime eval in same query I am trying to create a search that evaluates today's date and uses that output string/field as part of the search: ... by jsmithn Path Finder in Splunk Search 10-25-2019 0 7	0	7
Understanding map command I am banging my head trying to understand the map command and how it works. I have one search that returns values:... by mtrochym Observer in Splunk Search 10-25-2019 0 4	0	4
How to compare fields from csv and search, then add the result as a new column Hello, I'm having a little trouble solving this one. I managed to extract all hosts in Splunk in a table with events... by romainbouajila Path Finder in Splunk Search 10-25-2019 0 9	0	9
Multiple Join/outer within same search Hi I have a very wierd requirement to transform the result of my search EMPLOYEE, BOSS ERIC, CHRIS CHRIS, MACK ... by eddy_liao Engager in Splunk Search 10-25-2019 1 3	1	3
How do I get max for all events to use in timechart 1h span? (this may be a duplicate, as I wrote a version of this question before registering and can't find it) I have a situa... by digable1 New Member in Splunk Search 10-25-2019 0 2	0	2
Breaking of one field values into 2-3 different fields Hi, I have a field called Location and It have data like Call Type, Site, Wing and Room all in just one field called... by mohammedk01 Explorer in Splunk Search 10-25-2019 0 4	0	4
How to concatenate the two search results in single email report. We have two different scheduled search and it is providing the two different result. I would like send the both of th... by kartm2020 Communicator in Splunk Search 10-25-2019 0 1	0	1
Regex generation I have the below set of events where I wanted to write regex to capture only the last word Kindly help by Deepz2612 Explorer in Splunk Search 10-25-2019 0 3	0	3
Time conversion from milliseconds to break down to days hours minutes seconds I have been working on a search that gives a duration breakdown. I am trying to achieve: thehost theip c... by reneedeleon Engager in Splunk Search 10-25-2019 0 22	0	22
disable drill down on statistics table for last row I have a table as shown below team open>3 days open>4 days Avg_days_task_open A 2 4... by vkrishnachand New Member in Splunk Search 10-25-2019 0 1	0	1
How to append column total to column name? I have data something like this Name. Accepted Rejected Posted Total Change ... by sandeepmakkena Contributor in Splunk Search 10-25-2019 1 4	1	4
I want to include field values which have the latest timestamp value for a particular field events are like this : number = INCXXXXXX dv_sys = yyyy-mm-dd hh:mm:ss group = lx ........ for a particular value of ... by bineetadas New Member in Splunk Search 10-25-2019 0 2	0	2