Splunk Search

Community Activity

	Divide the sum of all fields that end with X whose value == true with the sum of all fields that end with X whose value equals == true \| false Hello, My data looks like this: urlupdateid=4, urlid=1, payer=Aetna, EffectiveDate_datetype_correct=T, EffectiveD... by ruhtraeel Path Finder in Splunk Search 10-17-2019 0 4	0	4
	sorting names and couting Hi, new to Splunk I'm trying to sort out names from my logs files as such so far I have added a new filed "names" bu... by daisymedina101 New Member in Splunk Search 10-17-2019 0 3	0	3
	How to group search results for large amount of data? Hello, First all, forgive me I am new at using Splunk, hoping someone can help me out. We use our SPLUNK instance ... by tmuhieddine New Member in Splunk Search 10-17-2019 0 2	0	2
	How to multiply values within each daily record but group by month? I'm trying hard to achive the following, assume i have this data: DATE=2020-01-01 ITEM1=1 ITEM2=10 DATE=2020-01-02 I... by mkrauss1 Explorer in Splunk Search 10-17-2019 0 9	0	9
	How to create alert search using mstats I know that events and metrics use different index types. Does that mean I can't create an alert (outside of metrics ... by jstell Engager in Splunk Search 10-17-2019 0 2	0	2
	Filtering on specific multivalue field value How do I return results based on a specific value of a multivalue field? Example returns all results where the 1st v... by frbuser Path Finder in Splunk Search 10-17-2019 0 6	0	6
	How to create chart using web access logs as source and list all URIs How do I create a chart using web access logs as a source ? I want a list of all URI's which shows counts of error c... by pdave83 New Member in Splunk Search 10-17-2019 0 1	0	1
	Excessive Jobs / Optimized Search I have optimised my search as I can see but I have now run into a problem wherein my search is spawning 39 jobs on ea... by willadams Contributor in Splunk Search 10-17-2019 0 1	0	1
	inputs.conf - blacklist regex performance assistance Thank you in advance. Looking for some assistance with inputs.conf on Windows Systems. First, we modified inputs.co... by antb Path Finder in Splunk Search 10-17-2019 0 2	0	2
	Simple XML - Token inside eval if Hello, I have an eval if condition in my dashboard for my drilldown: <eval token="query">if('category'=="Total", "... by dojiepreji Path Finder in Splunk Search 10-17-2019 0 2	0	2
	Lookup table issues devices We have been using a lookup table for many customers who are separated via separate indexes. The table is simple bu... by adrianrepublic Explorer in Splunk Search 10-17-2019 0 0	0	0
	How can I carry over field values into future time buckets? I have three fields: order_number, status, and a timestamp for when that status became effective. There are three st... by DylanPCowan New Member in Splunk Search 10-17-2019 0 0	0	0
	Where do i find the non-scheduled searches under backend. iam able to see saved search under UI but not in savedsearches.conf. by Inayath_khan Path Finder in Splunk Search 10-17-2019 0 3	0	3
	Optimization / Post-Process Searches I am running into a concurrent search / disk quota limit with a custom app I have written. The app sits on my ES sea... by willadams Contributor in Splunk Search 10-17-2019 0 5	0	5
	How to display a modification on the active directory? Hello, I want to display a table with the different modifications made on AD ( group add, user creation/removing, etc... by episano New Member in Splunk Search 10-17-2019 0 2	0	2
	How to extract a field from raw using rex? SVSCPLEX,S0W1,S0W1.DAL-EBIS.IHOST.COM,SYSLOG,zOS-SYSLOG-Console,SYSLOG,-0400,NE,001C,19283 01.21.46.880 -0500,S0W1 ... by kavyamohan Explorer in Splunk Search 10-17-2019 0 2	0	2
	How can I calculate the max number of concurrent search on IDX? Hi, Splunker! I have a question about the max number of concurrent searches in indexer cluster and search head clust... by brandy81 Path Finder in Splunk Search 10-16-2019 0 2	0	2
	How to display the ratio of the sum of two fields? Hello, My data looks like this: urlupdateid=4, urlid=1, payer=Aetna, EffectiveDate_datetype_correct=T, EffectiveDate... by ruhtraeel Path Finder in Splunk Search 10-16-2019 0 4	0	4
	Splunk Listen Backlog Queue I have a client that is using Splunk enterprise using TCP, we've been monitoring the number of ListenOverflows, and i... by chrisgoffient New Member in Splunk Search 10-16-2019 0 1	0	1
	How to convert epoch time to a readable format? I'm currently creating a dashboard and need to put the time of an event into a readable format as I currently see a n... by asewell97 New Member in Splunk Search 10-16-2019 0 2	0	2
	foreach with more than one FIELD? Hello, In the code below, the first foreach sums the values in field A, and returns 21 (5+3+2+6+1+4=21). The second ... by hriazi Engager in Splunk Search 10-16-2019 0 2	0	2
	Can if function be used with sort? I am working on a dashboard that has a radio button that can change a search between the two of the following \| stat... by kamryn Explorer in Splunk Search 10-16-2019 0 2	0	2
	How to set search sorting supersedes the table sorting? Let's say I've already specified my filters and submitted my search with "sort" command in it. My search sorts the r... by rajyah Communicator in Splunk Search 10-16-2019 0 2	0	2
	Is it possible to change font style in Splunk 7.2.1? Recently Splunk in my organization got upgraded from Splunk 6.6.4 to Splunk 7.2.1 and the font style for table data g... by nagar57 Communicator in Splunk Search 10-16-2019 0 1	0	1
	How to create a linechart with Percentages via Timechart I'm looking to create a timechart that will show the percentage of success versus failure of 6 different fields over ... by giventofly08 Explorer in Splunk Search 10-16-2019 0 2	0	2