Splunk Search

Community Activity

Basic lookup command Hi all, I am curious the best way to write the following lookup query. I have a 1 column lookup of firewall rule na... by clozach Path Finder in Splunk Search 10-15-2019 0 3	0	3
value of field Hi, I need to take data from field Source and calculate this data : http_400100/Total+http_500100/Total+http_300*1... by pudanelilita Explorer in Splunk Search 10-15-2019 0 3	0	3
How to resolve the below issue ? I have the following query which is giving me all the api which cache value is HIT or MISS. host=localTest sourcet... by JyotiP Path Finder in Splunk Search 10-15-2019 0 1	0	1
Stand out values in Splunk Hi, I have an out of the box query in Splunk. I am trying to find out a way using which we can stand out or highlight... by Shashank_87 Explorer in Splunk Search 10-15-2019 0 2	0	2
Time coversion not working index=asg Process_name=WLR_22-15_Rating earliest =-5m \| convert timeformat="%d-%M-%Y-%H:%M:%S" mktime(start_dtm) mkt... by nwoolley Engager in Splunk Search 10-15-2019 0 4	0	4
Why is timechart showing OTHER for some values? process_inst_id=258600,process_def_id=30,process_name=MIWrite,start_dt=08-OCT-2019-07:39:49,end_dt=,completed=N,runni... by nwoolley Engager in Splunk Search 10-15-2019 0 3	0	3
Help with regex in getting the value out of a certain word Hi everyone. Im not very good in doing regex. I would like to ask for you help here. The situation is to get a certai... by mrccasi Explorer in Splunk Search 10-15-2019 0 3	0	3
Match partial value of 2 fields Hi All, I have a dashboard that accepts user input for a username to search emails. Im trying to display Recipients ... by geraldcontreras Path Finder in Splunk Search 10-15-2019 0 9	0	9
Splunk Query The Splunk report below returns ‘shipping points’ (warehouse codes). Using the lookup table (also below), our job is ... by pratapa Explorer in Splunk Search 10-15-2019 0 0	0	0
pie chart problems Hi, I'm trying to create a pie chart and running into unexpected problems. I have a search that gives me the proper ... by a212830 Champion in Splunk Search 10-15-2019 0 3	0	3
Discrepany in "Count" My requirement is to detect login attempts by a disabled user. Typically this could be found using eventcode 4768 an... by willadams Contributor in Splunk Search 10-15-2019 0 7	0	7
Correlate data name to text line // Lookup maybe ? Hello, i have the following problem. When i start my bukkit server (Minecraft) and join with a Player, the server wi... by klischatb Path Finder in Splunk Search 10-15-2019 0 2	0	2
How do I operate on (and search from) sub-properties matching a pattern. I have messages that look like: { timers: { x.y.zaz{ count: 5 }, x.y.waw{ count: 5 } } } I would ... by npxcomplete New Member in Splunk Search 10-14-2019 0 2	0	2
Cumulative Distinct over time from the start of the selected time range Hi, I need to find out distinct number of users over time per hour. I have managed to reach the below query: \| time... by cbhattad Path Finder in Splunk Search 10-14-2019 1 4	1	4
Unable to filter out lookup table values I'm trying to filter out false-positive domains in a search of DNS events by using NOT on the ut_domain field of the ... by browncardigan Path Finder in Splunk Search 10-14-2019 0 4	0	4
How to convert _time to mm/dd/yyyy Day H:M:S AM/PM My _time format reads 2019-10-13 04:19:21 I try to convert this _time value to the format mm/dd/yyyy day h:m:s AM or ... by vnguyen46 Contributor in Splunk Search 10-14-2019 0 4	0	4
Display job time with total run and runtime of subtasks I am not sure the best way to ask this but we have a job with subtasks, and the subtasks have subtasks. I wanted to g... by aohls Contributor in Splunk Search 10-14-2019 0 1	0	1
access search results for search upon login Hi, Sorry, a very n00b question and i apologise if this is in the doco but i couldnt find anything in the search doc... by sdewar83 Path Finder in Splunk Search 10-14-2019 0 2	0	2
How do I get Automatic Lookup to handle null value lookups? My automatic lookup csv file is using say 2 columns; Col1 & Col2. Row entries are 'Success' & 'Failure' in Col1. Co... by khudson3 New Member in Splunk Search 10-14-2019 0 13	0	13
Routing data to specific index based on REGEX on Heavy forwarder , regex expression is from JSON data. Hi All, Unable to route the json logs based on a a keyword (regex ) "MyService_DataApp" on the event to a particula... by mahesh423 Explorer in Splunk Search 10-14-2019 0 3	0	3
How to get aggregate total of 3 months of response times in chart I've created a search to chart the average response times of each application over the past 3 months. How would I ge... by fisuser1 Contributor in Splunk Search 10-14-2019 0 1	0	1
How to track the bundle size on indexers over time Hi all, I wanted to set up an alert to monitor the bundle size if the size is about to reach the limit. I am able to... by splunkrocks2014 Communicator in Splunk Search 10-14-2019 0 7	0	7
How to combine multiple time fields in order to create a full date for an event occurrence I currently have 3 different fields that contain parts of a date that must be put together to give a full time. I hav... by asewell97 New Member in Splunk Search 10-14-2019 0 3	0	3
show top 5 CPU Usage vom VMware Hosts Hi Splunkies, this is my search: index="vmware-perf" sourcetype="vmware:perf:cpu" hypervisor_id="*" \| join hyperviso... by pduvofmr Path Finder in Splunk Search 10-14-2019 0 12	0	12
How to ignore concrete rows from csv file before indexing? Hi, I spent really a lot of time, but found no solution. Here is my problem. There is CSV file, which should be inde... by spisiakmi Contributor in Splunk Search 10-14-2019 0 3	0	3