Splunk Search

Community Activity

How to subtract values from two different fields but successive fields as shown below? group count SubTotal Desired_Field WEEK1 9 36 36 WEEK2 1 36 27 WEEK3 3 36 26 WEEK4 7 36 23 WEEK5 2... by dinkarvidyarthy New Member in Splunk Search 10-03-2019 0 0	0	0
How to make index-time field extraction work for REST API receiver input? I have INDEXED_EXTRACTIONS = json and TIMESTAMP_FIELDS = my_timestamp_field in [my_json_type] stanza. This works whe... by yuanliu SplunkTrust in Splunk Search 10-03-2019 0 0	0	0
How to calculate the "adjusted mean" or "least square mean" in splunk? What I currently have, name=EVENT_1 \| stats count(metrics.time), median(metrics.time, mean(metrics.time) by name ... by conky2019 New Member in Splunk Search 10-03-2019 0 0	0	0
Is it possible to search for a value in ALL columns? I have a known value (eg. "rabbit") that I want to search for but it is in a unknown column in a large csv. Is it po... by akke Explorer in Splunk Search 10-03-2019 0 1	0	1
Extract Fields with JSON with spath for Data model Now i very interested with command Spath of Splunk, can auto extract values JSON. But i can't extract it to field in ... by longnh26 New Member in Splunk Search 10-03-2019 0 0	0	0
各フィールドのデータを集計し、timechartで期間ごとのデータに纏めたいご教授ください。複数のフィールドにそれぞれの集計数が設定されています。これの一部を集計し、timechartで表現したいのですが、フィールドの中身の合算する方法が分かりません。・やりたいこと例以下のフィールドを持つ A,B... by tonakano Engager in Splunk Search 10-03-2019 0 2	0	2
display results that happened in a 5 minute period during a 24hr search Hi, I have a failed logon search which includes: \| stats count by user, ComputerName \|search count >3 earliest=now(... by sdewar83 Path Finder in Splunk Search 10-02-2019 0 3	0	3
How to find the start time of the same error being spammed So I am having an issue where my Splunk logs from a particular source type pumps out trillions and trillions of logs ... by kevinfehrenbach New Member in Splunk Search 10-02-2019 0 2	0	2
Accidentally deleted main index - Need help I am new to splunk and while exploring tried the command index=main \| delete. Is there a way I can have the main ind... by chozha New Member in Splunk Search 10-02-2019 0 2	0	2
Timechart Max I am new to splunk and I do not understand why this is giving me the same result. There are 3 different site_names I ... by jgillman Explorer in Splunk Search 10-02-2019 0 2	0	2
Time Conversion - Elapsed Time I have time stamps in the format of H:MM. But when the minutes reach 60 they don't add an hour only when the number ... by jordanb93 Explorer in Splunk Search 10-02-2019 1 13	1	13
How to exclude duplicate events based on a field value in another event? Hi, I have an "asset discovery" type of query that uses a CSV and 4+ indexes, and produces tens of thousands of resul... by russell120 Communicator in Splunk Search 10-02-2019 0 5	0	5
filter logs containing a specific string in username field so that they won't transfer to heavy forwarder from indexer using transforms.conf? I have filter applied in transforms.conf as follows [send_to_heavy_forwarder] CAN_OPTIMIZE = True CLEAN_KEYS = True ... by pavanae Builder in Splunk Search 10-02-2019 0 6	0	6
Unable to filter for a time range when using saved searches I have a saved search that has a time range of All time. The saved search contains eval and stats functions that I wa... by orion44 Communicator in Splunk Search 10-02-2019 0 2	0	2
Regex on multiline event - how to match multiple occurences of a matching group? About the source I have a SQL report scheduled every 15 minute reporting the status of queues in our case handler sy... by rune_hellem Contributor in Splunk Search 10-02-2019 0 8	0	8
compare output of a search to a lookup file Hello , I have a csv lookup file that contains all Oracle services, at the same time I have a search that gives me ... by aalaa Path Finder in Splunk Search 10-02-2019 0 3	0	3
How to extract 'program.exe -switch' from the log and create new field to display with table command Hey guys, I have a log that contains a lot of data but from that, I want to extract 'program.exe -switch' from the l... by nnaik Explorer in Splunk Search 10-02-2019 0 5	0	5
Comparing multiple fields from multiple inputs So I've found many questions that are similar to what I'm trying to do here but not quite the same and I've not been ... by jmich0823 Engager in Splunk Search 10-02-2019 0 1	0	1
Why are the eval fields blank after join? Hi, I have the query below which involves 2 joins. I know joins are not the best way but I'm a Splunk noob and there ... by intelli2019 New Member in Splunk Search 10-01-2019 0 8	0	8
Does Splunk have a way to ingest this kind of format? Hi does anyone know how to ingest this in splunk basically this format is not a csv type but a special one. The ff. b... by ejmin Path Finder in Splunk Search 10-01-2019 0 4	0	4
Help tracking average completion time of a process in Splunk Below I have sample data from a process that Blue Prism outputs during each event in a process. I am trying to creat... by mateofrito New Member in Splunk Search 10-01-2019 0 2	0	2
How to search if a value from FieldA equals a value from FieldB, add the two values if true, and display both values with their sum? Hi guys, So I need to figure out how to see if the thing from field ip_source equals the thing from field ip_destin... by BITSIntern Path Finder in Splunk Search 10-01-2019 2 12	2	12
Chart colors by search values I have a column chart showing event counts based on host name from two different indexes: index="main" OR index="win... by balcv Contributor in Splunk Search 10-01-2019 0 6	0	6
Using splunklib.modularinput without making a class I've code that looks like this #!/usr/bin/env python # #############################################################... by jwhughes58 Contributor in Splunk Search 10-01-2019 0 1	0	1
How to List objects of an application I have an apps which has views, saved searches, field extractions and macros. Is it possible to list all the objects ... by somesoni2 Revered Legend in Splunk Search 10-01-2019 0 4	0	4