Splunk Search

Community Activity

	help for doing a pie chart from 2 subsearch hi I have the search below `test` [\| inputlookup host.csv \| table host \| rename host as USERNAME ] ... by jip31 Motivator in Splunk Search 10-06-2019 0 7	0	7
	Good design ? so I have 1000 pages in my application .. I want to check which pages are performing poorly ... a trend .. I am thi... by reverse Contributor in Splunk Search 10-05-2019 0 5	0	5
	extracting value from complex JSON Hi, need help on how to extract dat from this JSON. i have used spath to extract a part of my JSON to get this data s... by mcohen13 Loves-to-Learn in Splunk Search 10-05-2019 0 4	0	4
	Return only those events who exist in consecutive time bins So I'm working on a search that returns standard network stuff and using a bin to bucket the data by a day. Something... by jpawloski Path Finder in Splunk Search 10-05-2019 0 2	0	2
	Drilldown Search Removing Math Operators I am using the new Drilldown feature in Splunk Enterprise 6.6 to drilldown to a search. In the Drilldown Editor dial... by mstark31 Path Finder in Splunk Search 10-04-2019 0 3	0	3
	Splunk query not giving me results HI All, Could any one help me in this on urgent basis: My query is malfunctioning : index=auto_prod_okta eventType... by punyanit Path Finder in Splunk Search 10-04-2019 0 4	0	4
	Joining two queries using Append and results are different Hello Experts Actually I am trying to join the results of two queries and show in dashboard. There are 3 indexes 1a... by gopiven Explorer in Splunk Search 10-04-2019 0 2	0	2
	How to generate timely fake event and compare with real event Hello all, how do I create a timely dummy event (without using "\|lookup" external file) to compare with the real gene... by egonstep Path Finder in Splunk Search 10-04-2019 0 5	0	5
	What's the difference between NOT and != ? It appears to us that NOT and != are different. It seems that != <val> implies that <val> is not empty. Is it right? by danielbb Motivator in Splunk Search 10-04-2019 0 3	0	3
	How to pass earliest / latest parameters to a macro from a map section ? Hello everyone, I'm stuck since many days trying to understand what is preventing Splunk from passing arguments to t... by eric_d New Member in Splunk Search 10-04-2019 0 2	0	2
	Advanced filtering on \|inputlookup command A large kv lookup table (>2M entries and growing) holds metadata and is processed on a regular schedule to solve some... by ololdach Builder in Splunk Search 10-04-2019 0 3	0	3
	Lookup csv file not producing correct results Hello, I have a lookup file called fs_src_mac_tg.csv has two columns: src_mac and exists src_mac = a list of mac addr... by wtaylor149 Explorer in Splunk Search 10-04-2019 0 8	0	8
	Timechart automatic high resize Hi, I've got a timechart with different columns (depending on the search). If I don't get many columns, the high of ... by ea7777777 New Member in Splunk Search 10-04-2019 0 2	0	2
	Dew Point Calculation I am trying to produce or calculate the Dew Point in Celsius of data in two separate indexes. I believe the offcial ... by adrianrepublic Explorer in Splunk Search 10-04-2019 0 4	0	4
	Regular expression in log message I'm struggling now. Could you please help me? There are two hosts. they have same log data. the host name is differ... by nanachu Path Finder in Splunk Search 10-04-2019 0 3	0	3
	Join not working index="event" \| rex field=Macaddress mode=sed "s/(.{2})/\1-/g s/-$//" \| rename Macaddress as "macAddress" \| eval Se... by kavyamohan Explorer in Splunk Search 10-03-2019 0 3	0	3
	Search to find the timestamp of each (Login, Logout, Expire) keyword from _raw and log file last updated time Hi Guys, Can anyone please help me in the below search. I want the name of all logfiles with details of keywords fro... by sahil237888 Path Finder in Splunk Search 10-03-2019 0 2	0	2
	extract url and product. mess.url= /ae-business/shop/question/answer/product/HHRM2M/B?furl=bd2b75a1e85553a64aa4df2c47c93e049ccfe0d07f5dc518f95... by sandeepmakkena Contributor in Splunk Search 10-03-2019 0 4	0	4
	event count comparison with today vs yesterday vs last week vs prior week Hi, I have two strings like "opend" and "exited" in the events. So i need to count how many opened and exited today a... by john_q Explorer in Splunk Search 10-03-2019 0 4	0	4
	Find average when using group by Here is my query index="search_index" search processing_service \| eval time_in_mins=('metric_value')/60 \| stats a... by balash1979 Path Finder in Splunk Search 10-03-2019 0 3	0	3
	Map command maxsearches unexpected behavior I have the search below: index=stats_summary dest_ip=172.* \| dedup src_ip dest_ip\| map maxsearches=100 search="\| i... by gkapitany Explorer in Splunk Search 10-03-2019 0 4	0	4
	How to compare values from 2 different rows? Good afternoon could someone help me with this query: I have the following values \| users \| Age \| user1 \| 99 u... by efaundez Path Finder in Splunk Search 10-03-2019 0 2	0	2
	How to compare values from 2 different rows? Good afternoon could someone help me with this query: I have the following values \| users \| Age \| user1 \| 99 u... by efaundez Path Finder in Splunk Search 10-03-2019 0 3	0	3
	How do you combine info from multiple events but for one customer in one table. How do you combine info from multiple events but for one customer in one table or dashboard? For example: Event1: C... by cspaid75 New Member in Splunk Search 10-03-2019 0 1	0	1
	How to add additional columns in search results based on the field I've a search like this: (api=*/getUser) OR (api=/api/v1/addUser component=Comp1) OR (api=/api/v1/addUser component=... by email2vimalraj New Member in Splunk Search 10-03-2019 0 1	0	1