Splunk Search

Community Activity

How to add additional columns in search results based on the field I've a search like this: (api=*/getUser) OR (api=/api/v1/addUser component=Comp1) OR (api=/api/v1/addUser component=... by email2vimalraj New Member in Splunk Search 10-03-2019 0 1	0	1
Having append issues in joining searches and combining the results Hello Experts Actually I am trying to join the results of two searches. There are 3 indexes 1a,2b, and 3c with many... by gopiven Explorer in Splunk Search 10-03-2019 0 2	0	2
Peak hour count of most Visited Pages Hi, I am working on a query to get the peak hour count of of the top 100 visited pages on my website and i want this ... by Shashank_87 Explorer in Splunk Search 10-03-2019 0 4	0	4
What is the proper way to make user-prefs settings take effect? I am trying to to default particular roles to particular apps by including default_namespace in a user-prefs file ins... by twinspop Influencer in Splunk Search 10-03-2019 0 1	0	1
Result of two different search Hello , i have a csv file that contains the list of all existing services, and i have a search already created that... by aalaa Path Finder in Splunk Search 10-03-2019 0 2	0	2
help on a count for doing a pie chart hi From the code below, I need to do a pie chart with 2 labels I am doing a first count in order to count the events... by jip31 Motivator in Splunk Search 10-03-2019 0 4	0	4
how to show start ,end time , duration in a table Hi Experts , I know this can be achieved in splunk , I have data like below name,status,date erp,200,2019-10-01 08... by vikas_gopal Builder in Splunk Search 10-03-2019 0 2	0	2
How to calculate peak hour count along with requested content Hi, I am working on a query to get the peak hour count of of the top 100 requested pages on my website and i want thi... by Shashank_87 Explorer in Splunk Search 10-03-2019 0 4	0	4
How to subtract values from two different fields but successive fields as shown below? group count SubTotal Desired_Field WEEK1 9 36 36 WEEK2 1 36 27 WEEK3 3 36 26 WEEK4 7 36 23 WEEK5 2... by dinkarvidyarthy New Member in Splunk Search 10-03-2019 0 0	0	0
How to make index-time field extraction work for REST API receiver input? I have INDEXED_EXTRACTIONS = json and TIMESTAMP_FIELDS = my_timestamp_field in [my_json_type] stanza. This works whe... by yuanliu SplunkTrust in Splunk Search 10-03-2019 0 0	0	0
How to calculate the "adjusted mean" or "least square mean" in splunk? What I currently have, name=EVENT_1 \| stats count(metrics.time), median(metrics.time, mean(metrics.time) by name ... by conky2019 New Member in Splunk Search 10-03-2019 0 0	0	0
Is it possible to search for a value in ALL columns? I have a known value (eg. "rabbit") that I want to search for but it is in a unknown column in a large csv. Is it po... by akke Explorer in Splunk Search 10-03-2019 0 1	0	1
Extract Fields with JSON with spath for Data model Now i very interested with command Spath of Splunk, can auto extract values JSON. But i can't extract it to field in ... by longnh26 New Member in Splunk Search 10-03-2019 0 0	0	0
各フィールドのデータを集計し、timechartで期間ごとのデータに纏めたいご教授ください。複数のフィールドにそれぞれの集計数が設定されています。これの一部を集計し、timechartで表現したいのですが、フィールドの中身の合算する方法が分かりません。・やりたいこと例以下のフィールドを持つ A,B... by tonakano Engager in Splunk Search 10-03-2019 0 2	0	2
display results that happened in a 5 minute period during a 24hr search Hi, I have a failed logon search which includes: \| stats count by user, ComputerName \|search count >3 earliest=now(... by sdewar83 Path Finder in Splunk Search 10-02-2019 0 3	0	3
How to find the start time of the same error being spammed So I am having an issue where my Splunk logs from a particular source type pumps out trillions and trillions of logs ... by kevinfehrenbach New Member in Splunk Search 10-02-2019 0 2	0	2
Accidentally deleted main index - Need help I am new to splunk and while exploring tried the command index=main \| delete. Is there a way I can have the main ind... by chozha New Member in Splunk Search 10-02-2019 0 2	0	2
Timechart Max I am new to splunk and I do not understand why this is giving me the same result. There are 3 different site_names I ... by jgillman Explorer in Splunk Search 10-02-2019 0 2	0	2
Time Conversion - Elapsed Time I have time stamps in the format of H:MM. But when the minutes reach 60 they don't add an hour only when the number ... by jordanb93 Explorer in Splunk Search 10-02-2019 1 13	1	13
How to exclude duplicate events based on a field value in another event? Hi, I have an "asset discovery" type of query that uses a CSV and 4+ indexes, and produces tens of thousands of resul... by russell120 Communicator in Splunk Search 10-02-2019 0 5	0	5
filter logs containing a specific string in username field so that they won't transfer to heavy forwarder from indexer using transforms.conf? I have filter applied in transforms.conf as follows [send_to_heavy_forwarder] CAN_OPTIMIZE = True CLEAN_KEYS = True ... by pavanae Builder in Splunk Search 10-02-2019 0 6	0	6
Unable to filter for a time range when using saved searches I have a saved search that has a time range of All time. The saved search contains eval and stats functions that I wa... by orion44 Communicator in Splunk Search 10-02-2019 0 2	0	2
Regex on multiline event - how to match multiple occurences of a matching group? About the source I have a SQL report scheduled every 15 minute reporting the status of queues in our case handler sy... by rune_hellem Contributor in Splunk Search 10-02-2019 0 8	0	8
compare output of a search to a lookup file Hello , I have a csv lookup file that contains all Oracle services, at the same time I have a search that gives me ... by aalaa Path Finder in Splunk Search 10-02-2019 0 3	0	3
How to extract 'program.exe -switch' from the log and create new field to display with table command Hey guys, I have a log that contains a lot of data but from that, I want to extract 'program.exe -switch' from the l... by nnaik Explorer in Splunk Search 10-02-2019 0 5	0	5