Splunk Search

Community Activity

What is the most efficient way to calculate totals for variable fields? I have a summary indexed search that runs every 10 minutes, totaling our total unsanctioned email usage. Each unsanc... by wilcompl1334 Explorer in Splunk Search 10-01-2019 0 2	0	2
Is it possible to replace a number with letter grade in dashboard? I have created a dashboard that shows a single number based on the vulnerabilities in a group of devices. I'm wonderi... by wlandymore New Member in Splunk Search 10-01-2019 0 3	0	3
Is the "configuration bundle" only for clusters.? Hi Is the configuration bundle only for clusters? If so what do you do for non-clustered to give all your indexers ... by robertlynch2020 Influencer in Splunk Search 10-01-2019 0 1	0	1
Splunk showing 2 different times Hello! in the process of checking time on our Splunk server, I came up with some puzzling results. If I do a search... by jensterddcaa New Member in Splunk Search 10-01-2019 0 1	0	1
Is it possible to replicate bash script generated lookup across search head cluster? Hi folks, I am using a bash script to download data to populate a CSV that I'd like to use as a lookup in Splunk. S... by milesmedboe Explorer in Splunk Search 10-01-2019 0 1	0	1
Keep track of max count. Mysesarch \| stats avg(time) as "median", max(time) as MaxMedian max(time99) as "Max99th", max(time999) as Max999th by... by sandeepmakkena Contributor in Splunk Search 10-01-2019 0 1	0	1
Increase results per page I'm on Splunk 6.3.3 in my drop down for results per page, my available options are 10 per page, 20 per page and 50 pe... by locose Path Finder in Splunk Search 10-01-2019 0 2	0	2
Stats table drilldown help I want to create a drill down that will go from a value on a stats table a time chart for the clicked pool name in a ... by codedtech Path Finder in Splunk Search 10-01-2019 0 1	0	1
How can we set time filter on click from table view? Is there a way we can pass epoch time from click of the table cell and set it to time filter of Splunk? by Nisarg New Member in Splunk Search 10-01-2019 0 2	0	2
How to populate statistics listing all the names where both status=FAIL and status=Success exist A sample set of logs with fieldnames (time, name, and status) from one index=test 1. name=X1 status=FAIL time=7am 1.... by limalbert Path Finder in Splunk Search 09-30-2019 0 6	0	6
stats\timechart after timechart \| timechart span=10m avg(Value) as AV by Host useother=false after running this query - I get desired values for a... by reverse Contributor in Splunk Search 09-30-2019 0 3	0	3
How to create a search to do a count on the latest event only? hi I want to do a count the last event of a subsearch I am doing "stats count last" but it doesnt works what I have t... by jip31 Motivator in Splunk Search 09-30-2019 0 2	0	2
Compare IP_address field in 2 indexes and ignore the data with the same values / or matches and display the rest. Want to run a report by comparing 2 indexes on " IP_Addresses" field. Ignore any matching " IP addresses" (If... by learningnow New Member in Splunk Search 09-30-2019 0 1	0	1
Does someone have a lookup table for user agent strings (browser, os, versions, ect.) that they can share? I've seen a Python script and App for this, but not a lookup table. Since my admin is not willing to install either o... by swb03 Explorer in Splunk Search 09-30-2019 3 6	3	6
compare find missing values from two indexes same field heading /name Trying to create a report using two indexes on same field "Pcname". Different datatype one of from Active Directo... by learningnow New Member in Splunk Search 09-30-2019 0 2	0	2
How to get stdev and avg from a multi column timechart for eventflow trends Hello! I want to compare my event flow rate from the benchmark (last 21 - last 7 days [14 days in total] to the last... by wlcv Observer in Splunk Search 09-30-2019 0 1	0	1
Abandon Rate Hi, I am trying to find the abandonment rate for users who started the registration process but didnt complete it wit... by vibhorkhanna New Member in Splunk Search 09-30-2019 0 3	0	3
PREAMBLE_REGEX I've got a log file I'd like to have the Universal Forwarder watch and index, but there are 34 lines at the beginning... by jmcrabb Explorer in Splunk Search 09-30-2019 3 9	3	9
Why is multiple stats count eval not working? SEARCH \| stats count(eval(Status="1")) as Assigned count(eval(Status="2")) as In_progress, count(eval(Status="3")) as... by onegame999 Explorer in Splunk Search 09-30-2019 0 1	0	1
How to search for latest case output My search looks something like this: index=name \| eval request=case(X, Y, X, Y, X, Y) \| stats latest(request) as Req... by rlippincott Explorer in Splunk Search 09-30-2019 0 4	0	4
"An error occurred while fetching data" using a base search in a SH cluster Here is the case: I've build a dashboard with 6 graphs/tables all using the same base search. It works like a charm ... by dkoops Path Finder in Splunk Search 09-30-2019 0 7	0	7
How do I write the regular expression to extract the domain name from email addresses in SMTP logs? Hi, I am really new to Splunk and Regular Expression stuff. I was planning to extract just the domain names of all e... by jspvkey Explorer in Splunk Search 09-30-2019 0 7	0	7
please help on how to achieve the below kind of lookup/rename for 100+ fields of my events My event log has comma separated field values of 100+ fields. Each field can have about 2-15 different values. Exampl... by smiththebest New Member in Splunk Search 09-30-2019 0 3	0	3
how to add same values totals in the field Status Count Failed 2 Passed 16 Skipped 22 Failed 66 Passed 7 Skipped 8 Please help me out on how to add the va... by haripriyasarve1 Explorer in Splunk Search 09-30-2019 0 1	0	1
Dedup command not working after using the stats list command When I am running the following search: index=main sourcetype="access_combined_wcookie"\| stats list(useragent) as Br... by kmrkunal New Member in Splunk Search 09-29-2019 0 2	0	2