Splunk Search

Community Activity

How to compare search result for first 15 min and last 45 min? Following is the result we got Action_ Name Time Count ABC 1:15 AM 100 ABC 1:30 AM 200... by salavilli0611 New Member in Splunk Search 09-16-2019 0 2	0	2
Search head core network, Free Disk, CPU used, memory free %... which index I use there are index =os and index=_internal . Index=os, where there all info about OS performance data of servers (host),... by htramtran83 Explorer in Splunk Search 09-16-2019 0 1	0	1
How to get total count of events excluding specific time range for certain days? Can anyone please help? I want to display the total count of events occurred in a week (but excluding specific day/t... by sahil237888 Path Finder in Splunk Search 09-16-2019 0 2	0	2
How to make column headers multi-lined I wish to have a chart where column headers are broken into three lines and row ones into two base search\| \|eval sep... by ChrisCLewis Communicator in Splunk Search 09-16-2019 0 0	0	0
How to count the numbers of occurrence for two value I have the following search: sourcetype="placingOrder" Code=504 host="localhost*" \| stats count by Path The output... by JyotiP Path Finder in Splunk Search 09-16-2019 0 7	0	7
Force users to always use "optional" field with built-in SPL command I'd like to ensure that all users on my search head are forced to include a specific field (along with a specific val... by brinley Path Finder in Splunk Search 09-16-2019 1 0	1	0
RegEx Help Needed Hi guys, I'm a complete newbie when it comes to RegEx, but I was wondering if someone could please advise on how I c... by danfinan Explorer in Splunk Search 09-16-2019 0 6	0	6
Dynamic trim of field at both start and end Hi, i have a field that i need to trim. The field can have a number of different strings, for which i want to trim ev... by ramgnisiv Path Finder in Splunk Search 09-16-2019 0 2	0	2
How to produce a table visualization that spans time? The following SPL returns data for all returns for a day. How can I just return the maximum return for the day? Exam... by sjlaplac Loves-to-Learn Lots in Splunk Search 09-16-2019 0 3	0	3
Total Account lockouts > 2 within 30mins Hi There, I am trying to find where total account lockouts that are greater than 2 within the time frame of 30 mins.... by siddh01r New Member in Splunk Search 09-16-2019 0 4	0	4
regex in lookup file I want to match a reg ex pattern (e.g. "aaa\s+:\d\d") from a lookup file. pattern,output_value "aaa\s+:\d\d:", 2 "aa... by ankitarath2011 Path Finder in Splunk Search 09-16-2019 0 2	0	2
Splunk Query Help- Summary index - Compare all data of - solutionType=* Hi Team, I am using the below command to get the last 4 weeks of data solutionType=EML. index=sample1 "com.URL.con... by harkirat9712 Explorer in Splunk Search 09-15-2019 0 0	0	0
How to search only sourcetypes that began ingestion in last 7 days Hi, I'm very much a Splunk novice, but I've been playing around with trying to do some health checks for Splunk so w... by sdewar83 Path Finder in Splunk Search 09-15-2019 0 2	0	2
Same query run multiple times returns different results I got a different result count when I executed this query a week before, and when I executed it today. The first time... by rey123 Path Finder in Splunk Search 09-15-2019 0 5	0	5
Field extraction gauge="ProcessorResponse.Country[US]Processor[ApgProcessor]PaymentType[VISA] DECLINE" is one of the field. I am tryin... by sandeepmakkena Contributor in Splunk Search 09-15-2019 0 3	0	3
pattern based indexing is not working for some events I am using pattern base indexing like below that is if i have splunk_send and app host in event i m trying to discard... by vasanthi77 Explorer in Splunk Search 09-15-2019 0 2	0	2
How to create radial gauges for each channel from this query ? Hi, I know that we can create radial gauges using aggregate values but I've selected the radial gauge visualization ... by lsy9891 Engager in Splunk Search 09-15-2019 0 1	0	1
Inconsistent number of results I have a search that generates different number of results and I can't figure out why.. Here's my search: sourcety... by gelica Communicator in Splunk Search 09-14-2019 2 12	2	12
How to pick latest updated file from today I have a file, which will be updated multiple times in a single day and the it will be indexed into splunk multiples ... by PC00128849 New Member in Splunk Search 09-14-2019 0 1	0	1
Why is the same search returning different results each time it is run? I use Splunk to calculate user's Internet hits. There are about 710 thousands entries. I searched several times, but ... by pop1989 Explorer in Splunk Search 09-14-2019 0 4	0	4
subnet information I have subnet lookup in cidr notation. so i am trying to print subnet detail with dest ip but not getting result. qu... by nishit_92 Explorer in Splunk Search 09-14-2019 0 2	0	2
looping through all rows of lookup file and match Hi, I have a lookup file with following structure. pattern,output_value "aaa\s+:\d\d:", 2 "aaa\s+:\d:", 1 For m... by ankitarath2011 Path Finder in Splunk Search 09-14-2019 0 7	0	7
Extracting field data from alert to be emailed I have an alert configured to automatically send an email upon a user account locking. I'm looking for the email to o... by reaver3020 New Member in Splunk Search 09-14-2019 0 1	0	1
How to get results only if search field contains a word in the lookup table If I have a search result which has a field named "Field1" and It has values like : This is Word1 now. This is Word2 ... by ashishmgupta Explorer in Splunk Search 09-14-2019 0 1	0	1
Lookup table for lot of fields My event log has comma separated field values of 100+ fields. Each field can have about 2-15 different values. Exampl... by smiththebest New Member in Splunk Search 09-14-2019 0 0	0	0