Splunk Search

Community Activity

Need to compare the last hour values of the fields with current one hour Hi, We are monitoring the transaction count. I need to verify the results of last one hour, if there is any decrease ... by kartm2020 Communicator in Splunk Search 09-13-2019 0 7	0	7
Help with dur2sec function not displaying Hi I am having an issue with the result of my dur2sec function not displaying. Here is the SPL. I am still new to s... by PBerry7538 New Member in Splunk Search 09-13-2019 0 2	0	2
How to post process this query to display timechart instead? Hi, I have this query that I use as a base search query. host=NETWEBA* sourcetype=iis NOT("ErrorGuid") cs_uri_stem=... by lsy9891 Engager in Splunk Search 09-13-2019 0 1	0	1
how to display a field two times in a table with the original values and after a rename of the values hi As you can see below, I am doing a stats with the field "process_name" In order to be more comprenhensive, I am d... by jip31 Motivator in Splunk Search 09-13-2019 0 4	0	4
Show result of multiple queries as rows of single Table (one query=one row) Hi, I have a multiple search queries for which I have created separate panels in Dashboard, each showing the output ... by harshal_chakran Builder in Splunk Search 09-12-2019 0 9	0	9
Any tips for setting up a production workflow that includes sandboxes, a test lab, and a production environment? We have an established Splunk Enterprise production environment that several departments use. Some people want to dev... by jmulcaster_splu Splunk Employee in Splunk Search 09-12-2019 0 1	0	1
Can a variable value which depends on a dropdown token be included in search? Hello everyone, I am trying to assign a value to "myVar", which depends on a dropdown token on my dashboard. The val... by efranke New Member in Splunk Search 09-12-2019 0 2	0	2
How to access data in rows of table and then search further using each of those values? Suppose I have logged data with certain fields like id, level, message etc. Ex: id:123 level:warn Message:xyz task i... by sai_shreyashi_p New Member in Splunk Search 09-12-2019 0 4	0	4
Search Help - Add Index to this _internal Search - And combine hosts I would like to add which index each of these hosts comes from in this search. index=_internal source=*/metrics.log ... by aferone Builder in Splunk Search 09-12-2019 0 5	0	5
join retrieving wrong results \| inputlookup fnms_copy1.csv \| eval MACaddress = replace(MACaddress,":", "") \| where MACaddress!=" " \| rename MACaddr... by harinivgr Explorer in Splunk Search 09-12-2019 0 0	0	0
How do you specify chart colours for a JSStack chart? I have a simple column chart with fields '-','High', 'Medium', 'Low', 'None'. I am using JS stack with the following ... by lquinn Contributor in Splunk Search 09-12-2019 4 4	4	4
Using where in search I have the following search index="pan" (dest_ip="192.168." AND NOT src_ip="192.168." AND NOT src_location="AU" AN... by balcv Contributor in Splunk Search 09-12-2019 0 2	0	2
How to stats by merging multiple events I have events in same index and source-type as follows: 9/12/19 11:28:46.398 AM [WARNING/ForkPoolWorker-13] project=... by humantorch New Member in Splunk Search 09-12-2019 0 1	0	1
How to combine specific values from two multivalue fields I have Splunk pulling in data from a lookup and creating two multivalue fields. I want to combine these two into a th... by valaverdyan Engager in Splunk Search 09-12-2019 0 1	0	1
Correlating fields and printing some fields . Logger 1: has StartId: 1234, and commitCode as 101. Logger 2: has EndId: 1234(which is same as start ID), WebOrderID... by sandeepmakkena Contributor in Splunk Search 09-12-2019 0 1	0	1
Find the LAST instance of an extracted field I have event data which looks like this: Sep 12 11:33:23 hostname AUDIT "2019-09-12 11:33:23.677 GMT+1000" 192.168... by jeremyhagand61 Communicator in Splunk Search 09-12-2019 0 2	0	2
Searching multiple log messages and count their occurrence index=my_index earliest=-30d "[ERR] Failed to connect with downstream node" OR "[ERR] Failed to authenticate downstre... by asubramanian Explorer in Splunk Search 09-12-2019 0 2	0	2
Need another column in chart Forgive my newbiness. I've been working with Splunk for many years but not developing reports. I have a report that... by tsheets13 Communicator in Splunk Search 09-12-2019 0 2	0	2
How to align events returned by two separate searches in a table I have a search that references CSV sources which are ingested from a UF; let's call these sources foo.csv and bar.cs... by beetlegeuse Path Finder in Splunk Search 09-12-2019 0 4	0	4
Table of monthly (or weekly) averages using epoch time in field (not _time) Hello! I'm trying to build a table showing the monthly averages of a calculation for "OEE" by a Machine field. I the... by johnansett Communicator in Splunk Search 09-12-2019 0 3	0	3
Using Tokens in a Search - No Dashboard Hello, I will continue to search Answers for an answer. Here's my issue. I have a dashboard with numerous searches a... by genesiusj Builder in Splunk Search 09-12-2019 0 2	0	2
hosts with certain criteria (simplified REGEX) I want to pull data for certain HOSTs in my index. For example: (host=pr1p01 OR host=pr1p03 OR host=*pr1p05 .. ) -... by Noorzaie Explorer in Splunk Search 09-12-2019 0 19	0	19
How to have stats with no result found Hi, I'm looking at logs on a Gateway to see if there is traffic or not for specific files at a specific time. I wan... by pbd Explorer in Splunk Search 09-12-2019 0 4	0	4
Eval a transaction with conditional statement I am using a transaction to group some jobs and get the timings. In doing so I want to check for certain steps, file ... by aohls Contributor in Splunk Search 09-12-2019 0 2	0	2
Issue with parsing large dataset using Join Hello, I am using the following search to parse 2 indexes since I want to combine the results from both indexes based... by kiranpatil1985 New Member in Splunk Search 09-12-2019 0 1	0	1