Splunk Search

Community Activity

Display the top 5 line chart field values I'm having some trouble with getting the top 5 line values on a line chart. My current search is below index=db sou... by mcg_connor Path Finder in Splunk Search 09-09-2019 0 2	0	2
Column width adjustable table Morning all, Im sure this may have been answered in the past, but is there away to have a table in splunk that you c... by rossparfect Path Finder in Splunk Search 09-09-2019 0 1	0	1
How to create a sub-search that looks for events 10 mins earlier index=windows sourctype=bla EventCode=g host=abc user=cvb NOT [ search index=email \|table _time,host \|fields _time, ... by dyelchuriyelchu Engager in Splunk Search 09-09-2019 0 1	0	1
KV_Mode against Constant value host fields I have a new data source that extracts quite well using KV_mode = auto (or KV_Mode=json). The data itself is a simp... by MFiller90 Explorer in Splunk Search 09-09-2019 0 2	0	2
Field extraction I have field in my raw events src = https://www.abcd.com/shop/buy-laptop/dell-200 src= https://www.abcd.com/shop/bu... by sandeepmakkena Contributor in Splunk Search 09-09-2019 0 2	0	2
How to alert when a deviation has been detected in volume between two time periods? I currently use the following query to compare volume counts between current day and a week ago: sourcetype=abc inde... by bcaunt New Member in Splunk Search 09-09-2019 0 3	0	3
creating a scatterplot with time on the x-axis I'm looking to create a multi-series scatter plot where time is on the x-axis. An example would be something like ... by pbrunel_splunk Splunk Employee in Splunk Search 09-09-2019 5 3	5	3
What's the difference between an event and a log Can anyone explain me what's the difference between an event and a log. According to me, an event is set of logs ge... by aruncp333 Explorer in Splunk Search 09-09-2019 0 3	0	3
How to create new field combined from existing fields Hi I have such a table in which is described the proces of any TestMachine: A B ... by spisiakmi Contributor in Splunk Search 09-09-2019 0 3	0	3
How to combine two searches into one table using count twice I have two searches, one getting the current connections and the other getting an average. I'm trying to grab the fie... by aking76 Path Finder in Splunk Search 09-09-2019 0 6	0	6
How to get the row text from inputlookup in a variable for email alert HI! I am using a CSV file to catch some alerts, and that part works fine, I catch all my alerts. index="main" [inp... by mbreton Engager in Splunk Search 09-09-2019 0 0	0	0
Comparing appVersions over time Hi, I am trying to compare my latest app vs all the other app Version to evaluate adoption rate. I would like to disp... by khanyag1 New Member in Splunk Search 09-09-2019 0 9	0	9
Is it possible to use EVAL field in sendemail with DBXQUERY search? I am needing to pass a custom date to the sendemail subject line and I know it is possible using a standard Splunk se... by jnsd03 Explorer in Splunk Search 09-09-2019 0 0	0	0
handling error issues i ran a normal query, but it is auto cancelled after sometime ,so i am interested in why the query has failed.is ther... by farooq3679 Engager in Splunk Search 09-09-2019 0 4	0	4
How to optimize rex to avoid the error message: Error in 'rex' command: regex= has exceeded configured match_limit, consider raising the value in limits.conf Hi. Can you help me, please, to optimize the regular expression. The problem is, when I search in longer time, I rece... by spisiakmi Contributor in Splunk Search 09-09-2019 0 8	0	8
Per day and Per second results not matching up. I am running following queries to get event counts average per second and per day over a weeks period but the results... by angersleek Path Finder in Splunk Search 09-09-2019 0 3	0	3
Convert columns to rows I have a table like below A B C 1 2,3,4 Hello Need a query for wh... by jiaqya Builder in Splunk Search 09-09-2019 0 1	0	1
Multiple fields in one chart Hi, I struggling to create chart, which will be with multiple field values (max,avg and min pauses) + need to see mo... by pudanelilita Explorer in Splunk Search 09-09-2019 0 2	0	2
How do i find out if a field contains part of another field? Hello community. I'm struggling to find emails that have a word in the subject which also have the word in an attach... by sgrierson New Member in Splunk Search 09-08-2019 0 4	0	4
How to get results for individual fields per second I have the following query which gives me per second average results for the events. Is there a way I can modify it ... by angersleek Path Finder in Splunk Search 09-08-2019 0 2	0	2
There are sites that provide geolocation of IPs. Is there a way to create a Splunk form for this function? Does the ip address in question need to be indexed somewhere prior? Rather than use 3rd party websites, we'd like to use Splunk to geolocate an address that may not yet be indexed. Sim... by scott_sackrider Explorer in Splunk Search 09-08-2019 1 2	1	2
search show results not existing in logs. Hi Splunker; I have the below search: index=winevents host=prdaddc02 OR host=PRDADDC01 OR host=DZITHQ-DC3 sourcetyp... by aalhabbash1 Path Finder in Splunk Search 09-07-2019 0 2	0	2
Unexplained: Inconsistent/incomplete transaction eventcount when using maxevents with startswith I am getting an inconsistent number of events in a transaction, relative to the value specified for maxevents=x: \| ... by collinrice Explorer in Splunk Search 09-06-2019 0 0	0	0
epoch time difference between first and last. Hello All, I am trying to find the difference between first time and last time in epoch time. and i want the differ... by AbubakarShahid New Member in Splunk Search 09-06-2019 0 2	0	2
Help with regex with two different type events Hello I have the below sample events Thu Sep 5 10:00:02 EDT 2019 XDB EXPIRED & LOCKED ... by vrmandadi Builder in Splunk Search 09-06-2019 0 5	0	5