Splunk Search

Community Activity

How to calculate the average duration of each steps within a transaction? Hi, I have events indexed in the following format: type=a transactionID=xxxxxxxxxxx status=Created lastUpdateTime=_... by RobertEttinger8 Explorer in Splunk Search 09-03-2019 0 1	0	1
Is it possible to run dashboard panel searches in a staggered sequence instead of all at once? Hey, I have a dashboard with 6 charts. When I open this dashboard in my browser, Splunk attempts to run all 6 search... by Ant1D Motivator in Splunk Search 09-03-2019 4 4	4	4
Save SPL commands into one SPL new command Hi, Is it possible to save SPL command into one new command and use it when running a query? For example: \| dedup 1... by shayhibah Path Finder in Splunk Search 09-03-2019 0 2	0	2
splunk API from browser Hi all , I am using below url to get data from splunk https://hostname:8089/v7/services/search/jobs/export?output_... by vasanthi77 Explorer in Splunk Search 09-02-2019 0 5	0	5
stats value(_time) delimiter When I use stats values(_time) as _time group by the list of values in my table is delimitated by comma's. ex: 1... by bx_ben New Member in Splunk Search 09-02-2019 0 4	0	4
how to set epoch value to i find epoch time from my token $date1$ using below code index="cdq-dashboard-dev"\|eval earliest="$date1$"\| convert ... by reney44 Engager in Splunk Search 09-02-2019 0 1	0	1
Can Splunk join on multiple columns? How can you search Splunk to return a join on 2 columns sourcetype=test1 [search=test2 \|fields col1, col2]\|fields co... by suhprano Path Finder in Splunk Search 09-02-2019 3 6	3	6
How to build a dashboard to show critical devices without any overlapping Hello Everyone, I'm trying to build a dashboard to show all my critical devices that do not report to Splunk for a c... by louispaul76 Engager in Splunk Search 09-02-2019 0 3	0	3
help on a field renaming in a subsearch hello in my csv file I have a field called "host" and in my index a field called "HOSTNAME" its the same field and I... by jip31 Motivator in Splunk Search 09-02-2019 0 4	0	4
eval command help Hi All, Need help to get the values from multi field value. We have a field name "properties.targetResources{}.dis... by yosplunksunny New Member in Splunk Search 09-02-2019 0 1	0	1
Help returning the fields with response from user to agent in Mem field Need your help to return the fields with the response from user to agent in Mem field. There are 7 sets of user to a... by rajaguru2790 Explorer in Splunk Search 09-02-2019 0 5	0	5
How to improve Splunk search performance? I have a search like this: index= foo earliest=-3d \|rex field=summary "(?{.*)" \| spath input=json_data \|stats count... by guillecasco Path Finder in Splunk Search 09-02-2019 0 6	0	6
How to improve the performance of my search? index="way" sourcetype="transactions" \| transaction fields=Id keepevicted=true \| eval Status=if(isnotnull(Error... by shankarananthth Explorer in Splunk Search 09-02-2019 0 11	0	11
Chart overlay is invisbile Hi, I am using line chart overlay on column chart. but It's not displaying overlay line chart, even though data poi... by AKG1_old1 Builder in Splunk Search 09-02-2019 1 5	1	5
Alert time range not saving correctly; get "Your changes to the time range of this alert will not be saved. " when I attempt to fix it I've set up a very simple alert to fire when my indexing volume exceeds a specific value. index=_internal source=*li... by di2esysadmin Path Finder in Splunk Search 09-02-2019 4 8	4	8
How to display 86400 points on timechart? Hi, I need your helps. I am trying to display 86400 points with timechart. I did applied configuration below. The ver... by brandy81 Path Finder in Splunk Search 09-01-2019 0 16	0	16
How to round the average in stats statement? Here is what i have index="docker" (env = region1 OR env = region2) "job-time" \|eval time_in_mins = ('time')/(1000... by balash1979 Path Finder in Splunk Search 09-01-2019 0 7	0	7
Remove Text after Numbers in Field How can I remove everything after the zeroes in a field with results like this '000000000' Thanks! by chrisschum Path Finder in Splunk Search 09-01-2019 0 5	0	5
Transactions not showing any data after clicking on "show lines" Hey guys, My transaction gives me the option to "show 10 lines", but when clicked on it nothing shows up and the labe... by pkol Explorer in Splunk Search 09-01-2019 0 1	0	1
user!=xxx user!=yyy VS. NOT user IN (xxx yyy) Hi, when building queries I'm all for their clean look and readability - of course performance always matters more. ... by fedejko Explorer in Splunk Search 09-01-2019 0 1	0	1
How to parse a log file with multiple types of records? I have a log file with multiple line patterns. Something like this: [name] [surname] [address] ... by vtsco New Member in Splunk Search 09-01-2019 0 1	0	1
Using the Splunk Tutorial data, how to find the number of hits and top 20 category and top 20 domain? How to find the number of hits and top 20 category and top 20 domain using the tutorial data on Splunk. Please help, ... by rishabh4 New Member in Splunk Search 08-31-2019 0 4	0	4
Regex error, exceeded configured match_limit Hi Splunkers, I'm running Splunk 7.0.1 and having some problems to parse variables using regex in a search. This is... by prsepulv Explorer in Splunk Search 08-31-2019 0 2	0	2
How to improve the performance of our Splunk search query? We have indexed access logs into index="mpsapp", When we do a stats search or filter any records for these data for a... by dhavamanis Builder in Splunk Search 08-31-2019 2 7	2	7
How to get results for how often each alarm type occurs in percentage I have uploaded alarm logs into Splunk. I would like to be able to show results for how often each alarm type occurs ... by marenastrauss New Member in Splunk Search 08-30-2019 0 3	0	3