Splunk Search

Community Activity

Chart command. index=aos_transaction \| chart count by payments, geo \| addtotals col=t \| sort -Total \| head 10 I want to display onl... by sandeepmakkena Contributor in Splunk Search 09-03-2019 0 2	0	2
How to get rid of white spaces in the column names when working on DB.? Hi when I am trying to get the results from the DB (SQL Server), there are some column names as "Show Room Code". ... by SanthoshSreshta Contributor in Splunk Search 09-03-2019 0 3	0	3
Drop off count in website. I am working on website sales data where n number of different services are called like CartService, OrderBuildServic... by sandeepmakkena Contributor in Splunk Search 09-03-2019 0 3	0	3
How to modify search text with Javascript I'm using Splunk Enterprise Version: 7.3.0 I'm trying to make a chrome extension that will allow me to toggle line-c... by d_o_c New Member in Splunk Search 09-03-2019 0 0	0	0
Correlation search for Interactive Login with Service Account and Interactive Login with Local Administrator Offense Name: Interactive Login with Service Account Rule: Service accounts typically start with svc* Offense Name: ... by vikram1583 Explorer in Splunk Search 09-03-2019 0 0	0	0
Why does convert num NOT follow a universal typecasting paradigm and NOT trim leading zeroes? I guess the question is a bit facetious But, I would still like to know what the (flawed) logic is behind this? It's... by nick405060 Motivator in Splunk Search 09-03-2019 3 5	3	5
Why is the rex capture not working? Hi All, I am trying to capture line starting with a number, I have created a regex and tested it in regex101 site and... by nareshkumar1985 Engager in Splunk Search 09-03-2019 0 4	0	4
How to include double quotes in Switch Case Hi All, How can I do switch case for below values {"XXX":["ABC"]} == ABC {"XXX":[]} == NULL . \| eval Name=ca... by Anantha123 Communicator in Splunk Search 09-03-2019 0 2	0	2
Better search query way in terms of performance I have below search criteria so let me know best way for this. base search (which have output in table format) [tabl... by N92 Path Finder in Splunk Search 09-03-2019 0 5	0	5
How to get the number of errors for each application ? Hi, I'm new to Splunk and so far I've managed to get the number of errors but I do not know for which application? I... by lsy9891 Engager in Splunk Search 09-03-2019 0 7	0	7
Tor traffic search feeds Hi All, I work with Datamodels, and trying to create search which will alert me about TOR communication. Having som... by dzejsonborn New Member in Splunk Search 09-03-2019 0 3	0	3
searchmatch function Hi I am trying to find an ip from first query and then search that ip if exists in another csv file and show the co... by surekhasplunk Communicator in Splunk Search 09-03-2019 0 1	0	1
Grouping multiple OR values Hi People, Is there any efficient way of grouping values? I have like 20 Or statement that I need to match something... by babakkhorshid New Member in Splunk Search 09-03-2019 0 3	0	3
How to calculate the average duration of each steps within a transaction? Hi, I have events indexed in the following format: type=a transactionID=xxxxxxxxxxx status=Created lastUpdateTime=_... by RobertEttinger8 Explorer in Splunk Search 09-03-2019 0 1	0	1
Is it possible to run dashboard panel searches in a staggered sequence instead of all at once? Hey, I have a dashboard with 6 charts. When I open this dashboard in my browser, Splunk attempts to run all 6 search... by Ant1D Motivator in Splunk Search 09-03-2019 4 4	4	4
Save SPL commands into one SPL new command Hi, Is it possible to save SPL command into one new command and use it when running a query? For example: \| dedup 1... by shayhibah Path Finder in Splunk Search 09-03-2019 0 2	0	2
splunk API from browser Hi all , I am using below url to get data from splunk https://hostname:8089/v7/services/search/jobs/export?output_... by vasanthi77 Explorer in Splunk Search 09-02-2019 0 5	0	5
stats value(_time) delimiter When I use stats values(_time) as _time group by the list of values in my table is delimitated by comma's. ex: 1... by bx_ben New Member in Splunk Search 09-02-2019 0 4	0	4
how to set epoch value to i find epoch time from my token $date1$ using below code index="cdq-dashboard-dev"\|eval earliest="$date1$"\| convert ... by reney44 Engager in Splunk Search 09-02-2019 0 1	0	1
Can Splunk join on multiple columns? How can you search Splunk to return a join on 2 columns sourcetype=test1 [search=test2 \|fields col1, col2]\|fields co... by suhprano Path Finder in Splunk Search 09-02-2019 3 6	3	6
How to build a dashboard to show critical devices without any overlapping Hello Everyone, I'm trying to build a dashboard to show all my critical devices that do not report to Splunk for a c... by louispaul76 Engager in Splunk Search 09-02-2019 0 3	0	3
help on a field renaming in a subsearch hello in my csv file I have a field called "host" and in my index a field called "HOSTNAME" its the same field and I... by jip31 Motivator in Splunk Search 09-02-2019 0 4	0	4
eval command help Hi All, Need help to get the values from multi field value. We have a field name "properties.targetResources{}.dis... by yosplunksunny New Member in Splunk Search 09-02-2019 0 1	0	1
Help returning the fields with response from user to agent in Mem field Need your help to return the fields with the response from user to agent in Mem field. There are 7 sets of user to a... by rajaguru2790 Explorer in Splunk Search 09-02-2019 0 5	0	5
How to improve Splunk search performance? I have a search like this: index= foo earliest=-3d \|rex field=summary "(?{.*)" \| spath input=json_data \|stats count... by guillecasco Path Finder in Splunk Search 09-02-2019 0 6	0	6