Splunk Search

Community Activity

How to include double quotes in Switch Case Hi All, How can I do switch case for below values {"XXX":["ABC"]} == ABC {"XXX":[]} == NULL . \| eval Name=ca... by Anantha123 Communicator in Splunk Search 09-03-2019 0 2	0	2
Better search query way in terms of performance I have below search criteria so let me know best way for this. base search (which have output in table format) [tabl... by N92 Path Finder in Splunk Search 09-03-2019 0 5	0	5
How to get the number of errors for each application ? Hi, I'm new to Splunk and so far I've managed to get the number of errors but I do not know for which application? I... by lsy9891 Engager in Splunk Search 09-03-2019 0 7	0	7
Tor traffic search feeds Hi All, I work with Datamodels, and trying to create search which will alert me about TOR communication. Having som... by dzejsonborn New Member in Splunk Search 09-03-2019 0 3	0	3
searchmatch function Hi I am trying to find an ip from first query and then search that ip if exists in another csv file and show the co... by surekhasplunk Communicator in Splunk Search 09-03-2019 0 1	0	1
Grouping multiple OR values Hi People, Is there any efficient way of grouping values? I have like 20 Or statement that I need to match something... by babakkhorshid New Member in Splunk Search 09-03-2019 0 3	0	3
How to calculate the average duration of each steps within a transaction? Hi, I have events indexed in the following format: type=a transactionID=xxxxxxxxxxx status=Created lastUpdateTime=_... by RobertEttinger8 Explorer in Splunk Search 09-03-2019 0 1	0	1
Is it possible to run dashboard panel searches in a staggered sequence instead of all at once? Hey, I have a dashboard with 6 charts. When I open this dashboard in my browser, Splunk attempts to run all 6 search... by Ant1D Motivator in Splunk Search 09-03-2019 4 4	4	4
Save SPL commands into one SPL new command Hi, Is it possible to save SPL command into one new command and use it when running a query? For example: \| dedup 1... by shayhibah Path Finder in Splunk Search 09-03-2019 0 2	0	2
splunk API from browser Hi all , I am using below url to get data from splunk https://hostname:8089/v7/services/search/jobs/export?output_... by vasanthi77 Explorer in Splunk Search 09-02-2019 0 5	0	5
stats value(_time) delimiter When I use stats values(_time) as _time group by the list of values in my table is delimitated by comma's. ex: 1... by bx_ben New Member in Splunk Search 09-02-2019 0 4	0	4
how to set epoch value to i find epoch time from my token $date1$ using below code index="cdq-dashboard-dev"\|eval earliest="$date1$"\| convert ... by reney44 Engager in Splunk Search 09-02-2019 0 1	0	1
Can Splunk join on multiple columns? How can you search Splunk to return a join on 2 columns sourcetype=test1 [search=test2 \|fields col1, col2]\|fields co... by suhprano Path Finder in Splunk Search 09-02-2019 3 6	3	6
How to build a dashboard to show critical devices without any overlapping Hello Everyone, I'm trying to build a dashboard to show all my critical devices that do not report to Splunk for a c... by louispaul76 Engager in Splunk Search 09-02-2019 0 3	0	3
help on a field renaming in a subsearch hello in my csv file I have a field called "host" and in my index a field called "HOSTNAME" its the same field and I... by jip31 Motivator in Splunk Search 09-02-2019 0 4	0	4
eval command help Hi All, Need help to get the values from multi field value. We have a field name "properties.targetResources{}.dis... by yosplunksunny New Member in Splunk Search 09-02-2019 0 1	0	1
Help returning the fields with response from user to agent in Mem field Need your help to return the fields with the response from user to agent in Mem field. There are 7 sets of user to a... by rajaguru2790 Explorer in Splunk Search 09-02-2019 0 5	0	5
How to improve Splunk search performance? I have a search like this: index= foo earliest=-3d \|rex field=summary "(?{.*)" \| spath input=json_data \|stats count... by guillecasco Path Finder in Splunk Search 09-02-2019 0 6	0	6
How to improve the performance of my search? index="way" sourcetype="transactions" \| transaction fields=Id keepevicted=true \| eval Status=if(isnotnull(Error... by shankarananthth Explorer in Splunk Search 09-02-2019 0 11	0	11
Chart overlay is invisbile Hi, I am using line chart overlay on column chart. but It's not displaying overlay line chart, even though data poi... by AKG1_old1 Builder in Splunk Search 09-02-2019 1 5	1	5
Alert time range not saving correctly; get "Your changes to the time range of this alert will not be saved. " when I attempt to fix it I've set up a very simple alert to fire when my indexing volume exceeds a specific value. index=_internal source=*li... by di2esysadmin Path Finder in Splunk Search 09-02-2019 4 8	4	8
How to display 86400 points on timechart? Hi, I need your helps. I am trying to display 86400 points with timechart. I did applied configuration below. The ver... by brandy81 Path Finder in Splunk Search 09-01-2019 0 16	0	16
How to round the average in stats statement? Here is what i have index="docker" (env = region1 OR env = region2) "job-time" \|eval time_in_mins = ('time')/(1000... by balash1979 Path Finder in Splunk Search 09-01-2019 0 7	0	7
Remove Text after Numbers in Field How can I remove everything after the zeroes in a field with results like this '000000000' Thanks! by chrisschum Path Finder in Splunk Search 09-01-2019 0 5	0	5
Transactions not showing any data after clicking on "show lines" Hey guys, My transaction gives me the option to "show 10 lines", but when clicked on it nothing shows up and the labe... by pkol Explorer in Splunk Search 09-01-2019 0 1	0	1