Splunk Search

Community Activity

How to create a column chart with line chart I need to make a chat similar to the following picture base on the data below. The column chart should show 2 column... by jenniferhao Explorer in Splunk Search 08-22-2019 0 4	0	4
How to convert row values into fields with count? Hi. How do I get from the first table to look like the second table? I have tried chart, transpose, different combin... by cindywee New Member in Splunk Search 08-22-2019 0 2	0	2
Where can we rename the src field? We have the following working query - (index=wineventlog sourcetype=WinEventLog NOT ("xxxx" OR "yyyy") src_ip IN (... by danielbb Motivator in Splunk Search 08-22-2019 1 3	1	3
To include 80+ applications in SPL Hello Everyone, I have got the list of 80+ applications this I want to include in my SPL. Is there a way I can use C... by rajatsinghbagga Explorer in Splunk Search 08-22-2019 0 1	0	1
How to get today's and last 7 day's average in single query I have a query index=errors earliest=@d latest=now \|stats count(ErrorCode) as ErrorCountForToday by host I would ... by spoolunk Engager in Splunk Search 08-22-2019 0 9	0	9
single table containing count for today, avg count for last 7 day and deviation of today vs last 7 day avg ------ by ID and Trading Partner Single Table containing - stats count by DID TN - for today avg count for last 7 day by DID and TN deviation of toda... by sayanidasgupta Explorer in Splunk Search 08-22-2019 0 0	0	0
How to create a regex for unmapped queries? I have Splunk logs like: class,method,user,transactionType,,428856645467856301,1073258159,50213,5,2019-08-21 23:17:5... by Nidd Path Finder in Splunk Search 08-22-2019 0 3	0	3
How do I use transaction to extract my required information? I'm very new to Splunk and need to get some details about a transaction which spans multiple events. Am trying to get... by jwindley_splunk Splunk Employee in Splunk Search 08-21-2019 0 7	0	7
Different values in column between two rows Hi , I am having data like Col1 Col2(created from values()) row 1 X ... by vb1612 New Member in Splunk Search 08-21-2019 0 4	0	4
Need to extract field while search only (dont want to use field extraction) using REX Hi, I have diff log formats in a single sourcetype. Thus can't define field extraction - is there way to use REX in ... by rashi83 Path Finder in Splunk Search 08-21-2019 0 1	0	1
How to customize bar chart colors based on the values? Hi Splunkers. I've been trying for a while to customize a bar chart I have. Here are the data I have: range ... by guimilare Communicator in Splunk Search 08-21-2019 2 5	2	5
Lookup based on if statement I am looking to enhance a search with a lookup (if it returns an IP) to replace the value returned in the TID field i... by donemery Explorer in Splunk Search 08-21-2019 0 2	0	2
How to format the SPL as code? Hi, I am working on a dashboard. i am creating a table to monitor the count, average response time and maximum respo... by venkat0896 Path Finder in Splunk Search 08-21-2019 0 8	0	8
How don't we nullify the data? A developer here wrote the following - \|eval admin_activity=if((like(cmd_data, "%audit%") AND like(cmd_data, "%star... by danielbb Motivator in Splunk Search 08-21-2019 0 2	0	2
Can we Ignore timechart column if all rows having 0 values ? Hi, How can we Ignore timechart column if all rows having 0 values. basically I am using trellis to display and w... by AKG1_old1 Builder in Splunk Search 08-21-2019 0 4	0	4
How to use a lookup to compare multiple fields I am trying to run a search from amazon. index=amazon-aws sourcetype="aws:description" source="*:ec2_instances" W... by dsmith1988 Engager in Splunk Search 08-21-2019 0 2	0	2
sql query to splunk query How I can Change this sql query to splunk query, I tried in different way but It is not giving proper result please h... by deeptha1992 New Member in Splunk Search 08-21-2019 0 4	0	4
How to dynamically set an index based on a string in events with a fallback option? I have some logs where there are events that are like this: Apr 5 21:16:33 myhost001.company.com key=value key2=va... by Ricapar Communicator in Splunk Search 08-21-2019 0 6	0	6
Logs are getting truncated after the forwarding has been setup into splunk The data in event 1 is incomplete and the rest of it is getting populated into event2 and so on . If i am not wrong ,... by Sujithkumarkb Observer in Splunk Search 08-21-2019 0 0	0	0
Failed to parse templatized search for field.... Hi. I wonder whether someone may be able to help me please. I'm using the query below: \| multisearch [ search `gat... by IRHM73 Motivator in Splunk Search 08-21-2019 0 3	0	3
Lookup Table search wildcards I have created a lookup table, service.csv host,service,resource "host1","fdl","all" "host2","finance","db" "host3... by balcv Contributor in Splunk Search 08-20-2019 0 2	0	2
Return Timestamp from inner and outter search Hi, I am trying to create a search that finds two sequential events. So far I have: index=wineventlog EventCode=462... by shayvdee Explorer in Splunk Search 08-20-2019 0 4	0	4
Get a total for a multivalue field by multiple fields Greetings, I'm trying to get multiple totals for multiple fields. My current query incorporates \| stats count as ... by cquinney Communicator in Splunk Search 08-20-2019 0 3	0	3
How can I extract a license file from existing license volume Hi, I am trying to extract a license file from our current license pool. All I could see is the delete option for th... by divyamudundi Path Finder in Splunk Search 08-20-2019 2 4	2	4
XML Parsing Props.conf Any help is appreciated in parsing the following xml data retrieved from DB connect input. We just need the Name an... by uvmk61 New Member in Splunk Search 08-20-2019 0 5	0	5