Splunk Search

Community Activity

	help with tstats and eval Hi, I'm trying to count the number of events for a specific index/sourcetype combo, and then total them into a new f... by a212830 Champion in Splunk Search 08-20-2019 0 1	0	1
	How to search for data Hello there, In our company we've been using Splunk for a while now but I think we use it not to it's full potential... by juanherrera Explorer in Splunk Search 08-20-2019 0 7	0	7
	Do math on this period's numbers versus last period's I'd like to build an alert that essentially says "if the count from this hour is more than twice, or less than half, ... by shulmaniel New Member in Splunk Search 08-20-2019 0 3	0	3
	Multiple stat intervals over a large dataset/summary index We have logging with user data for the requests each use does. We have created some averages and dashboards with this... by aohls Contributor in Splunk Search 08-20-2019 0 4	0	4
	How to get Stats from Search and Average? This is probably quite simple and I am missing something.. i am using this search. index=sxxx sourcetype=sxxx host=... by jpsquires New Member in Splunk Search 08-20-2019 0 3	0	3
	use of tstats instead of stats I am trying to iterate through 16million data and trying to use tstats instead of stats... please help me out in conv... by vikashperiwal Path Finder in Splunk Search 08-20-2019 0 6	0	6
	i am seeing this entry over 30000 times a minute - KLM\software\policies\microsoft\systemcertificates\disallowed\crls this is one of the events i am seeing and we are trying to figure our why only 20-30 servers are doing this 08/20/20... by rmcmillin New Member in Splunk Search 08-20-2019 0 0	0	0
	Table view in dashboard Hi i am trying to create a Dashboard. i need some assistance on creating a table format. i have some executions like... by venkat0896 Path Finder in Splunk Search 08-20-2019 0 10	0	10
	Compare two fields to pull data Hello, I currently have a search running on two different indexes pulling different fields. There is one field cal... by nlisle New Member in Splunk Search 08-20-2019 0 2	0	2
	How to start transaction with the earliest event I need to document a transaction that begins with a multithreaded process. The process creates multiple entries in a... by jasongb Path Finder in Splunk Search 08-20-2019 0 12	0	12
	Find how many times source type stopped sending data with in a month? Have to find a source type how many times it is not sending data to index within a month or some period of time Than... by Reddi694325 Path Finder in Splunk Search 08-20-2019 0 1	0	1
	get process time and group by status Hello everyone I'm using this query `\|eval Status = case (eventId="endProcess" ,"Completed" ,eventId="error","Term... by hazemfarajallah Explorer in Splunk Search 08-19-2019 0 6	0	6
	How do I get a list of users who can log into splunk? All, Is there an Api call or search I can run to get a list of users who can log into Splunk? bonus points if we ca... by daniel333 Builder in Splunk Search 08-19-2019 0 1	0	1
	Error in 'rex' command: Invalid argument: ' ' -- How do I fix this issue? Hi, I have a daily search that suddenly stopped working (upgraded from 6.7 to 7.1 before it stopped working, I believ... by russell120 Communicator in Splunk Search 08-19-2019 0 6	0	6
	How to get duration for a transaction with multiple start and end points? Hi, I'm looking to get a duration for a transaction that has multiple pairs of StartsWith and EndsWith conditions. ... by amunag439 Explorer in Splunk Search 08-19-2019 0 1	0	1
	subsearch to combine multiple queries and sum up example log data project_name=abc category=xyz job_id=1 stage_begin=compile time=2019-08-16 15:00:00 project_name=ab... by vanakkam New Member in Splunk Search 08-19-2019 0 10	0	10
	How to create an alert when searched index has no data I have the following search, and i want to be able to only show the indexes that have 0 data during a specified time ... by dmws New Member in Splunk Search 08-19-2019 0 4	0	4
	Help returning stats with a value of 0 I'm trying to return an inventory dashboard panel that shows event count by data source for the given custom eventtyp... by johnward4 Communicator in Splunk Search 08-19-2019 0 4	0	4
	How do I add an additional search condition to my table? index= client_snsr_tcg_unix_webservices source="/var/log/tomcat8/catalina.out" \| rex "^\[(?[^\]]+)\].*\[(?[^\]]+)\]\... by elijahm Explorer in Splunk Search 08-19-2019 0 4	0	4
	Calculate earliest, latest with timepicker My case is that I have got a dashboard with panels where I have a global time picker $global_pckr$ I need to calculat... by igschloessl Explorer in Splunk Search 08-19-2019 0 3	0	3
	How to parse JSON with multiple array ? Hi, Here is a sample : { columnNames: [ usersession.city Browser name ... by jegron New Member in Splunk Search 08-19-2019 0 4	0	4
	Search for all events that has part of a string in a field I am looking for how to search for all events where a field might have values of sub-string. For Example if I have ... by ram_sistla Engager in Splunk Search 08-19-2019 0 3	0	3
	How to put multiple charts into a single chart I'm trying to get a visualization together that will mark growth at 30, 60, and 90 days into a single graph with dif... by codedtech Path Finder in Splunk Search 08-19-2019 0 2	0	2
	How to have only common values for 2 fields in the same search? I have a table like this: Shops Location Total 1. CK SF ... by tjosm New Member in Splunk Search 08-19-2019 0 2	0	2
	Adding a new indexed meta field to inputs.conf not showing up in fastmode We see it in smart mode but not in fast mode. What are we missing and where does this get defined? by brent_weaver Builder in Splunk Search 08-19-2019 0 2	0	2