Splunk Search

Community Activity

timechart is continous - cannot ignore the timeframe of missing events. one of our dashboards were using below query \| timechart count span=1d cont=false in 6.6.4 Splunk enterprise, we cou... by praphulla1 Path Finder in Splunk Search 08-04-2019 0 8	0	8
Display timechart by adding values from other panels I have 3 panels. Each panel runs a query and displays the result in timechart. This works fine. Now , I would like t... by balash1979 Path Finder in Splunk Search 08-04-2019 0 8	0	8
How to combine chart count for two fields in one search Hi, Can any one help me adding two fields in one search I am seeing both fields in splunk selected fields but not s... by monipinni Explorer in Splunk Search 08-04-2019 0 2	0	2
How can I refine this search string to grab those for the whole year and add other Splunk commands to break them into common ‘buckets’ with counts for each type of error without duplicate error types? How can I refine this search string to grab those for the whole year and add other Splunk commands to break them into... by belamg New Member in Splunk Search 08-04-2019 0 2	0	2
help with CASE needed I have the following example: \|makeresults \| eval trigger=0\|eval decision=case(trigger=1;[\|savedsearch test\|eval t=1... by damucka Builder in Splunk Search 08-03-2019 0 3	0	3
adhoc searches : canceled remotely or expired We are starting see issues with users running adhoc searches. While doing adhoc searches we are seeing the error: Un... by brdr Contributor in Splunk Search 08-03-2019 1 2	1	2
search values inside MV Hello All, i need a help in creating report i have a mv field called "report", i want to search for values so they ... by hok2010 New Member in Splunk Search 08-03-2019 0 3	0	3
Get totals of sessions for each IP Hello, everyone. I have a series of logs that have, among other data, the source address from which they come (src_ip... by gryfon New Member in Splunk Search 08-03-2019 0 5	0	5
How to perform mathematical calculations based off one column Hello, I'm new to Splunk and I'm having trouble with the following line of code. I think what I'm trying to do is pr... by gdorman619 Engager in Splunk Search 08-03-2019 0 3	0	3
Is there a way to have the 1st timestamp and last timestamp to be in the same row? Please check below example Currently, i have the below result of the search. It is returning the servername,errorcode and the timestamp. What my... by newbie09 Explorer in Splunk Search 08-03-2019 0 3	0	3
How to breakdown ticket data and create line chart? I am trying to display a line chart that counts in a 15min spans throughout the course of a day, the number of ticke... by elloyd4 Explorer in Splunk Search 08-02-2019 0 4	0	4
Matching values from a subsearch using append I'm having an issue with matching results between two searches utilizing the append command. I realize I could use t... by cquinney Communicator in Splunk Search 08-02-2019 1 3	1	3
How to show more than 50 events on a page in 7.x ? Hello, In Splunk previous versions (5.x) there was an editable file to be able to add more choices for the number of ... by zebu14 Explorer in Splunk Search 08-02-2019 1 4	1	4
Query works fine but takes lot of time to execute. Can someone help me with other approach? I've a below query where I'm filtering out the results of one index "def" from the result of other index "abc". I'm u... by amaurya1 Explorer in Splunk Search 08-02-2019 0 3	0	3
How do I return values that match column in Lookup table? I have an index that contains a field called user. I have a lookup file that also contains the header user, in additi... by jwalzerpitt Influencer in Splunk Search 08-02-2019 0 5	0	5
Field extraction via props/transforms not working I am doing some field extractions for Juniper JunOS logs and I created the following field extractions via props/tran... by jwalzerpitt Influencer in Splunk Search 08-02-2019 0 9	0	9
Compare Two IDs in Different Events I am creating a search that finds ID's in two different logs, one when the ID is created and another when the ID is s... by dsitek Explorer in Splunk Search 08-02-2019 0 0	0	0
why splunk extracts the second timestamp instead of first I investigate issue of creating too many new warm buckets and while I do that, one of the events which according to l... by net1993 Path Finder in Splunk Search 08-02-2019 0 5	0	5
sum specific field value I have below events- value=1 value=3 value=5 value=0 value=4 value=5 value=6 value=0 value=1 Here I want to pick l... by ips_mandar Builder in Splunk Search 08-02-2019 0 1	0	1
Set a new time range using addinfo in search I want to change the time range of my search by using addinfo. Below is my search query: index =xxx sourcetype = xxx... by nagar57 Communicator in Splunk Search 08-02-2019 0 1	0	1
Sharepoint 2016 Hello team, we would like to find out the exact process to be followed in order to collect Sharepoint 2016 events in... by mikevergetis New Member in Splunk Search 08-02-2019 0 0	0	0
Duration by messageid and in seconds In a earlier question I asked a question about an eval, this was luckily solved by Mus. Now I wonder how i can presen... by Mike6960 Path Finder in Splunk Search 08-02-2019 0 1	0	1
Sorting inquiry Hello, I need help to further sort the following data. In the sample data in the screenshot, I wanted to group the p... by chinkeeparco Explorer in Splunk Search 08-02-2019 0 7	0	7
Which lookups are being used by ES? When looking at the set of lookups available for ES I see more than three hundreds of them. Which lookups are being u... by danielbb Motivator in Splunk Search 08-02-2019 0 9	0	9
How can I modify the value of a field of a search? Hello, Could I get some advice to get the right solution to my problem, I am a Splunk newbie and my knowledge of pro... by rcontreras88 New Member in Splunk Search 08-02-2019 0 0	0	0