Splunk Search

Community Activity

How to calculate date based upon a patch lot value. How can we apply below logic in splunk. We have the data in Splunk which is coming out as below. Host Patching L... by sbhatnagar88 Path Finder in Splunk Search 08-05-2019 0 2	0	2
how to copy of entire splunk instances to another instance? Hii Everyone, I want to move all the knowledge objects and everything from one splunk instance to another instance...... by marisstella Explorer in Splunk Search 08-05-2019 0 5	0	5
Extract Fields Apache Logs Hi i have raw data like this: 192.0.100.3 - - [30/Jul/2019:00:06:05 -0500] "GET /test/ HTTP/1.1" 403 207 "-" "Mozill... by miguelebf New Member in Splunk Search 08-04-2019 0 2	0	2
column name updated how to keep both query results ini same dashboard Hi, index="spectrum" * \| eval foo=_cd \| rename "ns1.alarm.ns1.attribute{}.$" as value "ns1.alarm.ns1.attribute{}.@i... by surekhasplunk Communicator in Splunk Search 08-04-2019 0 4	0	4
Discrepany in total count Hello guys, I have the following syntax and data: However, there is a discrepancy with the total count per catego... by chinkeeparco Explorer in Splunk Search 08-04-2019 0 10	0	10
How to produce multiple values graphs We have a log of some metrics that look like this: 20:45:00 10.10.71.01 values : [12035313, 233658, 0, 0, 24249, 13... by jhuysing Explorer in Splunk Search 08-04-2019 0 6	0	6
Help with Regex extracting fields Can someone please help with extracting the bold highlighted field from below /07981368-d226-4cf6-8d88-9853c843bcb9... by saikumarsplunkt New Member in Splunk Search 08-04-2019 0 1	0	1
Optimize repeat searches in append I have a search in below format: index=xyz sourcetype=abc...\|table code... \|join code[search index=def ....] \|where... by harshal_chakran Builder in Splunk Search 08-04-2019 0 7	0	7
timechart is continous - cannot ignore the timeframe of missing events. one of our dashboards were using below query \| timechart count span=1d cont=false in 6.6.4 Splunk enterprise, we cou... by praphulla1 Path Finder in Splunk Search 08-04-2019 0 8	0	8
Display timechart by adding values from other panels I have 3 panels. Each panel runs a query and displays the result in timechart. This works fine. Now , I would like t... by balash1979 Path Finder in Splunk Search 08-04-2019 0 8	0	8
How to combine chart count for two fields in one search Hi, Can any one help me adding two fields in one search I am seeing both fields in splunk selected fields but not s... by monipinni Explorer in Splunk Search 08-04-2019 0 2	0	2
How can I refine this search string to grab those for the whole year and add other Splunk commands to break them into common ‘buckets’ with counts for each type of error without duplicate error types? How can I refine this search string to grab those for the whole year and add other Splunk commands to break them into... by belamg New Member in Splunk Search 08-04-2019 0 2	0	2
help with CASE needed I have the following example: \|makeresults \| eval trigger=0\|eval decision=case(trigger=1;[\|savedsearch test\|eval t=1... by damucka Builder in Splunk Search 08-03-2019 0 3	0	3
adhoc searches : canceled remotely or expired We are starting see issues with users running adhoc searches. While doing adhoc searches we are seeing the error: Un... by brdr Contributor in Splunk Search 08-03-2019 1 2	1	2
search values inside MV Hello All, i need a help in creating report i have a mv field called "report", i want to search for values so they ... by hok2010 New Member in Splunk Search 08-03-2019 0 3	0	3
Get totals of sessions for each IP Hello, everyone. I have a series of logs that have, among other data, the source address from which they come (src_ip... by gryfon New Member in Splunk Search 08-03-2019 0 5	0	5
How to perform mathematical calculations based off one column Hello, I'm new to Splunk and I'm having trouble with the following line of code. I think what I'm trying to do is pr... by gdorman619 Engager in Splunk Search 08-03-2019 0 3	0	3
Is there a way to have the 1st timestamp and last timestamp to be in the same row? Please check below example Currently, i have the below result of the search. It is returning the servername,errorcode and the timestamp. What my... by newbie09 Explorer in Splunk Search 08-03-2019 0 3	0	3
How to breakdown ticket data and create line chart? I am trying to display a line chart that counts in a 15min spans throughout the course of a day, the number of ticke... by elloyd4 Explorer in Splunk Search 08-02-2019 0 4	0	4
Matching values from a subsearch using append I'm having an issue with matching results between two searches utilizing the append command. I realize I could use t... by cquinney Communicator in Splunk Search 08-02-2019 1 3	1	3
How to show more than 50 events on a page in 7.x ? Hello, In Splunk previous versions (5.x) there was an editable file to be able to add more choices for the number of ... by zebu14 Explorer in Splunk Search 08-02-2019 1 4	1	4
Query works fine but takes lot of time to execute. Can someone help me with other approach? I've a below query where I'm filtering out the results of one index "def" from the result of other index "abc". I'm u... by amaurya1 Explorer in Splunk Search 08-02-2019 0 3	0	3
How do I return values that match column in Lookup table? I have an index that contains a field called user. I have a lookup file that also contains the header user, in additi... by jwalzerpitt Influencer in Splunk Search 08-02-2019 0 5	0	5
Field extraction via props/transforms not working I am doing some field extractions for Juniper JunOS logs and I created the following field extractions via props/tran... by jwalzerpitt Influencer in Splunk Search 08-02-2019 0 9	0	9
Compare Two IDs in Different Events I am creating a search that finds ID's in two different logs, one when the ID is created and another when the ID is s... by dsitek Explorer in Splunk Search 08-02-2019 0 0	0	0