Splunk Search

Community Activity

Ingestion Method as Field? Hi. I've noticed there are some hidden fields in every event ingested into Splunk, like _indextime. Is there some sor... by morethanyell Builder in Splunk Search 07-22-2019 0 2	0	2
Extract last 3 characters from field Hello, I am trying to extract the last 3 characters from an extracted field. The field is in the format of 122RN0057... by ahogbin Communicator in Splunk Search 07-22-2019 0 3	0	3
Best way to extract the regex for the below xml format Extraction should be like : For the measTypes Count=120 AcceptCount=10 and so on.. <measInfo> <gra... by payal23 Path Finder in Splunk Search 07-22-2019 0 8	0	8
How to monitor 150+ instances of the same service in perfmon So my systems can spawn upto and above 150+ instances of the same application. I'm using the generic perfmon Process ... by mmqt Path Finder in Splunk Search 07-22-2019 0 1	0	1
Field extraction: Is there a limit on the number of values a JSON multivalued field can hold in Splunk 6.2.1? Hi All, I am ingesting a json log file. The data contains a JSON array with multiple fields. Sample format { "pay... by somesoni2 Revered Legend in Splunk Search 07-22-2019 3 6	3	6
Multiple Charts next to each other I have a Dashboard with two stacked bar charts in a view I created by going to Manager » User interface » Views. <f... by asarolkar Builder in Splunk Search 07-22-2019 0 3	0	3
Help with search to draw a timechart for dynamic input I have a checkbox in which user has to enter the hostname manually by himself. So on the basis of the hostname entere... by mayank101 New Member in Splunk Search 07-22-2019 0 2	0	2
Dropdown input token needs to match rex field in search Hello, I have searched Answers and will continue to search after I post this. I'm not sure I am entering the correct ... by genesiusj Builder in Splunk Search 07-22-2019 0 6	0	6
Create and Reuse Variable in Multiple Places Hi guys. I want to create a variable, lets say my_var_thresdold = 1000 After that, I want to use that var in two pla... by jslealdi Explorer in Splunk Search 07-22-2019 0 3	0	3
Splunk comparison search Hello, I have difficulties with creating a comparison chart for the next data structure: search Count ... by astatrial Contributor in Splunk Search 07-22-2019 0 7	0	7
Help with time chart search that accumulates total count over 6 months I have a search that accumulates the total count for host over a 6 period of months. Now when I am trying to draw a ... by mayank101 New Member in Splunk Search 07-22-2019 0 0	0	0
7.2.6: How to send a report even when no results are found? Hi, I have an audit report I need to run daily. I need an email daily even if the report shows no results. The ema... by Glasses Builder in Splunk Search 07-22-2019 0 6	0	6
Get the hex number of a color (in a chart) associated with a specific value? I'd like to add an icon to a value in a table whose color matches the color associated with that value in a chart. I ... by brinley Path Finder in Splunk Search 07-22-2019 0 5	0	5
Table view Hi Guys in splunk i need to create a report . i am trying to create a table with two columns please find the search k... by venkat0896 Path Finder in Splunk Search 07-22-2019 0 4	0	4
Need a help with posting data using Rest API's from one Splunk to another using webhook and HEC Hello, I have my own Splunk where I installed SPLUNK ES and I just got the Search head access from somebody's SPLUN... by satyaallaparthi Communicator in Splunk Search 07-22-2019 0 0	0	0
merge 2 logs into one with at most one value for each field Hi, I would like to combine 2 logs (or more) as the following: log #1: time=1563281015\|name=sh_lab\|a=1\|b=2\|c=3\| lo... by shayhibah Path Finder in Splunk Search 07-22-2019 0 3	0	3
I have 4 columns with 1 data in each, I wrote this query with the help of AppendCols and populate my results, please check below for more details. I have 4 columns with 1 data in each, I wrote this query with the help of AppendCols and populate my results, now I w... by krsuraj11 New Member in Splunk Search 07-22-2019 0 2	0	2
How to change timechart data points to reflect full timestamp instead of date_hours Disclaimer - very green to Splunk My timechart is built with the following $search \| timechart avg(date_hour) by ... by jonleach New Member in Splunk Search 07-22-2019 0 2	0	2
Creating a table with chronological headers Given a week worth of timestamped data like the following: 1st FEB Time = "010219 0100" Category = "A" Value = "1.1"... by Stevelim Communicator in Splunk Search 07-22-2019 0 2	0	2
How to calcualte the count diff between 2 searches? index=A \| stats count as count1 index=A \| dedup field1 field2 \| stats count as count2 This 2 searched have same inde... by jerrytao Engager in Splunk Search 07-22-2019 0 1	0	1
Show ratio in map and Change marker size and color based on ratio percentage Hi, I'm trying to show ratio of active vs total count of students by school in a map. Whereever the ratio is less tha... by jonu4u New Member in Splunk Search 07-22-2019 0 0	0	0
help to rename automatically random pie label Hi I use the search below [\| inputlookup host.csv \| table host] index="x" sourcetype="x" \| bucket _time span=3... by jip31 Motivator in Splunk Search 07-22-2019 0 9	0	9
save search results into index i want save search results data into my index. how can i do it... (\|crawl ... \|input add index=myindex) is not work... by xuehui New Member in Splunk Search 07-22-2019 0 2	0	2
Unable to build query using append/appendpipe to get desired percentage of stats Given: index=log category=Price \| eval PriceStatus=case(activity=="approve" AND event=="complete", "Price Approved"... by bennythedroid Engager in Splunk Search 07-22-2019 0 3	0	3
How to write custom Text for a Search result? For my Dashboard I ping a Source and want to see to Text-States: UP or DOWN. My search statement looks similar like ... by tobi2k Explorer in Splunk Search 07-21-2019 0 4	0	4