Splunk Search

Community Activity

Need a help with posting data using Rest API's from one Splunk to another using webhook and HEC Hello, I have my own Splunk where I installed SPLUNK ES and I just got the Search head access from somebody's SPLUN... by satyaallaparthi Communicator in Splunk Search 07-22-2019 0 0	0	0
merge 2 logs into one with at most one value for each field Hi, I would like to combine 2 logs (or more) as the following: log #1: time=1563281015\|name=sh_lab\|a=1\|b=2\|c=3\| lo... by shayhibah Path Finder in Splunk Search 07-22-2019 0 3	0	3
I have 4 columns with 1 data in each, I wrote this query with the help of AppendCols and populate my results, please check below for more details. I have 4 columns with 1 data in each, I wrote this query with the help of AppendCols and populate my results, now I w... by krsuraj11 New Member in Splunk Search 07-22-2019 0 2	0	2
How to change timechart data points to reflect full timestamp instead of date_hours Disclaimer - very green to Splunk My timechart is built with the following $search \| timechart avg(date_hour) by ... by jonleach New Member in Splunk Search 07-22-2019 0 2	0	2
Creating a table with chronological headers Given a week worth of timestamped data like the following: 1st FEB Time = "010219 0100" Category = "A" Value = "1.1"... by Stevelim Communicator in Splunk Search 07-22-2019 0 2	0	2
How to calcualte the count diff between 2 searches? index=A \| stats count as count1 index=A \| dedup field1 field2 \| stats count as count2 This 2 searched have same inde... by jerrytao Engager in Splunk Search 07-22-2019 0 1	0	1
Show ratio in map and Change marker size and color based on ratio percentage Hi, I'm trying to show ratio of active vs total count of students by school in a map. Whereever the ratio is less tha... by jonu4u New Member in Splunk Search 07-22-2019 0 0	0	0
help to rename automatically random pie label Hi I use the search below [\| inputlookup host.csv \| table host] index="x" sourcetype="x" \| bucket _time span=3... by jip31 Motivator in Splunk Search 07-22-2019 0 9	0	9
save search results into index i want save search results data into my index. how can i do it... (\|crawl ... \|input add index=myindex) is not work... by xuehui New Member in Splunk Search 07-22-2019 0 2	0	2
Unable to build query using append/appendpipe to get desired percentage of stats Given: index=log category=Price \| eval PriceStatus=case(activity=="approve" AND event=="complete", "Price Approved"... by bennythedroid Engager in Splunk Search 07-22-2019 0 3	0	3
How to write custom Text for a Search result? For my Dashboard I ping a Source and want to see to Text-States: UP or DOWN. My search statement looks similar like ... by tobi2k Explorer in Splunk Search 07-21-2019 0 4	0	4
field value is being extracted as fieldname in regex I am trying to extract xml fields using regex but I am encourtering this issue for this specific tags, It is working ... by michaelrosello Path Finder in Splunk Search 07-21-2019 0 1	0	1
How to sort search results by numbers The rounding of search results has already been discussed numerously. But unfortunately, it doesn't work for me. I wa... by tobi2k Explorer in Splunk Search 07-21-2019 0 4	0	4
showing result quarterly I am new in splunk i want to calculate the quarter data based on all people and what are the highest planned and lowe... by chandanimishra New Member in Splunk Search 07-21-2019 0 1	0	1
Missing original value after using distinct query Hi, I am having the following issue that need your help. The scenario is: I am working on the report of firewall data... by michaelhoang New Member in Splunk Search 07-21-2019 0 1	0	1
Unique requests Need creating a search query for Splunk that results in a list of unique requests that have been completed. by d00m4ig Engager in Splunk Search 07-21-2019 0 3	0	3
How to get count of multiple strings with common index and source type? I'm trying to create a dashboard which will display pie-charts from different results. For this, I've multiple string... by habisht Explorer in Splunk Search 07-21-2019 0 2	0	2
Does the Trellis visualisation work with real time searches? I am attempting to make a trellis visualization off the sample data : * clientip=* \| iplocation clientip \| lookup ... by ewan000 Path Finder in Splunk Search 07-20-2019 0 3	0	3
Get average connections for the past few days, compare to current connections I have the following search, I'm trying to get it to show the src, dst, current amount of connections, and then an av... by aking76 Path Finder in Splunk Search 07-20-2019 0 2	0	2
Splunk not able to recognize the JSON file source type and index it I am trying to monitor a folder containing JSON files in it. But, I observed that files are not getting indexed. Whe... by vikrantkumar199 New Member in Splunk Search 07-19-2019 0 1	0	1
search peers sick Hi im having this issue : The times on the system clocks for the machines running this search head and the intended ... by jadengoho Builder in Splunk Search 07-19-2019 0 3	0	3
timechart with WHERE clause not behaving as expected I have a fairly straightforward query using timechart to count the top 10 users triggering an event. ( Sanitized ) ... by fclsplunk New Member in Splunk Search 07-19-2019 0 8	0	8
start a search certain number of hours/days/weeks from time picker set value Good day everyone, I am dealing with a challenge and really hope i can get an answer here. I am running a Join search... by mpasha Path Finder in Splunk Search 07-19-2019 0 7	0	7
Unable to extract common values by joining indexes? index=abc sourcetype=xyz \| eval is_passed=if(label=="PASS", 1, 0) \| eval is_failed=if(label=="FAIL", 1, 0) \| stats... by amaurya1 Explorer in Splunk Search 07-19-2019 0 3	0	3
About usage of {} in eval I recently saw the manual of eval, and I found the following description. To specify a field name with multiple word... by yutaka1005 Builder in Splunk Search 07-19-2019 2 4	2	4