Splunk Search

Community Activity

Query on stats value = 0 or null Hi Guys, I have a question here. Example i have a query statement that check for event logs captured by all my ser... by christay New Member in Splunk Search 07-23-2019 0 2	0	2
How to Automate Threat Advisory tracking Could you help me out on how to automate Threat Advisory Tracking IOC & IP's in ES by naregayam New Member in Splunk Search 07-23-2019 0 0	0	0
Display transaction_id, Amount and Grand total of amount. [2019-07-19 10:13:49,210] package=com.ABCDpay,class=PostingServices,service=ProcessAccountingInstruction,component=CB... by sandeepmakkena Contributor in Splunk Search 07-23-2019 0 1	0	1
ERROR Regex - Failed in pcre_exec: Error PCRE_ERROR_MATCHLIMIT for regex: \\|.?summarize.?action\= Hello, I am getting this error in search head don't know why. Anybody had same issue please let me know. Thansk. by sathwikr076 Communicator in Splunk Search 07-23-2019 2 17	2	17
How to calculate the average time in a URL? Hi I want to calculate the average time of being in a URL. This SPL shows me the time spent in a URL, but NOT the ave... by rosho Communicator in Splunk Search 07-23-2019 0 5	0	5
How to find the uncommon values of a field between two indexes? I have two indexes "abc" and "def". There is a field in index "abc" ---> "operator_id". Similarly, there is a field ... by amaurya1 Explorer in Splunk Search 07-23-2019 0 2	0	2
Compare result of three different index searches I have 3 Indexers I have data. Two Indexers are the source and Third one is the target. So if I am I am tryinng to Ad... by runiyal Path Finder in Splunk Search 07-23-2019 0 10	0	10
Timechart not populating the result I have a checkbox named host in which user enters the hostname manually, and then as per the name entered it should d... by mayank101 New Member in Splunk Search 07-23-2019 0 2	0	2
Is the result of "strptime" in seconds? Hi I would like to know if the results of "strptime" are in seconds? index=main sourcetype=access_combined host=vs... by rosho Communicator in Splunk Search 07-23-2019 0 2	0	2
Timechart not coming up instead a table is coming up for it Timechart not coming up instead a table is coming up for it.Can anyone tell me what's wrong with the query.I want a ... by mayank101 New Member in Splunk Search 07-23-2019 0 2	0	2
Help creating JOIN search I'm trying to compare Field X from Index A with Field Y from Index B. Though the field names are different, they sto... by NAVEEN_CTS Path Finder in Splunk Search 07-23-2019 0 8	0	8
How to get the time difference after converting unix time using strftime? I'm currently trying to get the duration of some events, but when i use this search nothing is coming back: \| tstats... by payton_tayvion Path Finder in Splunk Search 07-23-2019 0 2	0	2
How to create a regex for extracting few characters of a field? My VLAN value looks like below: \|inputlookup vrf_usage.csv \| search VRF="*" \| search VLAN=Vlan819(RVP_CDN) Could ... by surekhasplunk Communicator in Splunk Search 07-23-2019 0 6	0	6
Difference between today's and yesterday's data. I am trying to find the difference between today and yesterday's data. The data consists of every employee's Id numbe... by 3666142 Path Finder in Splunk Search 07-23-2019 0 2	0	2
How to create a total volume label on each pie on a trellis dashboard panel I'm trying to display allowed vs blocked traffic for several different accounts. I think a trellis chart with a pie r... by adamjones Engager in Splunk Search 07-23-2019 0 2	0	2
How do I reverse/swap characters in a string value returned from a search? Hi, If my search returns a string value of "ABCDEF" 1) How do I modify the search to reverse this value so it outpu... by ajay_mk Explorer in Splunk Search 07-23-2019 1 13	1	13
What is the difference in total and Total? index="YOURINDEX" \|stats count by domain, id.orig_h \| sort -count \|stats list(domain) as Domain, list(count) as count... by emilynicole73 Engager in Splunk Search 07-23-2019 0 3	0	3
How to optimize search to compare calculated value with the previous value from some time ago Hello. I have this search: index="flow" earliest=-15m latest=now \| append [search index="flow" earliest=-15m lates... by borgetko New Member in Splunk Search 07-23-2019 0 3	0	3
Join turns off predicate pushdown optimization Hi, I have problem with optimizer. It doesn't make pushdown optimization when I'm using join. I have event dataset wi... by aasfga New Member in Splunk Search 07-23-2019 0 0	0	0
Ingestion Method as Field? Hi. I've noticed there are some hidden fields in every event ingested into Splunk, like _indextime. Is there some sor... by morethanyell Builder in Splunk Search 07-22-2019 0 2	0	2
Extract last 3 characters from field Hello, I am trying to extract the last 3 characters from an extracted field. The field is in the format of 122RN0057... by ahogbin Communicator in Splunk Search 07-22-2019 0 3	0	3
Best way to extract the regex for the below xml format Extraction should be like : For the measTypes Count=120 AcceptCount=10 and so on.. <measInfo> <gra... by payal23 Path Finder in Splunk Search 07-22-2019 0 8	0	8
How to monitor 150+ instances of the same service in perfmon So my systems can spawn upto and above 150+ instances of the same application. I'm using the generic perfmon Process ... by mmqt Path Finder in Splunk Search 07-22-2019 0 1	0	1
Field extraction: Is there a limit on the number of values a JSON multivalued field can hold in Splunk 6.2.1? Hi All, I am ingesting a json log file. The data contains a JSON array with multiple fields. Sample format { "pay... by somesoni2 Revered Legend in Splunk Search 07-22-2019 3 6	3	6
Multiple Charts next to each other I have a Dashboard with two stacked bar charts in a view I created by going to Manager » User interface » Views. <f... by asarolkar Builder in Splunk Search 07-22-2019 0 3	0	3