Splunk Search

Community Activity

About usage of {} in eval I recently saw the manual of eval, and I found the following description. To specify a field name with multiple word... by yutaka1005 Builder in Splunk Search 07-19-2019 2 4	2	4
Getting the wrong fields extracted from my props and transforms conf files So i'm trying to extract and ip address from a multi-value field and my transforms stanza is something along these li... by Sparky1 Explorer in Splunk Search 07-19-2019 0 5	0	5
how to find third largest salary from a salary field Please help me in Finding the 3rd or nth largest value from a field... SALARY 10000 30000 20000 80000 60000 93000 5... by Tamilraj28 Engager in Splunk Search 07-19-2019 0 3	0	3
Getting data from seperate searches where fields are not the same name I have two searches, one that gives me a table: index="netapp_snapmirror_reports" source="/var/tmp/netapp_snapmirror... by jfraley Path Finder in Splunk Search 07-19-2019 0 4	0	4
Can a field value of any column but used as a fieldname in eval? I have a field as field1, and field2 which is an indexed event: Field1 1.A 2.B and another table I have as match1 ... by msaranya Observer in Splunk Search 07-19-2019 0 5	0	5
Using a column of field names to dynamically select fields for use in eval expression Hi. Suppose my search generates the first 4 columns from the following table: field1 field2 field3 lookup resul... by dvanderlaan New Member in Splunk Search 07-19-2019 0 6	0	6
Search Question: Event Sampling Does anyone know of a good way to pull one event of a specific eventcode/type when searching for multiple eventcodes?... by adalbor Builder in Splunk Search 07-19-2019 0 3	0	3
extract no. hi all I have events in json format need to extract number from this sip:+1234566@12.23.34.45 example: i need +1234... by splunkuseradmin Path Finder in Splunk Search 07-19-2019 0 4	0	4
How to add counts and sum from different fields Hi, New to Splunk and still trying to get to grips with it. I am trying to present a single table with the following... by amal1234 Engager in Splunk Search 07-19-2019 0 2	0	2
How to Find Standard Deviation of a Daily Volume? I'm trying to find the standard deviation of the daily volume of traffic per host. index=index sourcetype=sourcetype ... by TylerJVitale Explorer in Splunk Search 07-19-2019 0 0	0	0
Increase max time for a script alert I am running a script from a alert which takes around 30 mins to complete . But instead my script is getting fired wi... by Mansi24 Path Finder in Splunk Search 07-19-2019 0 3	0	3
Duplicate Host Field from JSON Event Hey there, we are pumping millions of Zabbix events in to our splunk environment over a Heavy Forwarder. The events ... by max_weber Explorer in Splunk Search 07-19-2019 0 2	0	2
dynamic hostname replacement with real source server IP addsress in log source Hi, we facing an issue with replacement of the hostname with real ip of the source server in the logs The logs are se... by oustinov1 New Member in Splunk Search 07-19-2019 0 0	0	0
Text function replace and "\" Hello folks, I am experiencing problems to use replace to change a field value like "qwerty\foo" to "qwerty\foo". I... by osakachan Communicator in Splunk Search 07-19-2019 0 2	0	2
How do I group events that are less than 15 seconds apart? \| transaction uno, programId, devicetype maxpause=15s \| eval s_time=_time \| eval e_time=_time+duration \| eval watch_s... by brook8128 Engager in Splunk Search 07-18-2019 0 3	0	3
Find average for multiple hosts I'm trying to create a search that will show the average connections per host and then the current connections. The g... by aking76 Path Finder in Splunk Search 07-18-2019 0 4	0	4
Separating the string in the field I have various search string under the field name entity: Entity 1 ABC:BOOT2NDSUNQTR_MAINT4_sfsdfdsfsdf ... by mayank101 New Member in Splunk Search 07-18-2019 0 2	0	2
Optimizing Tweaks For Slow Queries I have a simple query \| stats count(abc) as xyz Now since it is taking too much time- i decided to tweak it a bit... by reverse Contributor in Splunk Search 07-18-2019 0 11	0	11
Question about JSON and licensing I was speaking to someone the other day and they told me that when you ingest JSON formatted files and set INDEXED_EX... by brent_weaver Builder in Splunk Search 07-18-2019 0 0	0	0
Rex for different pattern of same fields within same event Trying to formulate a Regex that would work with events something like the below one. When I tried extracting the fie... by sh254087 Communicator in Splunk Search 07-18-2019 0 3	0	3
why timechart is not working in this query? index=abc sourcetype=xyz earliest=-65h latest=-61h \|stats count as Fail by school \|where like (school, "%public%") \|... by amaurya1 Explorer in Splunk Search 07-18-2019 0 5	0	5
How to to many to single mapping in multi value fields i have a event like this stage_result: [{<!-- --> stage_name:deploy, edge:[ {<!-- --> type:Parallel }, {<!-- --> type:Parallel }] }, {<!-- --> stage... by sivaranjiniG Communicator in Splunk Search 07-18-2019 0 0	0	0
Mstats and timechart spl for metric by host I was looking to graph out all of our ‘free space’ on a single timechart but am struggling with the syntax. Each line... by nathanluke86 Communicator in Splunk Search 07-18-2019 0 0	0	0
How to span through log timestamps instead of _time I'm receiving data from a client where they give me two Key Value Pairs: Time(this is a log timestamp) and NumOfConne... by 3666142 Path Finder in Splunk Search 07-18-2019 0 8	0	8
Creating Charts based upon Source Type Dynamic We have a source= D:\folder1\subfolder1\logging\Company\logfile.20190718.log (Dynamic per day) I would like to be abl... by nebrenke New Member in Splunk Search 07-18-2019 0 0	0	0