Splunk Search

Community Activity

Missing original value after using distinct query Hi, I am having the following issue that need your help. The scenario is: I am working on the report of firewall data... by michaelhoang New Member in Splunk Search 07-21-2019 0 1	0	1
Unique requests Need creating a search query for Splunk that results in a list of unique requests that have been completed. by d00m4ig Engager in Splunk Search 07-21-2019 0 3	0	3
How to get count of multiple strings with common index and source type? I'm trying to create a dashboard which will display pie-charts from different results. For this, I've multiple string... by habisht Explorer in Splunk Search 07-21-2019 0 2	0	2
Does the Trellis visualisation work with real time searches? I am attempting to make a trellis visualization off the sample data : * clientip=* \| iplocation clientip \| lookup ... by ewan000 Path Finder in Splunk Search 07-20-2019 0 3	0	3
Get average connections for the past few days, compare to current connections I have the following search, I'm trying to get it to show the src, dst, current amount of connections, and then an av... by aking76 Path Finder in Splunk Search 07-20-2019 0 2	0	2
Splunk not able to recognize the JSON file source type and index it I am trying to monitor a folder containing JSON files in it. But, I observed that files are not getting indexed. Whe... by vikrantkumar199 New Member in Splunk Search 07-19-2019 0 1	0	1
search peers sick Hi im having this issue : The times on the system clocks for the machines running this search head and the intended ... by jadengoho Builder in Splunk Search 07-19-2019 0 3	0	3
timechart with WHERE clause not behaving as expected I have a fairly straightforward query using timechart to count the top 10 users triggering an event. ( Sanitized ) ... by fclsplunk New Member in Splunk Search 07-19-2019 0 8	0	8
start a search certain number of hours/days/weeks from time picker set value Good day everyone, I am dealing with a challenge and really hope i can get an answer here. I am running a Join search... by mpasha Path Finder in Splunk Search 07-19-2019 0 7	0	7
Unable to extract common values by joining indexes? index=abc sourcetype=xyz \| eval is_passed=if(label=="PASS", 1, 0) \| eval is_failed=if(label=="FAIL", 1, 0) \| stats... by amaurya1 Explorer in Splunk Search 07-19-2019 0 3	0	3
About usage of {} in eval I recently saw the manual of eval, and I found the following description. To specify a field name with multiple word... by yutaka1005 Builder in Splunk Search 07-19-2019 2 4	2	4
Getting the wrong fields extracted from my props and transforms conf files So i'm trying to extract and ip address from a multi-value field and my transforms stanza is something along these li... by Sparky1 Explorer in Splunk Search 07-19-2019 0 5	0	5
how to find third largest salary from a salary field Please help me in Finding the 3rd or nth largest value from a field... SALARY 10000 30000 20000 80000 60000 93000 5... by Tamilraj28 Engager in Splunk Search 07-19-2019 0 3	0	3
Getting data from seperate searches where fields are not the same name I have two searches, one that gives me a table: index="netapp_snapmirror_reports" source="/var/tmp/netapp_snapmirror... by jfraley Path Finder in Splunk Search 07-19-2019 0 4	0	4
Can a field value of any column but used as a fieldname in eval? I have a field as field1, and field2 which is an indexed event: Field1 1.A 2.B and another table I have as match1 ... by msaranya Observer in Splunk Search 07-19-2019 0 5	0	5
Using a column of field names to dynamically select fields for use in eval expression Hi. Suppose my search generates the first 4 columns from the following table: field1 field2 field3 lookup resul... by dvanderlaan New Member in Splunk Search 07-19-2019 0 6	0	6
Search Question: Event Sampling Does anyone know of a good way to pull one event of a specific eventcode/type when searching for multiple eventcodes?... by adalbor Builder in Splunk Search 07-19-2019 0 3	0	3
extract no. hi all I have events in json format need to extract number from this sip:+1234566@12.23.34.45 example: i need +1234... by splunkuseradmin Path Finder in Splunk Search 07-19-2019 0 4	0	4
How to add counts and sum from different fields Hi, New to Splunk and still trying to get to grips with it. I am trying to present a single table with the following... by amal1234 Engager in Splunk Search 07-19-2019 0 2	0	2
How to Find Standard Deviation of a Daily Volume? I'm trying to find the standard deviation of the daily volume of traffic per host. index=index sourcetype=sourcetype ... by TylerJVitale Explorer in Splunk Search 07-19-2019 0 0	0	0
Increase max time for a script alert I am running a script from a alert which takes around 30 mins to complete . But instead my script is getting fired wi... by Mansi24 Path Finder in Splunk Search 07-19-2019 0 3	0	3
Duplicate Host Field from JSON Event Hey there, we are pumping millions of Zabbix events in to our splunk environment over a Heavy Forwarder. The events ... by max_weber Explorer in Splunk Search 07-19-2019 0 2	0	2
dynamic hostname replacement with real source server IP addsress in log source Hi, we facing an issue with replacement of the hostname with real ip of the source server in the logs The logs are se... by oustinov1 New Member in Splunk Search 07-19-2019 0 0	0	0
Text function replace and "\" Hello folks, I am experiencing problems to use replace to change a field value like "qwerty\foo" to "qwerty\foo". I... by osakachan Communicator in Splunk Search 07-19-2019 0 2	0	2
How do I group events that are less than 15 seconds apart? \| transaction uno, programId, devicetype maxpause=15s \| eval s_time=_time \| eval e_time=_time+duration \| eval watch_s... by brook8128 Engager in Splunk Search 07-18-2019 0 3	0	3