Splunk Search

Community Activity

search peers sick Hi im having this issue : The times on the system clocks for the machines running this search head and the intended ... by jadengoho Builder in Splunk Search 07-19-2019 0 3	0	3
timechart with WHERE clause not behaving as expected I have a fairly straightforward query using timechart to count the top 10 users triggering an event. ( Sanitized ) ... by fclsplunk New Member in Splunk Search 07-19-2019 0 8	0	8
start a search certain number of hours/days/weeks from time picker set value Good day everyone, I am dealing with a challenge and really hope i can get an answer here. I am running a Join search... by mpasha Path Finder in Splunk Search 07-19-2019 0 7	0	7
Unable to extract common values by joining indexes? index=abc sourcetype=xyz \| eval is_passed=if(label=="PASS", 1, 0) \| eval is_failed=if(label=="FAIL", 1, 0) \| stats... by amaurya1 Explorer in Splunk Search 07-19-2019 0 3	0	3
About usage of {} in eval I recently saw the manual of eval, and I found the following description. To specify a field name with multiple word... by yutaka1005 Builder in Splunk Search 07-19-2019 2 4	2	4
Getting the wrong fields extracted from my props and transforms conf files So i'm trying to extract and ip address from a multi-value field and my transforms stanza is something along these li... by Sparky1 Explorer in Splunk Search 07-19-2019 0 5	0	5
how to find third largest salary from a salary field Please help me in Finding the 3rd or nth largest value from a field... SALARY 10000 30000 20000 80000 60000 93000 5... by Tamilraj28 Engager in Splunk Search 07-19-2019 0 3	0	3
Getting data from seperate searches where fields are not the same name I have two searches, one that gives me a table: index="netapp_snapmirror_reports" source="/var/tmp/netapp_snapmirror... by jfraley Path Finder in Splunk Search 07-19-2019 0 4	0	4
Can a field value of any column but used as a fieldname in eval? I have a field as field1, and field2 which is an indexed event: Field1 1.A 2.B and another table I have as match1 ... by msaranya Observer in Splunk Search 07-19-2019 0 5	0	5
Using a column of field names to dynamically select fields for use in eval expression Hi. Suppose my search generates the first 4 columns from the following table: field1 field2 field3 lookup resul... by dvanderlaan New Member in Splunk Search 07-19-2019 0 6	0	6
Search Question: Event Sampling Does anyone know of a good way to pull one event of a specific eventcode/type when searching for multiple eventcodes?... by adalbor Builder in Splunk Search 07-19-2019 0 3	0	3
extract no. hi all I have events in json format need to extract number from this sip:+1234566@12.23.34.45 example: i need +1234... by splunkuseradmin Path Finder in Splunk Search 07-19-2019 0 4	0	4
How to add counts and sum from different fields Hi, New to Splunk and still trying to get to grips with it. I am trying to present a single table with the following... by amal1234 Engager in Splunk Search 07-19-2019 0 2	0	2
How to Find Standard Deviation of a Daily Volume? I'm trying to find the standard deviation of the daily volume of traffic per host. index=index sourcetype=sourcetype ... by TylerJVitale Explorer in Splunk Search 07-19-2019 0 0	0	0
Increase max time for a script alert I am running a script from a alert which takes around 30 mins to complete . But instead my script is getting fired wi... by Mansi24 Path Finder in Splunk Search 07-19-2019 0 3	0	3
Duplicate Host Field from JSON Event Hey there, we are pumping millions of Zabbix events in to our splunk environment over a Heavy Forwarder. The events ... by max_weber Explorer in Splunk Search 07-19-2019 0 2	0	2
dynamic hostname replacement with real source server IP addsress in log source Hi, we facing an issue with replacement of the hostname with real ip of the source server in the logs The logs are se... by oustinov1 New Member in Splunk Search 07-19-2019 0 0	0	0
Text function replace and "\" Hello folks, I am experiencing problems to use replace to change a field value like "qwerty\foo" to "qwerty\foo". I... by osakachan Communicator in Splunk Search 07-19-2019 0 2	0	2
How do I group events that are less than 15 seconds apart? \| transaction uno, programId, devicetype maxpause=15s \| eval s_time=_time \| eval e_time=_time+duration \| eval watch_s... by brook8128 Engager in Splunk Search 07-18-2019 0 3	0	3
Find average for multiple hosts I'm trying to create a search that will show the average connections per host and then the current connections. The g... by aking76 Path Finder in Splunk Search 07-18-2019 0 4	0	4
Separating the string in the field I have various search string under the field name entity: Entity 1 ABC:BOOT2NDSUNQTR_MAINT4_sfsdfdsfsdf ... by mayank101 New Member in Splunk Search 07-18-2019 0 2	0	2
Optimizing Tweaks For Slow Queries I have a simple query \| stats count(abc) as xyz Now since it is taking too much time- i decided to tweak it a bit... by reverse Contributor in Splunk Search 07-18-2019 0 11	0	11
Question about JSON and licensing I was speaking to someone the other day and they told me that when you ingest JSON formatted files and set INDEXED_EX... by brent_weaver Builder in Splunk Search 07-18-2019 0 0	0	0
Rex for different pattern of same fields within same event Trying to formulate a Regex that would work with events something like the below one. When I tried extracting the fie... by sh254087 Communicator in Splunk Search 07-18-2019 0 3	0	3
why timechart is not working in this query? index=abc sourcetype=xyz earliest=-65h latest=-61h \|stats count as Fail by school \|where like (school, "%public%") \|... by amaurya1 Explorer in Splunk Search 07-18-2019 0 5	0	5