Splunk Search

Community Activity

Error in 'eval' command: The expression is malformed. Expected ). # have a summary index which stores load averages index=summary10min \| table 10_min_load_avg 1 0.140000 2 0.7200... by bandit Motivator in Splunk Search 07-09-2019 2 4	2	4
Create Search for a Host who dont send Data for x minutes in the last 10 Days Hello, i wanted to write a search which will return all hosts which have not sent any events for 10 minutes in the l... by mklhs Path Finder in Splunk Search 07-09-2019 0 4	0	4
Splunk sending invalid Email Alerts I am running a query to alert me if the sum of a particular property < 400000. I get alert most times saying the cou... by rmuraly Explorer in Splunk Search 07-09-2019 0 1	0	1
Calculate percentage b/n 2 counted numbers Hello everyone, I'm trying to calculate the % of overdue items and print the result for every month. It looks like ... by swimena Explorer in Splunk Search 07-09-2019 0 8	0	8
unable to see data in visualization tab I am trying to create a time series chart but not getting any data in visualization tab. index="test_data" sourcetyp... by twh1 Communicator in Splunk Search 07-08-2019 0 10	0	10
Metric : mcollect command error Hello, I've been using this command on other metric indexes and i can't get this one to work. index=iiot_index Ta... by brdr Contributor in Splunk Search 07-08-2019 0 1	0	1
Extract Field Name and Value from Data Source using Delimiter based KV extraction I'm looking to dynamically extract both the field name and the associated value from a data source. Essentially, the... by jspigler2010 Explorer in Splunk Search 07-08-2019 0 2	0	2
Get column count as new column I have three columns from a search query. I would like to count the items in one column and display it next to the ot... by keronedave Explorer in Splunk Search 07-08-2019 0 7	0	7
Find lastest access data for a list of users I have a lookup list of users and I want to get that date off their last event (or empty if no event) but I keep gett... by alucarddjin Path Finder in Splunk Search 07-08-2019 0 3	0	3
help on a max or a latest function which doent works hello The max function in this search doesnt works. Idem with latest! Its not the latest or max event taked into acc... by jip31 Motivator in Splunk Search 07-08-2019 0 9	0	9
How to make an option that can check all of the box in my menu Hi, I have a menu with some option how I can chose with the box menu option, my question is quite simple because I ha... by almanacht Explorer in Splunk Search 07-08-2019 0 0	0	0
Disappearing Y-axis Values Hello, I’m having issues with a report not displaying correctly. If I save a bar chart as a normal report, the Y-axi... by genesiusj Builder in Splunk Search 07-08-2019 0 3	0	3
Cannot search for field but field is shown in field list I have a totally weird case... I have field extractions defined in props.conf either individually or all in one extra... by afx Contributor in Splunk Search 07-08-2019 0 43	0	43
help on eval command for calculating the difference between now() and a date field hi I use the search below "LAST_SEEN" is a field with a date format like "2019-06-07 09:12:40.0" I need to add an ev... by jip31 Motivator in Splunk Search 07-08-2019 0 9	0	9
Can we setup regex to test on first 300 characters of event? Hello, I need to check the regex condition only on first 300 characters, if the regex condition available after tha... by vishaltaneja070 Motivator in Splunk Search 07-08-2019 0 15	0	15
KMZ file Overlay in Maps is hard to find the places as the KMZ file below the google maps Hi Splunkers, i installed Splunk Maps+ apps 3.0.2 version, after installing i uploaded the KMZ file in it. After u... by SathyaNarayanan Path Finder in Splunk Search 07-08-2019 0 0	0	0
How to use tokens in custom search commands I want to use dashboard text input in custom search command. Please tell me some tips such as how to use and sentence... by ketaka Explorer in Splunk Search 07-07-2019 0 2	0	2
How to improve the speed of Splunk search I want to get hundreds of millions of data from billions of data, but it takes more than an hour each time.I just use... by qazwsxe New Member in Splunk Search 07-07-2019 0 56	0	56
how to remove other values how to remove other values from this search syntax index=main sourcetype=access_combined_wcookie productId \| chart c... by mkhedr Explorer in Splunk Search 07-07-2019 0 1	0	1
splunk app for NLP : trying to get average sentiment by index Hi, I am trying to get a visualization to show the average sentiment of a search term by the index. index=* foo \| ta... by denymw Explorer in Splunk Search 07-07-2019 0 2	0	2
Scheduled report delivered without any results in CSV file Hi There, I have scheduled a report to run and generate the CSV file and sent it over email, it had been working till... by sanjeev543 Communicator in Splunk Search 07-07-2019 0 2	0	2
How to filter two different actions events based on a common field in both if an action 1 triggers one event of common field=A and action 2 triggers ten events of common field= A, B or C. How... by massumtaqi New Member in Splunk Search 07-06-2019 0 5	0	5
[inputlookup] Does inputlookup return logs that have multiple values for the same field? Suppose I performed the following subsearch index=whatever "name=" [\|inputlookup lookup_file.csv \| return 100 $look... by aakines Engager in Splunk Search 07-05-2019 0 3	0	3
Help with search for sum of same field twice over different time periods and set up alert I want to set up an alert to trigger if three conditions are met: Volume of a particular app is above 100 over the l... by TylerJVitale Explorer in Splunk Search 07-05-2019 0 3	0	3
How to create chart view when you have all columns in same events ? ok, let me try my best to explain my question here. I have Json format logs and now I need them to compare based on... by NirajAlly New Member in Splunk Search 07-05-2019 0 4	0	4