Splunk Search

Community Activity

How can I calculate data in sub groups? Hello all, I have a question regarding a calculation for the stock. My table has three coloums: ISIN, price and ti... by juliaester03 New Member in Splunk Search 06-17-2019 0 5	0	5
How to update/edit multiple fields in lookup without making duplicates rows? Hi ! I have this search: \| makeresults \| eval customField="$Soc3$" , soc3dField="$multi$" \| table customField soc3dF... by hketer Path Finder in Splunk Search 06-17-2019 0 2	0	2
How to extract response time I am trying to create a graph with the top 10 longest response times by host. An example is: 200 0 0 78 Where the... by bryceweb22 Path Finder in Splunk Search 06-17-2019 0 2	0	2
Sorting TP Column by State BY Top 5 Count Base search AND "Return”="Finished” OR “body.message.Exit”=“Finished” “body.client.channel” IN (“CA”,“KY “,”NY “,”VA)... by tej8 New Member in Splunk Search 06-17-2019 0 3	0	3
Transaction duration not working as expected \| transaction CheckNumber startswith="Tender" endswith="PrintIntercept\:\:PrintXML finished" \| top CheckNumber Time... by dowdag Engager in Splunk Search 06-17-2019 0 2	0	2
Why is the regex creating empty events from incoming data? I have a log text file that captures logs in this format: ---------------------------------------- Timestamp: 5/9/20... by derekho55 Explorer in Splunk Search 06-17-2019 0 2	0	2
How to create a lookup search for matching 2 fields? I have 2 devices: fw and waf. I want to make a lookup, my lookup file is mal_ip that has 4 fields : mal_ip category ... by badoomi New Member in Splunk Search 06-17-2019 0 7	0	7
Ironport: How to get all 'from' emails for specific user Hello, I am trying to run a search to get the "Email_From_Address" of a specific user within ironport. Can someone ... by cosmo360 New Member in Splunk Search 06-17-2019 0 2	0	2
Why are we only able to extract the first value of a comma separated list for a given field? Hi, (In Splunk) I am only able to extract the first value of a comma-separated list for a given field in which the f... by varunawasthi9 New Member in Splunk Search 06-17-2019 0 5	0	5
How to get eval values from two fields My current search is this: index="x \| timechart count(eval(statusCategory="B")) I want to add one more statusCate... by rashi83 Path Finder in Splunk Search 06-17-2019 0 8	0	8
_txn_orphan field missing from transaction command after upgrade Just upgraded SH from 7.0.2 to 7.2.5.1 (indexers still in progress) and some reports which rely on _txn_orphan broke.... by eugenek Path Finder in Splunk Search 06-17-2019 0 2	0	2
How to extract HTTP status codes in report? Hi, I know how to extract the HTTP Status from Splunk. But I need it in the below format which I am not able to do: ... by ruchijain New Member in Splunk Search 06-17-2019 0 3	0	3
How to swap X and Y axis? I have an area chart with Time_Taken on the x axis and count on the y axis and I want them to be switched, please hel... by bryceweb22 Path Finder in Splunk Search 06-17-2019 0 5	0	5
show top 5 values in column chart Hello im trying to show top 5 values in column chart this is my query: index="ssys_*_fdm" pauseReason: NOT "pauseRe... by sarit_s Communicator in Splunk Search 06-17-2019 0 21	0	21
Command to display percentage increase in stats count Hi, Is there a way of showing the percentage increase or decrease from the command: "stats count as daycount by date... by colinmchugo Explorer in Splunk Search 06-17-2019 0 4	0	4
Splunk.intersplunk: Receiving error "could not locate the time (_time) field..." How come I can't locate the time (_time) field on some results returned from the external search command? Hi, I use... by santosm New Member in Splunk Search 06-17-2019 0 1	0	1
How can gaps be detected in data? Hello, is there a way to detect gaps in data by some id? As well as check if the gap is greater than 4 hours, then s... by sarit_s Communicator in Splunk Search 06-17-2019 1 40	1	40
Why it doesn't work ? 2 searchs joined and two different counters I want to do this but it doesn't work, why ? How can I fix this ? index=xxxx eventtype="perfmon_windows" objec... by henriq_c Explorer in Splunk Search 06-17-2019 0 6	0	6
How to join searches based on condition? I have two searches : Duration for which a device uses the system index=device \| fields device_start_time,device_end... by AnujaJ Path Finder in Splunk Search 06-17-2019 0 2	0	2
In a text field, am I able to detect if a user entered an IP Address or a HostName? Hi, In a text field, I would like to be able to detect if a user entered an IP Address or a HostName. At the moment,... by baty0 Explorer in Splunk Search 06-17-2019 0 1	0	1
Need where clause query to be implemented on specific value Hi, If anyone can help. Below is my table which represents volume (count) Country wise. But I want to apply filter li... by sahil237888 Path Finder in Splunk Search 06-17-2019 0 5	0	5
Generate value of a field corresponding to duplicate value of other field I have 3 columns in my data. Minutes Store_ID 10 81165 20 80234 30 81165 40 80234 50 82345 I wish to g... by nikita012 New Member in Splunk Search 06-17-2019 0 1	0	1
help for displaying a message in case of any results I use the search below which works fine I just have an issue when there is no results In this case, I would like to d... by jip31 Motivator in Splunk Search 06-16-2019 0 5	0	5
After Zoom in splunk map not showing the piechart ! Before zoom in, I get the correct result. After zooming in I don't get the proper result. If we further zoom in... by ajitshukla61116 Path Finder in Splunk Search 06-16-2019 0 4	0	4
Why is Appending two search queries with different conditions giving me the same results? I have two survey types "a" and "b" and there are two details need to be displayed as 'a%' (For all kind of "Data") ... by monyathomas New Member in Splunk Search 06-16-2019 0 2	0	2