Splunk Search

Community Activity

The stats command collect data together if the value is the same Hello im running this query: ((index=ssys_internal_fdm OR index=other_fdm) AND sourcetype!=machine) source=* \| s... by sarit_s Communicator in Splunk Search 06-18-2019 0 2	0	2
What would be the best approach to write a regex for dynamic sourcetypes? We recently instrumented our OpenShift environment to index data into Splunk. I'm looking for the best approach for ... by fisuser1 Contributor in Splunk Search 06-17-2019 0 3	0	3
Root Can't Create /var/log files This is the first time this has come up: When running the following command as root: (10:07:49) root@servername:/op... by heats Explorer in Splunk Search 06-17-2019 0 4	0	4
Looking for better alternative to checking a windows service status and trigger on state change Using the windows Infrastructure TA I have the following snippet in my inputs.conf: [WinHostMon://service] type = se... by Esky73 Builder in Splunk Search 06-17-2019 1 16	1	16
How can I calculate data in sub groups? Hello all, I have a question regarding a calculation for the stock. My table has three coloums: ISIN, price and ti... by juliaester03 New Member in Splunk Search 06-17-2019 0 5	0	5
How to update/edit multiple fields in lookup without making duplicates rows? Hi ! I have this search: \| makeresults \| eval customField="$Soc3$" , soc3dField="$multi$" \| table customField soc3dF... by hketer Path Finder in Splunk Search 06-17-2019 0 2	0	2
How to extract response time I am trying to create a graph with the top 10 longest response times by host. An example is: 200 0 0 78 Where the... by bryceweb22 Path Finder in Splunk Search 06-17-2019 0 2	0	2
Sorting TP Column by State BY Top 5 Count Base search AND "Return”="Finished” OR “body.message.Exit”=“Finished” “body.client.channel” IN (“CA”,“KY “,”NY “,”VA)... by tej8 New Member in Splunk Search 06-17-2019 0 3	0	3
Transaction duration not working as expected \| transaction CheckNumber startswith="Tender" endswith="PrintIntercept\:\:PrintXML finished" \| top CheckNumber Time... by dowdag Engager in Splunk Search 06-17-2019 0 2	0	2
Why is the regex creating empty events from incoming data? I have a log text file that captures logs in this format: ---------------------------------------- Timestamp: 5/9/20... by derekho55 Explorer in Splunk Search 06-17-2019 0 2	0	2
How to create a lookup search for matching 2 fields? I have 2 devices: fw and waf. I want to make a lookup, my lookup file is mal_ip that has 4 fields : mal_ip category ... by badoomi New Member in Splunk Search 06-17-2019 0 7	0	7
Ironport: How to get all 'from' emails for specific user Hello, I am trying to run a search to get the "Email_From_Address" of a specific user within ironport. Can someone ... by cosmo360 New Member in Splunk Search 06-17-2019 0 2	0	2
Why are we only able to extract the first value of a comma separated list for a given field? Hi, (In Splunk) I am only able to extract the first value of a comma-separated list for a given field in which the f... by varunawasthi9 New Member in Splunk Search 06-17-2019 0 5	0	5
How to get eval values from two fields My current search is this: index="x \| timechart count(eval(statusCategory="B")) I want to add one more statusCate... by rashi83 Path Finder in Splunk Search 06-17-2019 0 8	0	8
_txn_orphan field missing from transaction command after upgrade Just upgraded SH from 7.0.2 to 7.2.5.1 (indexers still in progress) and some reports which rely on _txn_orphan broke.... by eugenek Path Finder in Splunk Search 06-17-2019 0 2	0	2
How to extract HTTP status codes in report? Hi, I know how to extract the HTTP Status from Splunk. But I need it in the below format which I am not able to do: ... by ruchijain New Member in Splunk Search 06-17-2019 0 3	0	3
How to swap X and Y axis? I have an area chart with Time_Taken on the x axis and count on the y axis and I want them to be switched, please hel... by bryceweb22 Path Finder in Splunk Search 06-17-2019 0 5	0	5
show top 5 values in column chart Hello im trying to show top 5 values in column chart this is my query: index="ssys_*_fdm" pauseReason: NOT "pauseRe... by sarit_s Communicator in Splunk Search 06-17-2019 0 21	0	21
Command to display percentage increase in stats count Hi, Is there a way of showing the percentage increase or decrease from the command: "stats count as daycount by date... by colinmchugo Explorer in Splunk Search 06-17-2019 0 4	0	4
Splunk.intersplunk: Receiving error "could not locate the time (_time) field..." How come I can't locate the time (_time) field on some results returned from the external search command? Hi, I use... by santosm New Member in Splunk Search 06-17-2019 0 1	0	1
How can gaps be detected in data? Hello, is there a way to detect gaps in data by some id? As well as check if the gap is greater than 4 hours, then s... by sarit_s Communicator in Splunk Search 06-17-2019 1 40	1	40
Why it doesn't work ? 2 searchs joined and two different counters I want to do this but it doesn't work, why ? How can I fix this ? index=xxxx eventtype="perfmon_windows" objec... by henriq_c Explorer in Splunk Search 06-17-2019 0 6	0	6
How to join searches based on condition? I have two searches : Duration for which a device uses the system index=device \| fields device_start_time,device_end... by AnujaJ Path Finder in Splunk Search 06-17-2019 0 2	0	2
In a text field, am I able to detect if a user entered an IP Address or a HostName? Hi, In a text field, I would like to be able to detect if a user entered an IP Address or a HostName. At the moment,... by baty0 Explorer in Splunk Search 06-17-2019 0 1	0	1
Need where clause query to be implemented on specific value Hi, If anyone can help. Below is my table which represents volume (count) Country wise. But I want to apply filter li... by sahil237888 Path Finder in Splunk Search 06-17-2019 0 5	0	5