Splunk Search

Community Activity

Show IP addresses not matching CIDR ranges in lookup table I have a list of CIDR ranges in a single column with name Prefix in a csv file. I only want to show events with sourc... by splunklearner12 Path Finder in Splunk Search 06-06-2019 0 1	0	1
Prediction algorithm in splunk Hi , I am trying to predict cpu load for 10 days ahead for that I am using LLP algorithm in my query, so in visualiz... by singh3and12 Path Finder in Splunk Search 06-06-2019 0 2	0	2
how to change time in summary index i want _time not which is having in data i have used eval _time (now ) but it is not working its same showing event date not _ time Now 6/1/19 12:31:03.763 AM 2019-06-01 00:31:03.763, wanted 6/1/19 12:31:03.763 AM 2019-06-01 00:31:03.763 by abhishekdubey00 Engager in Splunk Search 06-06-2019 0 1	0	1
help to display a subsearch result after a tostring function HI I use the search below which works fine [\| inputlookup host.csv \| table host] index="x" sourcetype="winhost... by jip31 Motivator in Splunk Search 06-06-2019 0 7	0	7
How to Span=2w but starting every firts monday of the month and so on? I have a metric that want to trend on a timechart but I need to span every 2 weeks, starting the 1 monday of each mon... by pstamati Path Finder in Splunk Search 06-05-2019 0 11	0	11
How to combine a set of values as 'Other' in a pie chart? I'm trying to display a pie chart like so: chart count by transaction.inputSource \| lookup transaction_input_sources... by spamphile Engager in Splunk Search 06-05-2019 0 2	0	2
What is this error in dispatch process? 0400 ERROR DispatchProcess - String not found in literals.conf: DISPATCHCOMM:FAILED_TO_START_PROCESS I need help fi... by kkovanis New Member in Splunk Search 06-05-2019 0 2	0	2
How to print results excluding the last line in Splunk like "head -n -1" in LInux? Hi all, I want to print results excluding the last line. In Linux, I can use head -n -1 but in Splunk, the head comm... by perlish Communicator in Splunk Search 06-05-2019 1 7	1	7
how to do a line breaking after a string hello I need to do a line breaking after "%" and after " on a total of " \| eval Perc=round((NbTOUCHNGOCrashByHost/... by jip31 Motivator in Splunk Search 06-05-2019 0 15	0	15
Does anyone know how to monitor all running searches on a search head and their memory usage in real-time? I use one of the S.O.S. queries to get top 20 memory usage queries every 5 minutes, however, it might be easier for u... by benjaminlin1019 Explorer in Splunk Search 06-05-2019 2 4	2	4
How do I plot crash rate over _time by app_name? Hi, I am trying to plot the Crash rate over _time on a graph and that has to be distributed by app_name. On a high l... by Shashank_87 Explorer in Splunk Search 06-05-2019 0 2	0	2
How to get a percentage out of 2 queries? I've got 2 search queries that are working for me (Thanks to @harshpatel) Query #1 returns the average # of successe... by kvanwagoner New Member in Splunk Search 06-05-2019 0 5	0	5
regex operator in Splunk is not working to match results I am writing a code to simply match a regex in my search to match index field which matches app1_, app2_, etc Howeve... by vatsalyay New Member in Splunk Search 06-05-2019 0 2	0	2
Where do I find the Query that created 'Identitiies_expanded' in SA_IdentityManagement app? We have a identities_expanded.csv file in our SA_IdentityManagement app under lookups. It contains our AD data but I ... by pfabrizi Path Finder in Splunk Search 06-05-2019 0 1	0	1
HELP ON EVAL FOR CALCULATING A NUMBER OF DAYS hello I use the search below in order to calculate a last logon date and a last reboot date by host now I need to add... by jip31 Motivator in Splunk Search 06-05-2019 0 7	0	7
Using the GUI, how can I search for events related to a specific host? I'm in the process of creating a troubleshooting guide for our networking team. I would like to be able to look up ev... by progress101 New Member in Splunk Search 06-04-2019 0 2	0	2
Can you help me do an eval for a percentage of two values in an Xyseries? I have my derived tables \| stats count by breached region \| xyseries region breached count REGION NO YES U... by TCK101 New Member in Splunk Search 06-04-2019 0 3	0	3
Dropdown input panel: Search is not changing as per dropdown selection So I created a dropdown input panel for weekwise but my search is not changing as per dropdown selection - ... we... by rashi83 Path Finder in Splunk Search 06-04-2019 1 5	1	5
Charting percentage of a total over time? I'm working with some HTTP access logs that have a status code in them. Most are successful messages, naturally. I wo... by Jason Motivator in Splunk Search 06-04-2019 5 5	5	5
playing with data II q1- how can i get c4 where c4 will always be difference of values in c3 against first of c2 - next of c2 for example ... by reverse Contributor in Splunk Search 06-04-2019 0 2	0	2
How to create difference of two values Q1: How can I get c4 where c4 will always be the difference of values in c3 against max of c2 - min of c2 For exampl... by reverse Contributor in Splunk Search 06-04-2019 0 15	0	15
Calculating percentages based on counts I'm trying to get percentages based on the number of logs per table. I want the results to look like this: Table ... by hduncan7 Engager in Splunk Search 06-04-2019 0 3	0	3
Using dedup to keep the oldest events Hi all, I know that the "dedup" command returns the most recent values in time. However, I'm currently in a situatio... by acdevlin Communicator in Splunk Search 06-04-2019 0 7	0	7
subsearch inserts AND My ultimate goal is to grab the srcIP and time from an event in one index, then search another index for the same src... by mikefoti Communicator in Splunk Search 06-04-2019 0 2	0	2
How to create time dependent thresholds from lookup? Hello, I have a question on using lookups in a search. I want to achieve that I have a scheduled search to compare t... by willemjongeneel Communicator in Splunk Search 06-04-2019 0 5	0	5