Splunk Search

Community Activity

How to combine a set of values as 'Other' in a pie chart? I'm trying to display a pie chart like so: chart count by transaction.inputSource \| lookup transaction_input_sources... by spamphile Engager in Splunk Search 06-05-2019 0 2	0	2
What is this error in dispatch process? 0400 ERROR DispatchProcess - String not found in literals.conf: DISPATCHCOMM:FAILED_TO_START_PROCESS I need help fi... by kkovanis New Member in Splunk Search 06-05-2019 0 2	0	2
How to print results excluding the last line in Splunk like "head -n -1" in LInux? Hi all, I want to print results excluding the last line. In Linux, I can use head -n -1 but in Splunk, the head comm... by perlish Communicator in Splunk Search 06-05-2019 1 7	1	7
how to do a line breaking after a string hello I need to do a line breaking after "%" and after " on a total of " \| eval Perc=round((NbTOUCHNGOCrashByHost/... by jip31 Motivator in Splunk Search 06-05-2019 0 15	0	15
Does anyone know how to monitor all running searches on a search head and their memory usage in real-time? I use one of the S.O.S. queries to get top 20 memory usage queries every 5 minutes, however, it might be easier for u... by benjaminlin1019 Explorer in Splunk Search 06-05-2019 2 4	2	4
How do I plot crash rate over _time by app_name? Hi, I am trying to plot the Crash rate over _time on a graph and that has to be distributed by app_name. On a high l... by Shashank_87 Explorer in Splunk Search 06-05-2019 0 2	0	2
How to get a percentage out of 2 queries? I've got 2 search queries that are working for me (Thanks to @harshpatel) Query #1 returns the average # of successe... by kvanwagoner New Member in Splunk Search 06-05-2019 0 5	0	5
regex operator in Splunk is not working to match results I am writing a code to simply match a regex in my search to match index field which matches app1_, app2_, etc Howeve... by vatsalyay New Member in Splunk Search 06-05-2019 0 2	0	2
Where do I find the Query that created 'Identitiies_expanded' in SA_IdentityManagement app? We have a identities_expanded.csv file in our SA_IdentityManagement app under lookups. It contains our AD data but I ... by pfabrizi Path Finder in Splunk Search 06-05-2019 0 1	0	1
HELP ON EVAL FOR CALCULATING A NUMBER OF DAYS hello I use the search below in order to calculate a last logon date and a last reboot date by host now I need to add... by jip31 Motivator in Splunk Search 06-05-2019 0 7	0	7
Using the GUI, how can I search for events related to a specific host? I'm in the process of creating a troubleshooting guide for our networking team. I would like to be able to look up ev... by progress101 New Member in Splunk Search 06-04-2019 0 2	0	2
Can you help me do an eval for a percentage of two values in an Xyseries? I have my derived tables \| stats count by breached region \| xyseries region breached count REGION NO YES U... by TCK101 New Member in Splunk Search 06-04-2019 0 3	0	3
Dropdown input panel: Search is not changing as per dropdown selection So I created a dropdown input panel for weekwise but my search is not changing as per dropdown selection - ... we... by rashi83 Path Finder in Splunk Search 06-04-2019 1 5	1	5
Charting percentage of a total over time? I'm working with some HTTP access logs that have a status code in them. Most are successful messages, naturally. I wo... by Jason Motivator in Splunk Search 06-04-2019 5 5	5	5
playing with data II q1- how can i get c4 where c4 will always be difference of values in c3 against first of c2 - next of c2 for example ... by reverse Contributor in Splunk Search 06-04-2019 0 2	0	2
How to create difference of two values Q1: How can I get c4 where c4 will always be the difference of values in c3 against max of c2 - min of c2 For exampl... by reverse Contributor in Splunk Search 06-04-2019 0 15	0	15
Calculating percentages based on counts I'm trying to get percentages based on the number of logs per table. I want the results to look like this: Table ... by hduncan7 Engager in Splunk Search 06-04-2019 0 3	0	3
Using dedup to keep the oldest events Hi all, I know that the "dedup" command returns the most recent values in time. However, I'm currently in a situatio... by acdevlin Communicator in Splunk Search 06-04-2019 0 7	0	7
subsearch inserts AND My ultimate goal is to grab the srcIP and time from an event in one index, then search another index for the same src... by mikefoti Communicator in Splunk Search 06-04-2019 0 2	0	2
How to create time dependent thresholds from lookup? Hello, I have a question on using lookups in a search. I want to achieve that I have a scheduled search to compare t... by willemjongeneel Communicator in Splunk Search 06-04-2019 0 5	0	5
How to get an average from this search? I'm using the following search which I have working in a dashboard. "A PUT was made to OpenAAA API - Status: OK" \| ... by kvanwagoner New Member in Splunk Search 06-04-2019 0 19	0	19
help with multiple search in one SPL needed Hello, I have the following search: index=_internal sourcetype=scheduler savedsearch_name="Anomaly Detection - new-... by damucka Builder in Splunk Search 06-04-2019 0 8	0	8
Comparing Field Value with last Month Value and show if different Hi , I need help with following Log : 5th May device="devicename" policy="XYZ" BW_Limit="any number" Total_BW="any ... by atulitm Path Finder in Splunk Search 06-04-2019 0 5	0	5
How to search IP with wildcard? I want to exclude both primary and secondary IP addresses from a search. For example: src_ip!=192.50.244.10 AND src... by mveca New Member in Splunk Search 06-04-2019 0 4	0	4
Using token in query where token is evaluated in the query itself I have the following query to be performed, where "STRING" is replaced across different queries. Is there a way to re... by denzelchung Path Finder in Splunk Search 06-04-2019 0 4	0	4