Splunk Search

Community Activity

How to calculate Percentage of particular events out of total events. I want to find the percent of events with the key word error out of all the events recorded during a time window I ha... by mrigank517 New Member in Splunk Search 05-17-2019 0 11	0	11
Execution of multiple macros in a search take too much time Hi, I have an alert which executes a very simple search. The search consists of a macro invoked 40 times, each time w... by emipintus Explorer in Splunk Search 05-17-2019 0 3	0	3
How to create a different chart for each multiselect input Hi, is there a way to create a different chart for each selected input of the multiselect field? When I select multi... by ploehnnico New Member in Splunk Search 05-17-2019 0 4	0	4
rex - extract 2 single values from set of numbers hello guyz, new to splunk was to figure out solution for this. I have logs like below need to do " rex" and extract ... by splunkuseradmin Path Finder in Splunk Search 05-17-2019 0 3	0	3
props/transforms REPORT- extracting Hello, I am having issues doing search time extraction via REPORT- command in props and transforms. Here is my code.... by zislin Explorer in Splunk Search 05-17-2019 2 3	2	3
How to display weekly data starting on a Monday using timecharts? I'm plotting some data on a timechart, with a span of a couple of months, and using weeks as the data points. How can... by samwatson45 Path Finder in Splunk Search 05-16-2019 0 7	0	7
Week details to be dispalyed in a filter ex: week1(1st-7th apr) , week2 (8th -14th Apr) Hi All, I have a reported date time field which i am converting and displaying as a month filter - which contains va... by rijinc Explorer in Splunk Search 05-16-2019 0 1	0	1
Group By Replace Hello, I have several things that come in via different platforms: Android (watch, phone, tablet), iOS (Watch, Phone... by jasonhask Explorer in Splunk Search 05-16-2019 0 3	0	3
splunk group by event , date_hour These are 2 diff events on my logs . taskCode=123 taskCode=456 i am trying to get an hourly count per event types ,... by officialsubho New Member in Splunk Search 05-16-2019 0 1	0	1
Datamodel missing field extractions, but base search returns those fields accurately. I have a datamodel lets say with a base constraint that returns the following two events 01-01-2019 01:00:00 type=V... by cdhippen Path Finder in Splunk Search 05-16-2019 0 3	0	3
Converting bytes to GB or MB Hey all, I was getting confused by some of the splunk answers for converting and couldn't figure out the eval portion... by pmac22 Path Finder in Splunk Search 05-16-2019 0 6	0	6
add fields after a stats count In my search i use a couple of stats counts, the problem is that after these commands I miss other that I want to use... by Mike6960 Path Finder in Splunk Search 05-16-2019 0 16	0	16
How to find event status changed Hello everyone! We have a log file contains the following information, status 0 means server is up, 1 means down: Da... by atpsplunk11 Explorer in Splunk Search 05-16-2019 0 2	0	2
How to display several time ranged search results in one dashboard panel? Hi guys, Is it possible to create several searches on data, differing in time range, and then display them in one das... by eriketro Engager in Splunk Search 05-16-2019 0 0	0	0
How to Regex the second occurrence of Account Name in AD logs I need to filter AD logs with Event Code 4725 "A user account was disabled". I need to regex and filter the second oc... by Log_wrangler Builder in Splunk Search 05-16-2019 0 3	0	3
Help identifying fast growing indexes Hi fellow Splunkers. I am the Splunk admin at my org, however that is mainly more from the Infrastructure side of th... by jwpoore New Member in Splunk Search 05-16-2019 0 3	0	3
Lookup File data retention Question Hi Team, I have requirement to show last 90 days worth of app login stats broken by day. I have a lookup table/defn... by newbie2tech Communicator in Splunk Search 05-16-2019 0 2	0	2
Stitching all Search (stats) Fields into new_raw Field (need foreach assistance) Hi all, i tried get rid of my workaround solution with adding \| collect index=test testmode=true to my searches.... by ssteinmann Explorer in Splunk Search 05-16-2019 0 0	0	0
Extract Area Code From Phone Numbers Hi, I wonder whether someone may be able to help me please. I have a list of telephone numbers of varying length, b... by IRHM73 Motivator in Splunk Search 05-16-2019 0 5	0	5
Adding Can delete Role to User LDAP Hi , i have admin privileges in splunk when i am trying to delete some data it says insufficient privileges and we ar... by ram254481493 Explorer in Splunk Search 05-16-2019 0 1	0	1
Rename field by using one of multiple wildcards I have a query that counts by source and leaves me with fields that are named like /logs/containers/3198058471-5mdkn_... by maartendhondt Explorer in Splunk Search 05-16-2019 0 1	0	1
Is it possible using rex to create field names that contain a period (.)? Hello! I'm parsing strings using rex and I'd like to define a set of field names that contain the period (.) charact... by andrewtrobec Motivator in Splunk Search 05-16-2019 0 1	0	1
how to remove spaces in xml data after field extraction I am trying to make a field extraction from xml data and but I am having a problem with special ascii characters bein... by michaelrosello Path Finder in Splunk Search 05-16-2019 0 3	0	3
Running a prediction and anomaly detection in parallel I want to build a query that can do the following. a. Monitor about 10-15 metrics from the different kinds of system... by zkn9ce6 New Member in Splunk Search 05-16-2019 0 0	0	0
Decouple a process in windows So, I want to detach a process in windows using python code. What I want to do is, I am spawning a process from Splun... by pratik97 Engager in Splunk Search 05-15-2019 1 0	1	0