Splunk Search

Community Activity

How to see changes in field values when comparing today vs. yesterday? Hello, I have a scheduled search that populates a CSV with data each day, including the current date. Here is an ex... by russell120 Communicator in Splunk Search 05-11-2019 0 4	0	4
How to Sum Latest and Previous Field1 from multiple Field2. Hi All, I have a problem to form the logic for sorting Latest and Previous Data to compare. Looking Field1=Status , ... by keanhong New Member in Splunk Search 05-11-2019 0 7	0	7
Need to Calculate Response Time matching Index ID between 2 lines in the search If look the below screen shot due to multiple calls in same time some time response takes a while and we need to matc... by lsanthoshbe New Member in Splunk Search 05-11-2019 0 4	0	4
Exclude any transaction that doesn't include a specific value I need to filter searches that has a value of "F*" included per transaction number. The transaction number with my se... by marxsabandana Path Finder in Splunk Search 05-11-2019 0 1	0	1
rex expression does not work in curl I have a simple search on a text pad, like this index=text\|rex field=_raw "ApplicationRegistry-(?<text>.*)" max_match... by Sukisen1981 Champion in Splunk Search 05-11-2019 0 22	0	22
How to get field count rather than stats count? Here's my query: index="smt_fortigate" host="10.8.12.1" srcintf=mysummitwifi \| stats count by devtype What I want t... by summitsplunk Communicator in Splunk Search 05-10-2019 0 5	0	5
Predict: show past events and future predictions I'm using predict, and seeing good results, but I would like to clean up my visualization. What I would like is to s... by nplamondon Communicator in Splunk Search 05-10-2019 0 20	0	20
How to use coalesce without hitting search limit My data is from the same source but I would like to count the number of times a host appears on the event based on tw... by alc2019 New Member in Splunk Search 05-10-2019 0 6	0	6
How do you convert the date field and time field on a lookup table to _time? Hi, How do I convert two fields (date and time) from a lookup table to _time? I would like to use it to create time... by alc2019 New Member in Splunk Search 05-10-2019 0 5	0	5
Use transaction command to process data and get 3 different results? Is this even possible?? Here is what I have: ...a log table with a unique FName-LName & Job-Title. I pulled 100 rows on both yesterday and ... by timothytruax Explorer in Splunk Search 05-10-2019 0 6	0	6
splunk HTTP event collector Splunk HTTP event collector not sending data to an index. I have HTTP event collector configured in HF . And it sends... by Prakash493 Communicator in Splunk Search 05-10-2019 0 2	0	2
help for displaying 2 results in a single panel hello I use the search below in order to display the result (count) in a single value panel In the same single value,... by jip31 Motivator in Splunk Search 05-10-2019 0 1	0	1
HELP ON DIFFERENT EVAL ARGUMENTS WHICH GIVE THE SAME RESULT hi I use the search below in order to count the number of machines which are online it works BUT When I count the ma... by jip31 Motivator in Splunk Search 05-10-2019 0 1	0	1
need help with joining two queries Hi ninjas, i have two queries with ] the output as follows query1 output fields: SOR filename expected_... by pench2k19 Explorer in Splunk Search 05-10-2019 0 7	0	7
I have one field time received this is showing date and time i want to change with that time to _time in props .conf how it would work because i want change to _time or any other way please suggest FIELD -TimeReceived: 2019-05-09T05:29:03.000Z this is my prpos .conf xyz SHOULD_LINEMERGE=false NO_BINARY_CHE... by abhishekdubey00 Engager in Splunk Search 05-10-2019 0 1	0	1
List process count and 0 when didn't found I'm tring to do a search for some process for a server but I would like for those that are not running the result com... by leonardomassard Explorer in Splunk Search 05-10-2019 0 1	0	1
Sort by time in a chart with time header names Hi, I have a search table that aims to show the inflow of tickets for a time range. Here is what it looks like... ... by dojiepreji Path Finder in Splunk Search 05-10-2019 0 2	0	2
Add a new field to event and collect it after An index receives events which are reviewed by an internal team. Some events needs a new status - I consider that by ... by dreadangel Path Finder in Splunk Search 05-10-2019 1 7	1	7
Splunkd process getting killed in indexer frequently with oom error We are running cluster envioronment and splunkd is getting killed so frequently in all the indexers with oom error.ca... by shivanandbm Explorer in Splunk Search 05-09-2019 0 1	0	1
how to make loop in splunk query My final purpose is factor1 grouping. I want somebody see before / after search result and code. how to make for l... by leejaeyong Engager in Splunk Search 05-09-2019 0 1	0	1
REST call in subsearch I have this search provided by @somesoni2. I making a simple change to it so it provides a list of indexes that a us... by brdr Contributor in Splunk Search 05-09-2019 0 2	0	2
Regex help Could someone help me on this regex? I only want the first part of the data up to "AWSLogs". Example Below: s3://thi... by JPaule Explorer in Splunk Search 05-09-2019 0 2	0	2
Extract fields from XML tags Hello Splunkers, I searched to find the answer but I couldn't find the solution in answers.com. I'm sorry if my rese... by mvagionakis Path Finder in Splunk Search 05-09-2019 0 5	0	5
How do I calculate the total time of employees from security card system? I would like to create a report to verify when and how long each employee is in the building. Splunk indexes data fr... by scottrunyon Contributor in Splunk Search 05-09-2019 0 7	0	7
How to get the status code status code I have written the following query to calculate the number of response code with api and their respective http status... by mrafiq17 Explorer in Splunk Search 05-09-2019 0 2	0	2