Splunk Search

Community Activity

Multiple queries scheduled to update in table Is there a way in splunk to have a table updated only when the query returns results. For Instance if there 50 index... by johnsasikumar Path Finder in Splunk Search 04-16-2019 0 0	0	0
error regex (PCRE2_DUPNAMES not set) when I start splunk it shows me his " Checking conf files for problems... Bad regex value: '(... by daluoc New Member in Splunk Search 04-16-2019 0 2	0	2
How to calculate percentage from 2 different searches? hello I try to calculate a percentage from 2 searches results I know how to count results from my first search : in... by jip31 Motivator in Splunk Search 04-16-2019 0 2	0	2
mvexpand multiple fields Is there a way to use mvexpand on multitple values? This is the result of my current search and I want it to look li... by michaelrosello Path Finder in Splunk Search 04-16-2019 1 5	1	5
How to preserve leading whitespace in a statistcs table? Hello! Take for example the following query: \| makeresults \| eval somevalue=" Hello World!" \| table someval... by BearMormont Path Finder in Splunk Search 04-16-2019 0 3	0	3
xyseries in full mesh: How to have it fill values A to Z with Z to A or vice versa? I have a search that calculates latency in a full-mesh network, where each router has a direct connection to all of t... by christopheryu Communicator in Splunk Search 04-16-2019 1 6	1	6
What is a good query to monitor for someone sending too many alerts? I received an email from ES techs that someone had sent over 128k alerts to the same address in a 24 hour period. I t... by MikeBertelsen Communicator in Splunk Search 04-16-2019 0 1	0	1
Is it possible to search for a specific email scheme? (not a specific string of characters) Would it be difficult to create a rex search for an email scheme starting with alpha characters (no set amount of cha... by amcb90 Engager in Splunk Search 04-16-2019 0 1	0	1
Top & Fields command index=uberAgent \| top 5 SessionID by host \| fields - Anzahl, precent This code returns all events in the index ins... by anasshsa Engager in Splunk Search 04-16-2019 0 2	0	2
How to use join using stats by count on two different searches? Hello, I am trying to use the join by userid on 2 different sub queries using join feature, both the queries are retu... by msrama5 Explorer in Splunk Search 04-16-2019 0 2	0	2
How to create a Splunk search to find response time for API Calls? I want to calculate response time from my logs for all records and our application logs in below format, Can you plea... by mintally New Member in Splunk Search 04-16-2019 0 2	0	2
Search Help : How to list latest raw event for a field by index and sourcetype? Hi all, How to form a table to display latest raw event for field mentioned by index and source type. This is the ou... by harshal_chakran Builder in Splunk Search 04-16-2019 0 1	0	1
Can you perform an automatic lookup based on the output of another automatic lookup? I have an automatic database lookup that I'm using to pull in data on values that may change over time within my DB. ... by chris2416 Explorer in Splunk Search 04-15-2019 2 9	2	9
Can you launch a search from within a custom search command? Hello, I have already created a custom search command, Can I launch from my python scripy a search that gets me value... by MarcHelou New Member in Splunk Search 04-15-2019 0 2	0	2
How to get statistics from the same session with multiple events? There are multiple events with 1 same field - unique_session, how to combine and count events from that unique sessio... by gumarovv New Member in Splunk Search 04-15-2019 0 6	0	6
How to search for values not present in the lookup table Hi, I Have a table-1 with tracking IDs ex: 123, 456, 789 and the other query which returns a table-2 with tracking ... by akarunkumar321 Engager in Splunk Search 04-15-2019 0 19	0	19
realtime search scaling I have read about some limits you can come across when doing realtime searches. When trying to scale this out shoul... by splunkbacon Explorer in Splunk Search 04-15-2019 0 3	0	3
How to coalesce events with different values for status field? I have this search that will display the following index=autosys source= jobName= \| where statusText="SUCCESS" OR st... by x213217 Explorer in Splunk Search 04-15-2019 0 3	0	3
Why wasn't the lookup csv file replicated? We created a lookup via the outputlookup command and we can see the file under $SPLUNK_HOME/etc/apps/<app name>/looku... by ddrillic Ultra Champion in Splunk Search 04-15-2019 0 1	0	1
How to extract sourcetype using rex? Hi everyone, I have 40 source type with different names so I was wondering if i can extract sourcetype using rex. a... by splunkuseradmin Path Finder in Splunk Search 04-15-2019 1 1	1	1
Can regex remove spaces inside a capture group? I am using regex slot and port information. Here is an example of the syslog output: Slot1 : OLTPort2 Is it possib... by donemery Explorer in Splunk Search 04-15-2019 0 7	0	7
How to create a search to get count total with percentage against total count? Hi there, I have below result with this query. index="abc" Properties.CorrelationId != XYZ \| stats count by Prope... by sudheeraha Engager in Splunk Search 04-15-2019 0 3	0	3
Is it possible to sort or reorder a multivalue field? Anyone have any thoughts as to how to reorder a multi-valued field? Ideally I'd like to be able to do a "sort" or in... by Lowell Super Champion in Splunk Search 04-15-2019 4 5	4	5
How to extract particular string in the data? Hi Team, I m planning to collect the highlited text from the raw data as below info : Detailed logging to /apps/dat... by pench2k19 Explorer in Splunk Search 04-15-2019 0 10	0	10
How do i get the count of Java Threads on a particular server using Splunk? Hi, I want to calculate the Java threads on my 4 application servers. I have one query but i believe that gives all t... by Shashank_87 Explorer in Splunk Search 04-15-2019 0 2	0	2