Splunk Search

Community Activity

Why is my lookup with a single column not working? I have a CSV of filenames. The column header name in the CSV is indicator_F. Index=main has a field = file, which a... by Log_wrangler Builder in Splunk Search 04-02-2019 0 1	0	1
How do you group by substring of URI? I have raw data like below: /?AID=10654946&PID= 40 /test_main.jsp 232 /topic1.jsp?redirectPage=/main/word/unde... by vas123 Explorer in Splunk Search 04-02-2019 0 3	0	3
Can you help me chart a statistics table on a month by month basis? Hello, I have a search that generates a statistics table based on the timerange I select. How can I select, lets sa... by x213217 Explorer in Splunk Search 04-02-2019 0 1	0	1
tstats summariesonly=t gets no results on accelerated data models I have installed the CIM app done all of the event typing and tagging to get my data into the data models relevant to... by responsys_cm Builder in Splunk Search 04-02-2019 2 17	2	17
Can you help me to extract a date field? Hello Splunkers, I need to extract only the date with the below logs in format mm/dd/yyyy. Could you please assist? ... by ramprakash Explorer in Splunk Search 04-02-2019 0 1	0	1
How to parse my JSON data with spath and table the data? I am trying to parse this json using spath, { "Class": "11", "date": "05/16/2016", "Student": [ { "... by deepak312 Explorer in Splunk Search 04-02-2019 1 7	1	7
How do you make a Splunk Dropdown based on a field from a string result? I have a Splunk search that returns a string with the format A;B;C I want to create a dropdown in a Splunk dashboard ... by starbac Explorer in Splunk Search 04-02-2019 0 1	0	1
Using appendcols to get percent success in one time range vs another I have the following search that I'd like to schedule to run after changes. The goal is to detect a change in success... by jiman7697 Explorer in Splunk Search 04-02-2019 0 1	0	1
How to generate a regular expression to extract the email from my _raw event? Help me with regular expression in search to pick hello2017@gmail.com from _raw event below <string>hello2017@gmail... by sravankaripe Communicator in Splunk Search 04-02-2019 0 5	0	5
How can I get UsePct Please tell me know how can I get UsePct data? I must get the UsePct data which the MountedOn="/tmp" . Already type ... by leov123 New Member in Splunk Search 04-02-2019 0 6	0	6
How do you extract a field value with regex? Hello, I have an event that looks like : > <18> 20/02/19 22:23:59 : Maintenance counter "Digital Materials Mode" V... by sarit_s Communicator in Splunk Search 04-02-2019 0 2	0	2
Can you help me with a question about a search using the loadjob command and an earliest time modifier? i have a saved query that can show data up to 90 days. But, when i run the search using the loadjob command, i would... by jiaqya Builder in Splunk Search 04-02-2019 0 1	0	1
Drilldown tokens earliest and latest for a timechart that is set to Global Hi, I have a timechart that shows the status of tickets per month. index="_internal" \| where _time >= $timepicke... by dojiepreji Path Finder in Splunk Search 04-02-2019 0 3	0	3
Can you help me get an HTML link of a timechart? I have to get an HTML link of a specific timechart to have an opportunity to embed this link to another foreign site.... by kvaga Explorer in Splunk Search 04-02-2019 0 1	0	1
How do you limit duplicates in -24h@h time duration? The issue is when i schedule the index, suppose at 9.00 AM everyday (original count is 700), I am getting double data... by dtccsundar Path Finder in Splunk Search 04-02-2019 0 0	0	0
How can I add output of a search as a new column to existing csv ? Hello, I have an existing .csv named "test.csv". In this csv file, there are fields named srcip and time. Also I have... by batuhankutluca Explorer in Splunk Search 04-01-2019 0 7	0	7
Can you help me combine several applications and report on how much RAM those apps use by hostname? I have an application that uses several applications, and I need to report on the overall RAM Usage. I am using uber... by jfattizzi New Member in Splunk Search 04-01-2019 0 1	0	1
How do you create a custom KMZ File? I have a requirement where I need to create a Custom Choropleth Map of locations for my organization. I understand we... by ashutoshab Communicator in Splunk Search 04-01-2019 0 1	0	1
How do you add notes for events? I'm looking for a way to use a modal form to add comments to events. The behavior would be to click on an event, hav... by dokaas_2 Communicator in Splunk Search 04-01-2019 0 1	0	1
How do you lookup match field names by wildcard or regex? I have some customer provided CSV lookup files. These lookup files have some "similar" field names, which means they ... by xshen_anji New Member in Splunk Search 04-01-2019 0 9	0	9
Why is my query terminating with "unexpected error"? Hello, I am running a query to analyse 1 year of data and find out the number of users that used the application per... by akasthi New Member in Splunk Search 04-01-2019 0 5	0	5
Return date string from a subsearch Hi all, I am attempting to rename a column titled 'Yesterday' with yesterday's date. The goal is it would look like ... by maxzintel Path Finder in Splunk Search 04-01-2019 0 4	0	4
Pull data only for the models that I want to pull data Hello , If I have models that are KV800 and other models that are advancements to this model as in KV800-48S or KV800... by bzsplunk54 New Member in Splunk Search 04-01-2019 0 4	0	4
How do you pass the time picker value into an eval calculation? I am doing an eval calculation to get a percent for uptime. I would like to get my value from the time picker, so tha... by computemoore78 New Member in Splunk Search 04-01-2019 0 15	0	15
Duration of all events without time overlap in total? Hello everyone, beginning on Splunk and asking for your help I've got something like this in my transaction : Even... by Zakary_n Path Finder in Splunk Search 04-01-2019 0 9	0	9