Splunk Search

Community Activity

How to do stats or top for each column in a table? Hello, let's see if someone can help with this  I have 4 fields, 3 which I would like to have sorted and counted in... by nimmos Engager in Splunk Search 03-28-2019 4 6	4	6
tstats values() function removes duplicates from a multivalued field My dashboard queries are based on datamodel. Hence we are using tstats. We have a use case where we need to mvzip 2 m... by darshildave Explorer in Splunk Search 03-28-2019 0 1	0	1
help on subsearch field matching Hi I use actually the search below in order to doing a match between a search and a workstation name (host) eve... by jip31 Motivator in Splunk Search 03-28-2019 0 1	0	1
issue with Splunk query Hi, issue is in writing correct a query Example: Let's assume I have 2 groups such as : Group Use... by su_kumar New Member in Splunk Search 03-28-2019 0 0	0	0
The "replace" function does not work well in the element of EventHandler. <fieldset submitButton="false" autoRun="false"> <input type="text" token="text" searchWhenChanged="true"> <... by yutaka1005 Builder in Splunk Search 03-28-2019 0 2	0	2
help to extract four fields in a log file with regex link textHi I want to extract the four fields after the text in yellow color and in the same line except the last fi... by jip31 Motivator in Splunk Search 03-28-2019 0 8	0	8
need help to find the matching values from two different queries Hi Team, I have two queries having different count and i want to calculate the percentage of success using the two q... by pench2k19 Explorer in Splunk Search 03-27-2019 0 1	0	1
How to use dynamically calculated threshold in alert search? Hi all, I need to calculate the standard deviation value using previous 5mins of data and have to recalculate every ... by nkkn87 New Member in Splunk Search 03-27-2019 0 4	0	4
Field Comparison Not Working in Basic Search I have two queries: index=main \| eval var1="avalue" \| eval var2="avalue" \| search var1=var2 and index=main ... by georgiawebber Engager in Splunk Search 03-27-2019 0 4	0	4
mstats and mcatalog simply does not work I try to use mstats and mcatalog command it just simply does not work, I think its Splunk settings side Im missing, ... by deodion Path Finder in Splunk Search 03-27-2019 0 2	0	2
Can you help me with the following SPL: Index=fw_cisco Question on the following SPL: > index=fw_cisco src_ip="1.2.3.4" \| stats count(dest_port) by dest_ip dest_port T... by dkraut Engager in Splunk Search 03-27-2019 0 4	0	4
Tool for measuring search performance based different types of searches Is there a tool available that will bombard Splunk with different types of search queries such as dense, sparse, rare... by swatishs Explorer in Splunk Search 03-27-2019 0 2	0	2
Why am I unable to export results from a long-running search query? I ran a search recently that took a couple hours to run. The number of results was pretty low - only a few thousand, ... by _smp_ Builder in Splunk Search 03-27-2019 1 8	1	8
Using field eval values in if condition. I have a search as below: \|rex field=Field "^(?.+?)." \| eval Srvr = if(sourcetype="Type_1", Field_1 , if(sourcetype... by veerendra_modi Loves-to-Learn in Splunk Search 03-27-2019 0 1	0	1
Combine multiple searches with no relation in one table I have different count searches that I want to show in one report so I can send it to me as a csv file. index=proxy ... by igschloessl Explorer in Splunk Search 03-27-2019 0 1	0	1
How to use a field in lookup table as search count I have a lookup table with 3 fields/columns: Service, Priority, Threshold. If the search on service count is > (v... by ahuihou New Member in Splunk Search 03-27-2019 0 1	0	1
Dashboard: How can I convert a token from a "Time Picker" into a unit of time like minutes? Hi everyone, Here's the process I'm trying to do. Initial Conversion 1. Use a "Time Picker" input --> 2. Take the ... by danielbarr Explorer in Splunk Search 03-27-2019 1 8	1	8
How to get the values for the selected fields Hi Guys, I have this query with me. index=qvmr_soc_r job_type=batch \|stats dc() as * \| fields *vip snps \| transpos... by Maniteja81 New Member in Splunk Search 03-27-2019 0 3	0	3
How can I find users logged on some PCs if PCs list is a result of a different search? Hello, I'm trying to create a list of users who use a particular software, lest say Notepad 7.6.3. I can easily find... by AlexeySh Communicator in Splunk Search 03-27-2019 0 2	0	2
timechart when span set to a week gives a different values , in comparison to span set to a day for a duration of a week. I am running a query with a timechart span of '1w' duration of earliest being set to '-4w' and latest set to 'now', t... by shahid285 Path Finder in Splunk Search 03-27-2019 0 5	0	5
How to enhance the search results of events that match a lookup.csv? Hi, I have a query that produces the results I want but now I need to add some extra fields to the events. I have a... by Log_wrangler Builder in Splunk Search 03-27-2019 0 7	0	7
How to check which value is larger than the other and calculate the gap between them? Hi I have two values that i need to check which one of them is bigger and calculate the gap between them how can i d... by sarit_s Communicator in Splunk Search 03-27-2019 0 21	0	21
Why I can't use case insensitive match in lookup with WILDCARD? My environment : Splunk Stand-Alone ver 7.2.3 I'd like to extract username that match with lookup case-insensitively... by yutaka1005 Builder in Splunk Search 03-27-2019 0 4	0	4
Help with Splunk Query to detect unusual logons to different computers Good morning, I am wondering what commands that I can use in order to detect a user account logging into a machine t... by chriscioffi88 New Member in Splunk Search 03-27-2019 0 1	0	1
max concurrent rt searches Hello, I have an issue with extending the number of the concurrent rt searches. I can see constant amount of 36 RT s... by damucka Builder in Splunk Search 03-27-2019 0 16	0	16