Splunk Search

Community Activity

How do I email customized stats tables to individual employees? I want to send an alert to each Employee once a day with a stats table customized to that employee: for instance the ... by matthewg Explorer in Splunk Search 03-28-2019 0 0	0	0
club 3 search queries into 1 I have given the query below. I am trying to display all 3 RERs- RERa, RERb, RERc. But this is displaying just RERb a... by BMUDGAL1190 New Member in Splunk Search 03-28-2019 0 2	0	2
Is there a possibility to write an event to splunk index source type through SPL? I have an requirement where the user would like to store the data to a source type of an index. and would be modifyin... by shahid285 Path Finder in Splunk Search 03-28-2019 0 5	0	5
How to delete a lookup table file and definition? I am testing some lookup files in a dev environment. I would like to clear out the first few tries and work with only... by feickertmd Communicator in Splunk Search 03-28-2019 2 5	2	5
How do you separate fields into different variables based on the beginning letter of field? So I'm sure I'm missing something obvious, but I cannot for the life of me find something similar to what I'm looking... by ibdubs Explorer in Splunk Search 03-28-2019 0 8	0	8
Splunk Subsearch / Join / Combine event query assistance I have a very large dataset of events (millions of events per hour of various event types) which are all part of the ... by gjcwilliams New Member in Splunk Search 03-28-2019 0 2	0	2
Help on SystemTime format and SystemTime stats Hi I use the search below but SystemTime doesnt return results SystemTime format is like this : '2019-03-25T03:49:42... by jip31 Motivator in Splunk Search 03-28-2019 0 6	0	6
How to do stats or top for each column in a table? Hello, let's see if someone can help with this  I have 4 fields, 3 which I would like to have sorted and counted in... by nimmos Engager in Splunk Search 03-28-2019 4 6	4	6
tstats values() function removes duplicates from a multivalued field My dashboard queries are based on datamodel. Hence we are using tstats. We have a use case where we need to mvzip 2 m... by darshildave Explorer in Splunk Search 03-28-2019 0 1	0	1
help on subsearch field matching Hi I use actually the search below in order to doing a match between a search and a workstation name (host) eve... by jip31 Motivator in Splunk Search 03-28-2019 0 1	0	1
issue with Splunk query Hi, issue is in writing correct a query Example: Let's assume I have 2 groups such as : Group Use... by su_kumar New Member in Splunk Search 03-28-2019 0 0	0	0
The "replace" function does not work well in the element of EventHandler. <fieldset submitButton="false" autoRun="false"> <input type="text" token="text" searchWhenChanged="true"> <... by yutaka1005 Builder in Splunk Search 03-28-2019 0 2	0	2
help to extract four fields in a log file with regex link textHi I want to extract the four fields after the text in yellow color and in the same line except the last fi... by jip31 Motivator in Splunk Search 03-28-2019 0 8	0	8
need help to find the matching values from two different queries Hi Team, I have two queries having different count and i want to calculate the percentage of success using the two q... by pench2k19 Explorer in Splunk Search 03-27-2019 0 1	0	1
How to use dynamically calculated threshold in alert search? Hi all, I need to calculate the standard deviation value using previous 5mins of data and have to recalculate every ... by nkkn87 New Member in Splunk Search 03-27-2019 0 4	0	4
Field Comparison Not Working in Basic Search I have two queries: index=main \| eval var1="avalue" \| eval var2="avalue" \| search var1=var2 and index=main ... by georgiawebber Engager in Splunk Search 03-27-2019 0 4	0	4
mstats and mcatalog simply does not work I try to use mstats and mcatalog command it just simply does not work, I think its Splunk settings side Im missing, ... by deodion Path Finder in Splunk Search 03-27-2019 0 2	0	2
Can you help me with the following SPL: Index=fw_cisco Question on the following SPL: > index=fw_cisco src_ip="1.2.3.4" \| stats count(dest_port) by dest_ip dest_port T... by dkraut Engager in Splunk Search 03-27-2019 0 4	0	4
Tool for measuring search performance based different types of searches Is there a tool available that will bombard Splunk with different types of search queries such as dense, sparse, rare... by swatishs Explorer in Splunk Search 03-27-2019 0 2	0	2
Why am I unable to export results from a long-running search query? I ran a search recently that took a couple hours to run. The number of results was pretty low - only a few thousand, ... by _smp_ Builder in Splunk Search 03-27-2019 1 8	1	8
Using field eval values in if condition. I have a search as below: \|rex field=Field "^(?.+?)." \| eval Srvr = if(sourcetype="Type_1", Field_1 , if(sourcetype... by veerendra_modi Loves-to-Learn in Splunk Search 03-27-2019 0 1	0	1
Combine multiple searches with no relation in one table I have different count searches that I want to show in one report so I can send it to me as a csv file. index=proxy ... by igschloessl Explorer in Splunk Search 03-27-2019 0 1	0	1
How to use a field in lookup table as search count I have a lookup table with 3 fields/columns: Service, Priority, Threshold. If the search on service count is > (v... by ahuihou New Member in Splunk Search 03-27-2019 0 1	0	1
Dashboard: How can I convert a token from a "Time Picker" into a unit of time like minutes? Hi everyone, Here's the process I'm trying to do. Initial Conversion 1. Use a "Time Picker" input --> 2. Take the ... by danielbarr Explorer in Splunk Search 03-27-2019 1 8	1	8
How to get the values for the selected fields Hi Guys, I have this query with me. index=qvmr_soc_r job_type=batch \|stats dc() as * \| fields *vip snps \| transpos... by Maniteja81 New Member in Splunk Search 03-27-2019 0 3	0	3