Splunk Search

Community Activity

How do I perform a stats count(fieldname) without it deleting all other search results output? I do believe I'm missing something fundamental here.... So, the search: index=X returns many events where each even... by williamcharlton Path Finder in Splunk Search 03-11-2019 0 4	0	4
How to select yesterdays date from the following search? Hello, I know it is a simple question but I am somehow struggling with it. I have the following search: index=mlbso... by damucka Builder in Splunk Search 03-11-2019 0 1	0	1
Efficient and "correct" way to counting stats based on a sequence of events within a rolling timeframe Creating stats count based on a sequence of events within a timeframe. For example, count the unique sessions, withi... by mlorrette Path Finder in Splunk Search 03-11-2019 1 4	1	4
How to use of Group by on the Event Number column to get the latest result by EventTime? I have a table like below in Splunk I want to apply a group by on Event Number col and want to get the top(latest) ... by nilanjankc New Member in Splunk Search 03-11-2019 0 6	0	6
External URL link with Hyperlink in alert message body Hi Splunkers, Is it possible to add an External URL as Hyperlink in the message body of an alert? I know we can pl... by dadepu Engager in Splunk Search 03-11-2019 1 3	1	3
How to catch information from inspector job? Hi I would like to catch the information in the example below: This search has completed and has returned 1 000 rés... by jip31 Motivator in Splunk Search 03-11-2019 0 2	0	2
Some logs were missed by splunk in search index While using splunk, we are missing some events in search index. There is no repeated behavior of this kind but they a... by chandrajay New Member in Splunk Search 03-11-2019 0 0	0	0
How to use plus sign before a result to calculate percentage? Hello I use the eval below in order to calculate a percentage \| eval Trend_Proc_time=round(100-(Proc_dest*100)/(Proc... by jip31 Motivator in Splunk Search 03-11-2019 0 4	0	4
How do I search from a lookup table and match when part of a string from an events' field matches a value in a lookup table? Hi all, I know many questions exist similar to this one but none are useful for my particular use case. Please if s... by nickcardenas Path Finder in Splunk Search 03-11-2019 1 9	1	9
How to use rex to extract username from emailid? Hi All Please help me to extract username from the emailid. Ex: test123@test.com abc2@test.com Required: test123... by eduspk Explorer in Splunk Search 03-11-2019 0 1	0	1
How to split data into multiple columns? I am having data in a single field in this format: 1. xyz 2. dsh bh 3. sdh dsd() 4. trrt .... so on I want to split... by ayush1906 Path Finder in Splunk Search 03-11-2019 0 2	0	2
How to get the sum of total number of failed items count after excluding Item Not Recognized and Loading for both fields? I have two fields body.response.failedItemsCount , body.failedItemsCount , In this I have to filter with two unwanted... by monipinni Explorer in Splunk Search 03-11-2019 0 1	0	1
How to use 'where' command in multiple places? Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time) by rajhemant26 New Member in Splunk Search 03-11-2019 0 3	0	3
How to extract values in a field? In my table, I have a field named Username, and it has two values: Machine 1 and 2. I only want to show Machine1 only... by mdmaala Communicator in Splunk Search 03-11-2019 0 6	0	6
How do you retrieve names in comments using regex? Hi, index="os" sourcetype="test" CaseNumber=\| dedup _time,CaseNumber \| rex field=Notes "(?\d+-\d+-\d+\s\d+:\d+:\... by ramesh12345 Explorer in Splunk Search 03-11-2019 0 3	0	3
Top of field with multiple values Hi, I'm trying to do a simple search that returns the top repeated values of a field. The problem is that this fiel... by adri9valle New Member in Splunk Search 03-11-2019 0 2	0	2
Splunk Deployment only for Log Management Purpose Hi Team, We have a requirement where we need to deploy Splunk Solution only for Log management purpose (less 50 GB p... by dheerajsh Engager in Splunk Search 03-10-2019 0 2	0	2
How to create a chart that will display the open and resolved tickets over time? I need to create a chart that will display the open and resolved tickets over time. Here is my current code: \| eva... by dojiepreji Path Finder in Splunk Search 03-10-2019 0 6	0	6
How to use timechart command for the below query This is the query i m using: query1: sourcetype=tanium earliest=-24h query="User-Sessions-and-Boot-Time-Details-from... by divyathota New Member in Splunk Search 03-10-2019 0 3	0	3
Why is host missing from Search? Hi All, I'm just getting started so this is probably going to be an easy one. I have Splunk light and have setup P... by zuma01 New Member in Splunk Search 03-10-2019 0 3	0	3
How do you do a recursive search for the first value from every morning? Can you run a Splunk search and have it only return the first log value identified at a certain time per day, and the... by GauravSplunxter Explorer in Splunk Search 03-10-2019 0 4	0	4
define two fields for cidrmatch function I want to use the eval function with cidrmatch function like 1- who to mention multip subnets in x field against cid... by rashid47010 Communicator in Splunk Search 03-10-2019 0 1	0	1
extracting values in a field in my table, I have a field named Username, and it has two values: Machine 1 and 2. I only want to show Machine1 only... by mdmaala Communicator in Splunk Search 03-10-2019 0 0	0	0
Sum of two fields I have two fields "body.response.successfulItemsCount" & "body.successfulItemsCount". I need sum of total of these tw... by tej8 New Member in Splunk Search 03-10-2019 0 1	0	1
average of response time for the service call per day. sourceType="source_log" \| rex field=_raw .... ........ Expected output : Service_call Avf for 03/04 avg ... by shaikbavaji New Member in Splunk Search 03-09-2019 0 5	0	5