Splunk Search

Community Activity

How do I make a Splunk query to find where X is greater than 0? I have a log: "TOTAL NUMBER OF RECORDS IS:0" I need to Query it in a way that it finds a log message if the number o... by compguy New Member in Splunk Search 02-27-2019 0 4	0	4
Filtering data based on results of another sub-query Hi team, I have a query about sub-queries. I've searched this forum for a while and tried a few different things but... by skribble5 Explorer in Splunk Search 02-27-2019 0 9	0	9
minspan ?? for transaction Is there such thing to display a minspan for transaction... Trying to looking for users from building A to Buildin... by Sp3ctre1 New Member in Splunk Search 02-27-2019 0 1	0	1
Can someone help me with a search that parses through two lookup tables? Hi, I have two lookup tables lookup1: RealName, username Smith, J ( LDN), smithj Andy, H (LDN),andyh Tan, Y ... by ajith_sukumaran Explorer in Splunk Search 02-27-2019 0 5	0	5
Can you help me with dedup and date field. How to get the latest record? I figured out how to use the dedup command by the user (see example below) but I still want to get the latest record ... by joesrepsolc Communicator in Splunk Search 02-27-2019 1 18	1	18
Sme search with same slot time doesnt returns same number of events Hi I have something strange when I execute the search below, I have 47 events on a one week slot time eventtype="App... by jip31 Motivator in Splunk Search 02-27-2019 0 4	0	4
How do you retrieve particular data from one field? Hi, i have a CSV file that contains a few persons names and teamname(column names is "name" and "Team"). The team na... by ramesh12345 Explorer in Splunk Search 02-27-2019 0 1	0	1
Can a eval field name used as string in SPL search ? i have a lookup hostlist.csv which have list of host names and other metrics related to it. i need to filter out eac... by gowtham495 Path Finder in Splunk Search 02-26-2019 1 5	1	5
How to write lookup file for splunk query I have a requirement to use lookups instead of queries in Splunk Dashboards. How can I get them and how to convert t... by asplunk789 Loves-to-Learn Everything in Splunk Search 02-26-2019 0 7	0	7
Time-based exclusion on a search Is it possible, and if so, how would I, filter specific terms but only for a certain time range within a broader sear... by mhale1982 Path Finder in Splunk Search 02-26-2019 0 1	0	1
How do you search using a specific value found in a CSV column? I am trying to put together a search that will incorporate two fields used in a CSV file ("RoleInstance" and "Environ... by beetlegeuse Path Finder in Splunk Search 02-26-2019 0 5	0	5
Identify all transactions running when an error occurs I am attempting to merge two datasources to find every transaction (not to be confused with a Splunk transaction!) th... by eoszej123 Engager in Splunk Search 02-26-2019 0 0	0	0
Can you help me with a stats command error for limit reached? Hi, I have a report about hosts and vulnerabilities. It has about 30k hosts with list of vulnerabilities they are af... by mbasharat Builder in Splunk Search 02-26-2019 0 9	0	9
How do you calculate the total and average duration of the session length for unique users? I am relatively new to Splunk so please forgive my naivety. I have been tasked with calculating the session length o... by tdarrow New Member in Splunk Search 02-26-2019 0 1	0	1
Appendcols or other options for searching a sub-search on port ranges Here is the example in the Splunk documentation: specific.server \| stats dc(userID) as totalUsers \| appendcols [ sea... by jlundtristate Loves-to-Learn in Splunk Search 02-26-2019 0 3	0	3
graph of active sessions per hours Hello, I ingest in Splunk enterprise the following log file about end user sessions (only one record is sent at the... by dpoupon New Member in Splunk Search 02-26-2019 0 0	0	0
Help required regarding lookup I have a lookup(search_query.csv) with data as below. Name Subcategory Query Get Vehicle index=abc I ... by deepusoundar Engager in Splunk Search 02-26-2019 0 9	0	9
get rid of this awful other column I want to do a " \| stat count by host " or a " \| timechart span=1d count by host". I need the detail for each host. ... by mataharry Communicator in Splunk Search 02-26-2019 3 6	3	6
Order of columns after xyseries is unexpected I am trying to arrange one of my column into rows. So I am using xyseries which is giving right results but the order... by 513239 Explorer in Splunk Search 02-26-2019 2 2	2	2
How to generate smaller time frame events from a given event ? Hi everyone, I have this current situation, I receive events that each one contain a start time and end time, the du... by oajengui Explorer in Splunk Search 02-26-2019 0 0	0	0
Breakdown _time into date and time and then transpose Hello, I have a table like this: +---------------------+-------+ \| _time \| value \| +----... by ndaniel88 Explorer in Splunk Search 02-26-2019 0 4	0	4
Get loginID correlating to another event Hi everyone, I'm currently struggling getting the results I want to receive. I have a different set of logs, but on... by tomdepunkt New Member in Splunk Search 02-26-2019 0 4	0	4
Using bin command can you put all values above a cutoff into the last bin? I'm using the bin command to get a distribution of values, and each grouping is in increments of 10,000. I have a fe... by jbrenner Path Finder in Splunk Search 02-26-2019 1 1	1	1
Why am I getting "The lookup table does not exist. It is referenced by configuration" error though I haven't used in my dashboard? I haven't used any lookup table in my dashboard. But still I am facing "The lookup table XXX does not exist. It is re... by Naren26 Path Finder in Splunk Search 02-26-2019 0 10	0	10
How do you convert numeric JSON arrays to comma separated strings? I have a JSON with the following format: { "TestSplunkLog" : { "TestFailureLog" : { "appName" : "***", ... by karthi25 Path Finder in Splunk Search 02-26-2019 0 4	0	4