Splunk Search

Community Activity

How to write lookup file for splunk query I have a requirement to use lookups instead of queries in Splunk Dashboards. How can I get them and how to convert t... by asplunk789 Loves-to-Learn Everything in Splunk Search 02-26-2019 0 7	0	7
Time-based exclusion on a search Is it possible, and if so, how would I, filter specific terms but only for a certain time range within a broader sear... by mhale1982 Path Finder in Splunk Search 02-26-2019 0 1	0	1
How do you search using a specific value found in a CSV column? I am trying to put together a search that will incorporate two fields used in a CSV file ("RoleInstance" and "Environ... by beetlegeuse Path Finder in Splunk Search 02-26-2019 0 5	0	5
Identify all transactions running when an error occurs I am attempting to merge two datasources to find every transaction (not to be confused with a Splunk transaction!) th... by eoszej123 Engager in Splunk Search 02-26-2019 0 0	0	0
Can you help me with a stats command error for limit reached? Hi, I have a report about hosts and vulnerabilities. It has about 30k hosts with list of vulnerabilities they are af... by mbasharat Builder in Splunk Search 02-26-2019 0 9	0	9
How do you calculate the total and average duration of the session length for unique users? I am relatively new to Splunk so please forgive my naivety. I have been tasked with calculating the session length o... by tdarrow New Member in Splunk Search 02-26-2019 0 1	0	1
Appendcols or other options for searching a sub-search on port ranges Here is the example in the Splunk documentation: specific.server \| stats dc(userID) as totalUsers \| appendcols [ sea... by jlundtristate Engager in Splunk Search 02-26-2019 0 3	0	3
graph of active sessions per hours Hello, I ingest in Splunk enterprise the following log file about end user sessions (only one record is sent at the... by dpoupon New Member in Splunk Search 02-26-2019 0 0	0	0
Help required regarding lookup I have a lookup(search_query.csv) with data as below. Name Subcategory Query Get Vehicle index=abc I ... by deepusoundar Engager in Splunk Search 02-26-2019 0 9	0	9
get rid of this awful other column I want to do a " \| stat count by host " or a " \| timechart span=1d count by host". I need the detail for each host. ... by mataharry Communicator in Splunk Search 02-26-2019 3 6	3	6
Order of columns after xyseries is unexpected I am trying to arrange one of my column into rows. So I am using xyseries which is giving right results but the order... by 513239 Explorer in Splunk Search 02-26-2019 2 2	2	2
How to generate smaller time frame events from a given event ? Hi everyone, I have this current situation, I receive events that each one contain a start time and end time, the du... by oajengui Explorer in Splunk Search 02-26-2019 0 0	0	0
Breakdown _time into date and time and then transpose Hello, I have a table like this: +---------------------+-------+ \| _time \| value \| +----... by ndaniel88 Explorer in Splunk Search 02-26-2019 0 4	0	4
Get loginID correlating to another event Hi everyone, I'm currently struggling getting the results I want to receive. I have a different set of logs, but on... by tomdepunkt New Member in Splunk Search 02-26-2019 0 4	0	4
Using bin command can you put all values above a cutoff into the last bin? I'm using the bin command to get a distribution of values, and each grouping is in increments of 10,000. I have a fe... by jbrenner Path Finder in Splunk Search 02-26-2019 1 1	1	1
Why am I getting "The lookup table does not exist. It is referenced by configuration" error though I haven't used in my dashboard? I haven't used any lookup table in my dashboard. But still I am facing "The lookup table XXX does not exist. It is re... by Naren26 Path Finder in Splunk Search 02-26-2019 0 10	0	10
How do you convert numeric JSON arrays to comma separated strings? I have a JSON with the following format: { "TestSplunkLog" : { "TestFailureLog" : { "appName" : "***", ... by karthi25 Path Finder in Splunk Search 02-26-2019 0 4	0	4
Help with the Splunk settings to localize dates and numbers from English to Italian -- doc instructions didn't work I followed the document to translate splunk to a specific language http://docs.splunk.com/Documentation/Splunk/6.5.2/... by KavyaSabu Explorer in Splunk Search 02-26-2019 0 6	0	6
Stats Count Eval If Hi, I wonder whether someone can help me please. I'm using number the following as part of a query to extract data f... by IRHM73 Motivator in Splunk Search 02-26-2019 0 9	0	9
Can you help me with the following query? Hello, I am trying to calculate the RTT time of a host where the IP is in a different source, and the rtt time is in... by vrmandadi Builder in Splunk Search 02-25-2019 0 4	0	4
Is there a way to display Count per hr for last 24hrs with Average per hr for the last 30 days as an overlay? Hi Splunk Gurus, Hoping someone out there might be able to provide some assistance with this one. I have a requirem... by kozanic_FF Path Finder in Splunk Search 02-25-2019 0 9	0	9
How do you trigger an alert using stats count to return 0 when value is 0? I have an alert that is not triggering because there are no events occurring for one of my search parameters. I woul... by markhvesta Path Finder in Splunk Search 02-25-2019 0 3	0	3
Compare and filter table results Given the table below: VIP Group State Primary_VIP Group1 Down Backup_VIP Group1 Down Primary_VIP Group... by bertzela Engager in Splunk Search 02-25-2019 0 1	0	1
How to use NOT in Transaction command i have query like below and got result index=ABC host=xyz123 \| transaction startswith="failure" endswith="success" ... by logloganathan Motivator in Splunk Search 02-25-2019 0 5	0	5
I need to group events that have the same date and the same ip address HI folks! I need to group by two variables but am having trouble figuring it out. time ip_address user ... by tullir New Member in Splunk Search 02-25-2019 0 5	0	5