Splunk Search

Community Activity

ldapsearch lastLogonTimestamp eval I found this in a search: hxxps://www.splunk.com/blog/2014/02/10/which-servers-are-inactive.html It is old but it d... by s0mar Explorer in Splunk Search 02-15-2019 0 6	0	6
How to trigger alert when the index from Down to Running State? How to trigger alert when the index from Down to Running State? My query is to find index is down.But it will trigger... by karthi2809 Builder in Splunk Search 02-15-2019 0 1	0	1
Field missing in statistical table only, while present (with values) in search Dear all, I have a dashboard table that does not display certain fields, which do have data - although not in every... by altink Builder in Splunk Search 02-15-2019 0 4	0	4
How do you get multiple percentage results in one table? I would like to report the total number games played per team, and the percentage of wins, losses, and ties by team. ... by stephenmeyers Explorer in Splunk Search 02-15-2019 0 1	0	1
Dashboard layout - want two visualizations in single panel and condition also. Hi all, I want the following layout : I am able to achieve Status Overview layout by : <row> <panel></panel> <pa... by vaibhavvijay9 New Member in Splunk Search 02-15-2019 0 2	0	2
Is realtime alert a feature with Splunk Cloud? Is realtime alert a feature with Splunk Cloud? I go to save a search as an alert and it defaults to a scheduled sear... by sbgoldberg13 Explorer in Splunk Search 02-15-2019 0 6	0	6
How do you use the rex command to filter Windows security events? Hi there, I'm trying to extract some data from Windows security logs and filter the counted results. This search ... by swimena Explorer in Splunk Search 02-15-2019 0 2	0	2
issue in rex query Hi Guys, I have a log as below; server1;443 status= running. server2;443 status= running. server3;443 status= runnin... by roopeshetty Path Finder in Splunk Search 02-15-2019 0 2	0	2
Can you help me with a search involving the NOT and WHERE functions? Hi, I use the 2 event types below in a search eventtype="TotalSpace" OR eventtype="DiskHealthSize" I need to do ... by jip31 Motivator in Splunk Search 02-15-2019 0 2	0	2
How do you extract the URL into a separate field? Hello, I'm trying to extract the URL from the message field, so I can create a separate field called URLs. At the mo... by SplunkMasterSne Explorer in Splunk Search 02-15-2019 0 3	0	3
how to ignore fields runtime which arent available from being considered in the calculation? I am doing a calculation to add up all the time spent in each layer. But there are cases where few fields not existin... by sangs8788 Communicator in Splunk Search 02-14-2019 0 2	0	2
Splunk to search and analyse it in logs after one hour I have a requirement to search and analyse result of searches in same log file after one hour. For example , Search... by bsaujla131984 Path Finder in Splunk Search 02-14-2019 0 14	0	14
Data Model Columns and Rows Transpose using Eval Hello- How do you transpose columns inside the Data Model using eval? My goal is to filter a column called column1 in... by TreeHut New Member in Splunk Search 02-14-2019 0 2	0	2
How do I create a histogram to show distribution? I have a search like this: My Search\|chart count(data.url) as SongsPlayed over userEmail It gives me a list of us... by earriaga Path Finder in Splunk Search 02-14-2019 2 8	2	8
How to display graph column for zero value I have a bar graph that charts two values. When one of the values is 0, the graph removes the column altogether. This... by tmaurst Engager in Splunk Search 02-14-2019 0 3	0	3
How do you compare the same field in two different time periods? We have events from several hosts. We want to get the difference in the value of the field between two different time... by omprakash9998 Path Finder in Splunk Search 02-14-2019 0 5	0	5
STATS COUNT on same field before and after WHERE / Condition? Hi All, What I want is : Total no. of queues and total no. of queues with pending messages. Something like this : ... by vaibhavvijay9 New Member in Splunk Search 02-14-2019 0 3	0	3
How do you add a field from a lookup that doesn't exist in the outer search? I have a DHCP search that I filter based on a lookup: index=DHCP_IDX sourcetype="infoblox:dhcp" signature IN (DHCPAC... by ragedsparrow Contributor in Splunk Search 02-14-2019 1 5	1	5
How do I group two fields (multivalued)? Hello, I have the following table: User Group ------------- ------------- User_A Group_A -------... by philippbloch Loves-to-Learn Lots in Splunk Search 02-14-2019 0 5	0	5
Weird behaviour with searching the 'user' field in Security WinEventLogs Hi all, I'm trying to do a search over some CIM fields in the WinEventLog:Security source (both XML and normal), but... by althomas Communicator in Splunk Search 02-14-2019 0 5	0	5
How do you filter data for just one index when index=? Guys, I have the query with index=te. I need this search in this form. I cannot change for separated index. my sea... by wvalente Explorer in Splunk Search 02-14-2019 0 2	0	2
How to execute a Splunk search in a dashboard on click of a button using JavaScript? Hi, This is with regards to this link : https://answers.splunk.com/answers/378289/calling-java-script-from-dashboar... by abhayneilam Contributor in Splunk Search 02-14-2019 1 16	1	16
How to use a search (which is running from a paid app) in my own app? Hi, I want to use a search which is running in paid app called "pinger" to my own app called "XYZ" Is there any wa... by sathiyasun Explorer in Splunk Search 02-14-2019 0 1	0	1
have to less 10 minutes from a timestamp when another field value is null Hi Team, I have two fields named as file arrival time , Sla time . I have to list the no files that are going to vio... by pench2k19 Explorer in Splunk Search 02-14-2019 0 1	0	1
Can anyone help me to match a value into lookup.csv if condition I have a lookup.csv with all the public holidays in Singapore. I am trying to query if _time=datefield(meaning if ... by louisawang New Member in Splunk Search 02-14-2019 0 6	0	6