Splunk Search

Community Activity

I need to group events that have the same date and the same ip address HI folks! I need to group by two variables but am having trouble figuring it out. time ip_address user ... by tullir New Member in Splunk Search 02-25-2019 0 5	0	5
How do you get the yearly count data? Hi, index="os" sourcetype="Service" CaseNumber="Test-2018*" (Group="Secure" OR Group="health") AND (Section="Connect... by ramesh12345 Explorer in Splunk Search 02-25-2019 0 3	0	3
How to expand macros in a Splunk search? I have a search as follows: index="x" search_name="`Y`" (status=Z) \| `A` \|`B` where A and B are macros Now how ca... by pavanae Builder in Splunk Search 02-25-2019 0 7	0	7
How to create a table in which mandatory and optional fields are correctly aligned Hello, I have a problem extracting data from a log with format not fixed. I explain: each row of my log contains a m... by marcoemme41 New Member in Splunk Search 02-25-2019 0 6	0	6
How do you merge events by _time field and add new fields? Hi everyone, My data is as flowing. The cnt is events count of scanner_type by day. I want to show everyday`s diff... by perlish Communicator in Splunk Search 02-25-2019 0 1	0	1
How to display Current group ? Hi, index="os" sourcetype="Service" status=* (Group="Data/Config" OR Group="Secure") AND (Section="Site Problem" OR ... by ramesh12345 Explorer in Splunk Search 02-25-2019 0 0	0	0
How do I extract a field value after a specific string in unstructured data? Hi, I would like to extract a new field from unstructured data. FX does not help for 100%, so I would like to use re... by HeinzWaescher Motivator in Splunk Search 02-25-2019 1 2	1	2
Can you help me with my regex expression? Hi Team, I'm struggling to get the regex expression for the following values. I want to capture the text before the ... by pench2k19 Explorer in Splunk Search 02-25-2019 0 2	0	2
How to get latest parameter from csv disregarding empty values Hi splunk comunity! I have dashboard with text input, which starts to execute when i change my parameter in text box... by mishaaaaaaaaaa Explorer in Splunk Search 02-24-2019 0 6	0	6
How do I search from 2 different indexes? Hi, How do I search in two indexes? I am looking for the IP address in both the indexes at that same point of time a... by ajayrejin Explorer in Splunk Search 02-24-2019 1 6	1	6
Search for POST params Hi- I am pretty new to Splunk. Can we search for a specific (form) parameter against a POST REST call ? by ashishgarwal New Member in Splunk Search 02-24-2019 0 1	0	1
Splunk extraction of fields for email texts I have the infra as shown below: Splunk Log Forwarder-> Splunk Indexer The Log forwarder defines which data goes int... by tan_junyuan Engager in Splunk Search 02-23-2019 0 1	0	1
How to calculate no of opened ticket in past in splunk Hi , i want to calculate total no . of opened incidents by a user over a time interval in dynamic environment in spl... by himanshu_b_shek New Member in Splunk Search 02-23-2019 0 4	0	4
help on rangemap command with loadjob Hi I use the search below in order to display GOOD or BAD in a panel When I execute the query i have a result But I... by jip31 Motivator in Splunk Search 02-23-2019 0 8	0	8
Can you help me with a subsearch? Hi, I use the search below in order to display the model of a host for only the host which has a Wear_Rate>0 But th... by jip31 Motivator in Splunk Search 02-23-2019 0 2	0	2
How to capture 2nd max value of a field and compare with 1st max value of the same field I have data in json format as following:- {Run=1 , Average=2.1, Max=3, Min=1.4, Transaction=Sample1} {Run=1 , Average... by pratyushak New Member in Splunk Search 02-22-2019 0 2	0	2
Difference in result with timechart span=1d dc(ip) vs timechart span=1h dc(ip) I am using distinct count with time chart for the whole day (yesterday). The result is varying if the span is change... by aa274t New Member in Splunk Search 02-22-2019 0 5	0	5
Reference Time on Dashboard Load (and adjust to time change) Hi, I was wondering how I can reference the time picker on load for a dashboard and make sure that it's the right fo... by mrstrozy Path Finder in Splunk Search 02-22-2019 0 1	0	1
Two searches but only need to return results of the second search that match the first ok so...I have been banging my head against the wall on this one for a bit. I have tried using join (which I don't an... by RickerNJ New Member in Splunk Search 02-22-2019 0 5	0	5
Dedup search results not showing for a user I have a user that is a doing a search that has \| dedup in it. While I can see the results when I run the search (I'm... by toddhawkins New Member in Splunk Search 02-22-2019 0 4	0	4
help on join command please hi I use the search below index =* sourcetype=* \| dedup host \| stats count This search returns 87 events I try t... by jip31 Motivator in Splunk Search 02-22-2019 0 5	0	5
how to display a 0 result instead an empty result hi I use the search below and I would like to have a 0 results displayed when there is no events corresponding could... by jip31 Motivator in Splunk Search 02-22-2019 0 14	0	14
After integrating Splunk with JIRA, How can I see the list/count of defects created in last 7 days? I have integrated Splunk with JIRA. I want to see the list/count of defects created in last 7 days. I'm picking the c... by cadrija Path Finder in Splunk Search 02-22-2019 0 1	0	1
Search to find indexes with events and display index size, total events , earliest and latest events per index Hi, what would be the best way to find indexes with events and display its size, total events , earliest and latest ... by mlevsh Builder in Splunk Search 02-22-2019 0 4	0	4
Compare current and last one hour event value in same search. Hi All, I have to monitor the queues. And for that I have made the basic dashboard where it shows the details. Detai... by vaibhavvijay9 New Member in Splunk Search 02-22-2019 0 1	0	1