Splunk Search

Community Activity

How do I create a histogram to show distribution? I have a search like this: My Search\|chart count(data.url) as SongsPlayed over userEmail It gives me a list of us... by earriaga Path Finder in Splunk Search 02-14-2019 2 8	2	8
How to display graph column for zero value I have a bar graph that charts two values. When one of the values is 0, the graph removes the column altogether. This... by tmaurst Engager in Splunk Search 02-14-2019 0 3	0	3
How do you compare the same field in two different time periods? We have events from several hosts. We want to get the difference in the value of the field between two different time... by omprakash9998 Path Finder in Splunk Search 02-14-2019 0 5	0	5
STATS COUNT on same field before and after WHERE / Condition? Hi All, What I want is : Total no. of queues and total no. of queues with pending messages. Something like this : ... by vaibhavvijay9 New Member in Splunk Search 02-14-2019 0 3	0	3
How do you add a field from a lookup that doesn't exist in the outer search? I have a DHCP search that I filter based on a lookup: index=DHCP_IDX sourcetype="infoblox:dhcp" signature IN (DHCPAC... by ragedsparrow Contributor in Splunk Search 02-14-2019 1 5	1	5
How do I group two fields (multivalued)? Hello, I have the following table: User Group ------------- ------------- User_A Group_A -------... by philippbloch Loves-to-Learn Lots in Splunk Search 02-14-2019 0 5	0	5
Weird behaviour with searching the 'user' field in Security WinEventLogs Hi all, I'm trying to do a search over some CIM fields in the WinEventLog:Security source (both XML and normal), but... by althomas Communicator in Splunk Search 02-14-2019 0 5	0	5
How do you filter data for just one index when index=? Guys, I have the query with index=te. I need this search in this form. I cannot change for separated index. my sea... by wvalente Explorer in Splunk Search 02-14-2019 0 2	0	2
How to execute a Splunk search in a dashboard on click of a button using JavaScript? Hi, This is with regards to this link : https://answers.splunk.com/answers/378289/calling-java-script-from-dashboar... by abhayneilam Contributor in Splunk Search 02-14-2019 1 16	1	16
How to use a search (which is running from a paid app) in my own app? Hi, I want to use a search which is running in paid app called "pinger" to my own app called "XYZ" Is there any wa... by sathiyasun Explorer in Splunk Search 02-14-2019 0 1	0	1
have to less 10 minutes from a timestamp when another field value is null Hi Team, I have two fields named as file arrival time , Sla time . I have to list the no files that are going to vio... by pench2k19 Explorer in Splunk Search 02-14-2019 0 1	0	1
Can anyone help me to match a value into lookup.csv if condition I have a lookup.csv with all the public holidays in Singapore. I am trying to query if _time=datefield(meaning if ... by louisawang New Member in Splunk Search 02-14-2019 0 6	0	6
Can you help me compare two fields with numeric values? I have a query where I do a bunch of computations, and then at the end of it, I want to add a new field based on the ... by mmdacutanan Explorer in Splunk Search 02-14-2019 0 3	0	3
Can you help me with a stats count with different field names? hello, I use the two query below index="x" sourcetype="WinEventLog:Microsoft-Windows-Diagnostics-Performance/Operat... by jip31 Motivator in Splunk Search 02-14-2019 0 4	0	4
Fields extraction in file with single and multiline logs Hi, I'm new in splunk. I currently want to analyse a log file. I'm facing issues to extract informations because ea... by clementros Path Finder in Splunk Search 02-14-2019 0 3	0	3
Want to extract FOID= into two field, Pls help 05:45:25.985 [http-nio-8080-exec-137] INFO c.b.h.i.s.i.OrderDecompositionServiceImpl - POID=20275475 FOID=TRAFFIC_MG... by jayavasge New Member in Splunk Search 02-13-2019 0 4	0	4
Why is the relative_time not converting +24y? Is there a limitation in the function? Hi Splunkers, Why the relative_time function is not converting +24y? any reason? Any way to achieve this? \|stats co... by vasanthmss Motivator in Splunk Search 02-13-2019 3 4	3	4
How do I make a column chart that compares the result from last year with this year by month? Hi everyone, I would like to make a chart that compares the result from last year with this year by month. This i... by MCH2018 Explorer in Splunk Search 02-13-2019 0 4	0	4
Smtp email to send alerts Hi, Can you please how to to create a alert and send email using smtp server. We have two seperate host s for indexer... by manekar New Member in Splunk Search 02-13-2019 0 4	0	4
How do you merge multisearch results? Hi, I tried many alternatives but no good results. Please help if possible. I have a multi search with two sets of... by gmasca Explorer in Splunk Search 02-13-2019 0 5	0	5
How do you combine two different values from a single field in a chart? Suppose I have a chart that counts the number of tickets done by a particular branch and displays them by priority. ... by dojiepreji Path Finder in Splunk Search 02-13-2019 0 2	0	2
How do you get the raw fields ERROR and SUCCESS from log transactions into a same field TYPE using a regex command? Hi Everybody! I am fairly new to Splunk, and I am trying to Create a dashboard where I need to get the Total number... by vmandad1 New Member in Splunk Search 02-13-2019 0 2	0	2
How to access field displayName when searching a dataset? I have a data model called DM1 with a data set called DM1. There are evaluated fields in this data set with different... by matstap Communicator in Splunk Search 02-13-2019 0 1	0	1
What field name should I use for privileged users on change datamodel? Hello, Right now i'm developing some compliance app. All my panel searches are with \| tstats, so my fields are limit... by 3DGjos Communicator in Splunk Search 02-13-2019 0 1	0	1
How could I chart ratio of counts of field values? Hi, suppose my events contain this field with two possible values: Ok=True or Ok=False Every hour, I'll have a cert... by jchowdown New Member in Splunk Search 02-13-2019 0 5	0	5