Splunk Search

Community Activity

How do you get an average based on a date field? I have a Splunk log in JSON format as follows: {"SCMSplunkLog":{ "SCMSuccessLog":{ "payload":{ "sourceCount":0,"leve... by karthi25 Path Finder in Splunk Search 01-21-2019 0 1	0	1
Can you tell me the difference between two boolean expressions? Hi, I am currently figuring out what is wrong with my boolean expression. Currently, I'm making a whitelist of app... by y2kbcm Explorer in Splunk Search 01-21-2019 0 2	0	2
Cant ingest csv with £ sign, changes to \XA Good evening one and all, I have CSV files that have monetary values in them, however when they are ingested into sp... by rossparfect Path Finder in Splunk Search 01-21-2019 0 2	0	2
How do you create dummy values in a trellis chart? I have locations 1-6, and I am needing them to stay in the same spot, even if in the time event, there is not a quant... by tseale New Member in Splunk Search 01-21-2019 0 7	0	7
How do I get results of all values in 2 subqueries? i have 2 of the same subqueries in my search with different time periods. So, both results are different. If I use ... by Anantha123 Communicator in Splunk Search 01-21-2019 0 2	0	2
How do you extract multiline fields based on a different string? Hi, I am looking to extract fields from multi line events. I have two different types of events. I'm looking to dist... by AKG1_old1 Builder in Splunk Search 01-21-2019 0 6	0	6
How do you find the difference between the following two events? Hi, I have two events: event1: field1="A",field2="ABC",.....,fieldN="12" event2: field1="B",field2="ABC",.....,fiel... by yko84109 Loves-to-Learn in Splunk Search 01-21-2019 0 2	0	2
Is it possible to display\calculate the ISO year number for a date ? With strftime(_time, "%Y-%V"), I can create a period to sort on a year and ISO weeknumber. When I have events on 30-... by dirkpeter New Member in Splunk Search 01-21-2019 0 4	0	4
How to create a field with selected values of the same field Hi , I have OS field which has many rows .In that i need to filter only the below values and create a field , Windo... by umsundar2015 Path Finder in Splunk Search 01-21-2019 0 2	0	2
How do you search for a specific word when you don't know what the field is? Heya Guys, I'm very new to Splunk and this is likely an obvious answer or I have skimmed across documentation and mi... by brewster88 New Member in Splunk Search 01-21-2019 0 3	0	3
Deploy search head cluster Hello, I'm deploying a search head cluster and I have a doubt about the steps described on the following link: http... by siemteam Explorer in Splunk Search 01-21-2019 0 4	0	4
Why are delimited field extractions not working? Hello, we are inputting data via the HTTP Event collector. The "event" member has this format, which we are trying to... by richardAtOmni Path Finder in Splunk Search 01-20-2019 0 4	0	4
Field extract NOT search. Hi My data format is as follows. A=123456789 Field was extracted for every three digits from field A. My field extra... by khyoung7410 Communicator in Splunk Search 01-20-2019 0 2	0	2
subsearch for failed login hi guys i wanted to search for a list of failed login attempts by privileged users from existing successful logons (E... by hok2010 New Member in Splunk Search 01-19-2019 0 1	0	1
Trying to get month over month with detail. My current working and pretty one is this: \|eval Owner=ProductName \| stats sum(Cost) as Total by TimePeriod, Owne... by tmblue Engager in Splunk Search 01-19-2019 0 6	0	6
How to specify a particular aggregate value in query for Single Value Visualization Chart? how do i specify a particular value to be displayed in single value visualization chart? i only want the totalCount (... by jaj Path Finder in Splunk Search 01-19-2019 0 6	0	6
When do you put a \| (pipe) as the first character in a search I have noticed several search commands which are preceded by a pipe character with no input left of the pipe. For exa... by coleman07 Path Finder in Splunk Search 01-19-2019 2 5	2	5
Want to confine splunk process running on servers as required by our audit. How to achieve? Issue: Splunk is running as unconfiged daemon ps -eZ \| egrep "initrc" \| egrep -vw "tr\|ps\|egrep\|bash\|awk" \| tr ':' ' ... by sdubey_splunk Splunk Employee in Splunk Search 01-19-2019 0 1	0	1
i want to iterate values a field from one source type and compare each values with set of values in another field of different sourcetype Hi I have two sourcetype A and B where sourcetype A has field A1 and sourcetype B has field B1. My base query is ... by vkrishnachand New Member in Splunk Search 01-18-2019 0 1	0	1
Count of values in a multi-value field Log lines: k1=doesn't matter, k2=doesn't matter, k3=[v3, v4] k1=doesn't matter, k2=doesn't matter, k3=[v5, v4, v6] k... by hpendela New Member in Splunk Search 01-18-2019 0 2	0	2
Setting several independent AND/OR conditions on single search I'm running a search against a single index and sourcetype for events that have slightly different data. I want to se... by jpawloski Path Finder in Splunk Search 01-18-2019 0 4	0	4
How can I condense this data into distinct session times? [Easy-ish search question] Data: user Source_Network_Address session_start session_end bob 10.0.0.1 ... by nick405060 Motivator in Splunk Search 01-18-2019 0 3	0	3
How do you return a table of a value by a department and then display it by how many days ago it occurred ? I need to return a table of a value by a department and then display it by how many days ago it occurred (Very Impor... by ryhluc01 Communicator in Splunk Search 01-18-2019 0 8	0	8
How to add an SLA line overlay in a column chart? I want to show TP99 in a column chart, and add a line to show SLA. Here is the chart I want: But the following is ... by amylala Explorer in Splunk Search 01-18-2019 0 7	0	7
How to sum a column's values along multiple categories, then display the summed column along with the category which contributed the largest value in that category, all in the same row? I have the following data: A B C Pkg Area ... by rey123 Path Finder in Splunk Search 01-18-2019 0 5	0	5