Splunk Search

Community Activity

What is the best query for retrieving a field name in different languages? hello, I use the WMI below index="windows-wmi" sourcetype="WMI:Reliability" Logfile=Application SourceName="Applica... by jip31 Motivator in Splunk Search 12-21-2018 0 7	0	7
How do you extract dynamic nested array coordinates from JSON? I need help in extracting fields from the dynamically nested array coordinates from JSON. Here is the example data.... by aravindhan_padm New Member in Splunk Search 12-21-2018 0 1	0	1
How do I find rows in a table with more fields, which are NOT EQUAL to any row in table with less fields? I.e. <search1>: ... \| table id, f1, f2, f3 <search2>: ... \| table id, f1, f2 I need to find all records in <searc... by aovsiannikov Explorer in Splunk Search 12-21-2018 0 4	0	4
How do you calculate availability with 2 searches? Hi team, I want to determine the availabilty of my application with the http status code (Number of request http >... by serviceinfrastr Explorer in Splunk Search 12-21-2018 0 3	0	3
How do I extract the value of a field value in Splunk? Hello all, I am trying to get the value of a field from an event in Splunk. The event looks like follows: message="... by newsplnkr Explorer in Splunk Search 12-20-2018 0 2	0	2
time picker average if selected more than one day Hi All. I need help regarding one my query, shown below index=int_app source="City_APP" FUNCTION= ACTION=* \| ... by VI371887 Path Finder in Splunk Search 12-20-2018 0 4	0	4
How do you go forward and backwards through the following records? Hi all, I need some help here. I have a sample records of 30 lines, and now would need to eval the endtime. However,... by w344423 Explorer in Splunk Search 12-20-2018 0 2	0	2
How to get the colums results attached of first search and second search based on a common fieldvalue? first query output : CommonField , FirstQueryValue1 , FirstQueryValue2 1 fv1 fv2_1 2 fv1... by nomadichunters Explorer in Splunk Search 12-20-2018 0 5	0	5
How do I count and sum multivalue fields by another multivalue field? Hi, I am hitting a dead end with my search... I have two multivalue fields: Site_ID - has 100's of values Attack ... by Log_wrangler Builder in Splunk Search 12-20-2018 0 2	0	2
How can I derive a field based on the existing two fields? Hello All, I am new to Splunk, and in need of help for below events: [testName="MobileExp",experience="FetchOn"][te... by newsplnkr Explorer in Splunk Search 12-20-2018 0 7	0	7
search/jobs/sid/results Hi, I'm creating a search via search/jobs. I am then getting the status of the search via search/jobs/sid. Once I ... by justaj Explorer in Splunk Search 12-20-2018 0 6	0	6
How to build a Browsing Report per User? Hi All, I'm trying to build a weekly report showing all the URLs every user has been to over that past week. I'm ge... by abarnett New Member in Splunk Search 12-20-2018 0 5	0	5
Can you help me determine the best way to stream through events for a specific type of event? I have data that looks like this. 2018-12-13 18:48:05.411 +0000 Tag="Door_Locked" Value="1" 2018-12-13 19:42:41.885 ... by rvoninski_splun Splunk Employee in Splunk Search 12-20-2018 0 3	0	3
Quotes around first word in inputlookup value I am using an input lookup to exclude results from a search (e.g. index=main NOT [\| inputlookup test_lookup.csv \| fie... by toph3r Explorer in Splunk Search 12-20-2018 0 5	0	5
Why is the field format not working on our timechart search? I'm trying to plot the duration open for some of my data. I initially converted the open and close times to UNIX data... by georgiahurst Engager in Splunk Search 12-20-2018 0 1	0	1
How come I can't get mvdedup and mvexpand commands to work properly? I have a query where I'm using mvexpand and mvdedup commands to extract some records and calculate related values. Bu... by rajim Path Finder in Splunk Search 12-20-2018 0 6	0	6
Exists any app to do the Translation of text values from any language to the english language in Splunk? I would like to know if there is anybody know of any kind of application that does text translation to the English la... by costatiago New Member in Splunk Search 12-20-2018 0 0	0	0
"rf" & "f" search job parameter is showing default fields also I am trying to get the summary of the fields using search/jobs api from python program. When using the curl command,... by srikspunk New Member in Splunk Search 12-20-2018 0 5	0	5
How do I move results retrieved by the "delta" command one row up? Is it possible to move the results of "delta" one row up? I calculate time difference with "delta" and would like to... by j_r Path Finder in Splunk Search 12-20-2018 0 1	0	1
Splunk DB Connect SQL query with variables Hi, I am trying to make a Data Lab Input for Splunk DB Connect using the followng query: declare @cntr_value_1 numer... by efn Engager in Splunk Search 12-20-2018 1 2	1	2
Can you help me with some problems with matching rex? Hey, so I've been through all the posts here, and on Google, I can find for this, and I imagine it's a stupid mista... by replicamask Explorer in Splunk Search 12-19-2018 0 3	0	3
Timechart past 24 hours with a 30 day trendline comparison I have a timechart where I am getting the average of user actions. What I would like to do is have this run for the p... by aohls Contributor in Splunk Search 12-19-2018 0 4	0	4
How to use results of stats command in other stats commands? Hello, I need some assistance on the following scenario. Let's say I have a fields "Country" "cities" "command" Th... by bollam Path Finder in Splunk Search 12-19-2018 0 2	0	2
what does dedup_splitvals argument for stats command do? I have a stats command in my correlation search spl which has an argument dedup_splitvals=t not sure what this argume... by manojsecsme Explorer in Splunk Search 12-19-2018 4 2	4	2
Setting up custom condition for alert Hello, I have the following search: host="x.x.x.x" OR host="x.x.x.x" Message_Type="Authen failed" PCI \| eval Source... by robK123 Explorer in Splunk Search 12-19-2018 0 6	0	6