Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
mlorrette

Can you help me with a query with the timechart command?

same search: timespan showing X results while search is showing Y results for the same timeframe. This search that i...
by mlorrette Path Finder in Splunk Search 12-21-2018
0 3
0
3
ppanchal

Will you help me create the regex to convert the following data into a column value pair?

Hi, Below is my sample payload. I want to convert/display it into a column value pair. Eg, ESBTransactionID 7...
by ppanchal Path Finder in Splunk Search 12-21-2018
0 3
0
3
shivam2411

How do you extract a field using regex?

00000887 ThreadMonitor W WSVR0606W: Thread "WebContainer : 24" (00000887) was previously reported to be hung but has ...
by shivam2411 New Member in Splunk Search 12-21-2018
0 6
0
6
krusovice

Can you help me answer a question with the chart command?

Hi there, I have this query formed and I can't the get expected result, but it's very close to what I want. The resu...
by krusovice Path Finder in Splunk Search 12-21-2018
0 6
0
6
the_wolverine

What are some solutions for high cardinality field reporting?

We have high cardinality data -- virtually every event is unique except for a small percentage of cases that we care ...
by the_wolverine Champion in Splunk Search 12-21-2018
0 2
0
2
VI371887

stats option compatibility

Does stats support function inside function like shown below ? Where first i want to take percentile90 of PERCENT90 ...
by VI371887 Path Finder in Splunk Search 12-21-2018
0 1
0
1
shivam2411

Can you help me extract the time value and the thread count from the following data using regex?

00000887 ThreadMonitor W WSVR0606W: Thread "WebContainer : 24" (00000887) was previously reported to be hung but has ...
by shivam2411 New Member in Splunk Search 12-21-2018
0 1
0
1
pavanae

How to display a search result by the Log Size per field in MB, not the event count?

Hi I have the following search which is presently displaying the list of eventcounts by the field "category_type", ...
by pavanae Builder in Splunk Search 12-21-2018
0 4
0
4
jip31

What is the best query for retrieving a field name in different languages?

hello, I use the WMI below index="windows-wmi" sourcetype="WMI:Reliability" Logfile=Application SourceName="Applica...
by jip31 Motivator in Splunk Search 12-21-2018
0 7
0
7
aravindhan_padm

How do you extract dynamic nested array coordinates from JSON?

I need help in extracting fields from the dynamically nested array coordinates from JSON. Here is the example data....
by aravindhan_padm New Member in Splunk Search 12-21-2018
0 1
0
1
aovsiannikov

How do I find rows in a table with more fields, which are NOT EQUAL to any row in table with less fields?

I.e. <search1>: ... | table id, f1, f2, f3 <search2>: ... | table id, f1, f2 I need to find all records in <searc...
by aovsiannikov Explorer in Splunk Search 12-21-2018
0 4
0
4
serviceinfrastr

How do you calculate availability with 2 searches?

Hi team, I want to determine the availabilty of my application with the http status code (Number of request http >...
by serviceinfrastr Explorer in Splunk Search 12-21-2018
0 3
0
3
newsplnkr

How do I extract the value of a field value in Splunk?

Hello all, I am trying to get the value of a field from an event in Splunk. The event looks like follows: message="...
by newsplnkr Explorer in Splunk Search 12-20-2018
0 2
0
2
VI371887

time picker average if selected more than one day

Hi All. I need help regarding one my query, shown below index=int_app source="City_APP*" FUNCTION=* ACTION=* | ...
by VI371887 Path Finder in Splunk Search 12-20-2018
0 4
0
4
w344423

How do you go forward and backwards through the following records?

Hi all, I need some help here. I have a sample records of 30 lines, and now would need to eval the endtime. However,...
by w344423 Explorer in Splunk Search 12-20-2018
0 2
0
2
nomadichunters

How to get the colums results attached of first search and second search based on a common fieldvalue?

first query output : CommonField , FirstQueryValue1 , FirstQueryValue2 1 fv1 fv2_1 2 fv1...
by nomadichunters Explorer in Splunk Search 12-20-2018
0 5
0
5
Log_wrangler

How do I count and sum multivalue fields by another multivalue field?

Hi, I am hitting a dead end with my search... I have two multivalue fields: Site_ID - has 100's of values Attack ...
by Log_wrangler Builder in Splunk Search 12-20-2018
0 2
0
2
newsplnkr

How can I derive a field based on the existing two fields?

Hello All, I am new to Splunk, and in need of help for below events: [testName="MobileExp",experience="FetchOn"][te...
by newsplnkr Explorer in Splunk Search 12-20-2018
0 7
0
7
justaj

search/jobs/sid/results

Hi, I'm creating a search via search/jobs. I am then getting the status of the search via search/jobs/sid. Once I ...
by justaj Explorer in Splunk Search 12-20-2018
0 6
0
6
abarnett

How to build a Browsing Report per User?

Hi All, I'm trying to build a weekly report showing all the URLs every user has been to over that past week. I'm ge...
by abarnett New Member in Splunk Search 12-20-2018
0 5
0
5
rvoninski_splun

Can you help me determine the best way to stream through events for a specific type of event?

I have data that looks like this. 2018-12-13 18:48:05.411 +0000 Tag="Door_Locked" Value="1" 2018-12-13 19:42:41.885 ...
by rvoninski_splun Splunk Employee Splunk Employee in Splunk Search 12-20-2018
0 3
0
3
toph3r

Quotes around first word in inputlookup value

I am using an input lookup to exclude results from a search (e.g. index=main NOT [| inputlookup test_lookup.csv | fie...
by toph3r Explorer in Splunk Search 12-20-2018
0 5
0
5
georgiahurst

Why is the field format not working on our timechart search?

I'm trying to plot the duration open for some of my data. I initially converted the open and close times to UNIX data...
by georgiahurst Engager in Splunk Search 12-20-2018
0 1
0
1
rajim

How come I can't get mvdedup and mvexpand commands to work properly?

I have a query where I'm using mvexpand and mvdedup commands to extract some records and calculate related values. Bu...
by rajim Path Finder in Splunk Search 12-20-2018
0 6
0
6
costatiago

Exists any app to do the Translation of text values from any language to the english language in Splunk?

I would like to know if there is anybody know of any kind of application that does text translation to the English la...
by costatiago New Member in Splunk Search 12-20-2018
0 0
0
0
Top Labels
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...