Splunk Search

Community Activity

How to add % symbol with data labels in charts? I want to add % symbol with both the y-axis legend and data labels Thanks in advance! by ny34940 Path Finder in Splunk Search 12-09-2018 0 13	0	13
How to get Splunk btool command to return an exact match? Hi, I have savedsearches like: dev_sudo dev_sudo mod dev_sudo mod2 How to dump the first with btool? If I use spl... by lukasz92 Communicator in Splunk Search 12-08-2018 0 3	0	3
How do you extract a hostname from a source path? Hello all , I've configured Splunk to monitor directory , i.e. /usr/home/test/* for new CSV files ( periodically ... by rkatsnel New Member in Splunk Search 12-08-2018 0 6	0	6
Join Earlier Joins with Later I'm doing a join where I want to only get subsearch events that happened before the parent search event. Thus, I'm u... by grex2595 New Member in Splunk Search 12-08-2018 0 1	0	1
How to trigger the DMC Alert - Near Critical Disk Usage alert on the monitoring console? Hello, I've been asked to set up an alert for disk space exceeding 80%. I enabled the DMC Alert - Near Critical Di... by moizmmz Path Finder in Splunk Search 12-07-2018 0 3	0	3
Why am I seeing several thousand skipped searches per day in the Splunk Deployment Monitor app? Using Splunk 7.2.0. While looking at the Monitoring Console and performing this search (see below) , I see almost 70... by juanlazarosanch New Member in Splunk Search 12-07-2018 0 1	0	1
Subsearch leading to I notice that the below query results in 0 events, whereas the baseSearch alone results in 11 events and the sub-sear... by samtheman Engager in Splunk Search 12-07-2018 0 3	0	3
How can I make my table results in 3s time intervals? Query I am running: index="dcg-video-eng-live-services-stage" \| spath "message.req.originalUrl" \| search "message.re... by moizmmz Path Finder in Splunk Search 12-07-2018 0 8	0	8
How can I split JSON into multiple events? Hi, can anyone help me a bit? i am trying to split an event in more lines or more events, every events got multiple ... by 0xlc Path Finder in Splunk Search 12-07-2018 0 2	0	2
How do I convert epochtime = -1 to a human readable format? I am creating a dashboard for Tenable results and some entries have a Patch Publication Date value of -1. I'm having ... by lball Explorer in Splunk Search 12-07-2018 0 3	0	3
How should I rename a dynamic value after using the timechart count by? Hi All, I am using this search string as below : (some data- index, host, etc)............. \| xmlkv \| search "ns0:Ap... by vaibhavvijay9 New Member in Splunk Search 12-06-2018 0 3	0	3
How do I make a query which finds logs where the value for a field matches? Log1: id=5 errorA Log2: id=5 errorB I would like a query to return the logs with the same id value grouped together.... by infcl Explorer in Splunk Search 12-06-2018 0 1	0	1
How do I search for events within _indextime? I understand the behavior of Splunk when using _indextime, but I want to know what query would do what I really am lo... by mcbradfordwcb Engager in Splunk Search 12-06-2018 0 7	0	7
Is there a way to draw the line of where the cutoff point for outliers is? I refer to the outlier command https://docs.splunk.com/Documentation/Splunk/7.0.4/SearchReference/Outlier *Is there ... by HattrickNZ Motivator in Splunk Search 12-06-2018 0 0	0	0
How do I extract a value from the the following JSON? I want to extract the following values from below JSON. Values needs to be extracted from the highlighted text in Bol... by abhishekgandhe Explorer in Splunk Search 12-06-2018 0 2	0	2
Why is my join query pulling results correctly sometimes while other times, it's not? Join query return weird result. Sometime its pull correct result & if I execute the same query after 2 mins. Some of ... by purnang New Member in Splunk Search 12-06-2018 0 4	0	4
Json array to multiple events virus_type {"Troj/DocDl-QUA": 4, "CXmail/OleDl-AU": 44, "CXmail/EncDoc-B": 6, "Troj/DocDl-QVV": 10, "Troj/DocDl-QVQ... by haoban Path Finder in Splunk Search 12-06-2018 0 0	0	0
How do I get unique values of different types of events without duplicates? Hello, I have got events with two different types: Type=First and type=Second I would like to get the consolidated(... by bollam Path Finder in Splunk Search 12-06-2018 0 3	0	3
Dashboard - PIE Chart In PIEchart dashboard, I can view the details of all the slices properly. But while trying to export as PDF.. only 12... by vinoth12 New Member in Splunk Search 12-06-2018 0 3	0	3
creating JobStatus module in 7.x versions I created a dashboard and is there any way to add jobstatus module for whole dashboard. Is it also possible to add pr... by snallam123 Path Finder in Splunk Search 12-06-2018 0 2	0	2
Transaction mvindex sort order? Hey Base, I encountered a problem with the transaction command. Here is the scenario: I have a group of 3 correlati... by ndcl Path Finder in Splunk Search 12-06-2018 1 10	1	10
How do I combine data from two different sources without the append or the union command? Hi, is there any way to combine data from two different sources without the append or the union command? I have a c... by atozeswar New Member in Splunk Search 12-06-2018 0 5	0	5
Slack alert in Splunk 6.4 or 6.5.5 Hello all, I am getting the below error when I trigger alert from Slack alert app. I tried from Splunk 6.4 and 6.5.5... by impurush Contributor in Splunk Search 12-06-2018 0 4	0	4
Can you help me with an eval that has conditions? hello, I use the code below in order to test if a filename exists. It works, but only when I put the token time on ... by jip31 Motivator in Splunk Search 12-06-2018 0 8	0	8
How do I generate a search that shows me the total REVENUE generated per by week? Hi Guys, I'm a new Splunk user: I have a dataset with fields Date, ACC_NBR, Count, REVENUE. Date (Date when number ... by makhombi New Member in Splunk Search 12-06-2018 0 3	0	3