Splunk Search

Community Activity

Predict Command - Alert when value breaches upper95 Hi All, I'm trying to write a search that looks at creating an alert where there is a significant spike in HTTP POST... by MikeElliott Communicator in Splunk Search 11-13-2018 1 7	1	7
Predict Command: Endpoint Communicating with Excessive Hosts Hi team, I hope that we are all well? I'm looking to develop a use case designed to identify where an endpoint has ... by MikeElliott Communicator in Splunk Search 11-13-2018 1 0	1	0
How can I obtain a list of values returned by one query, but not another? I have one query that returns SESSION_IDs of attempted orders: index=my_index "abc" \| rex field=_raw "(?<SESSION_ID>... by jbrenner Path Finder in Splunk Search 11-13-2018 0 8	0	8
How do you join a field which does not exist in the subsearch? I need help with the following scenario. I want to join one of the fields of the main search to the sub search,l whi... by bollam Path Finder in Splunk Search 11-13-2018 0 4	0	4
How do you compare 2 multivalued fields from different indices? I am attempting to correlate network latency fields from different indices. Basically, I would like to end up with a ... by maxzintel Path Finder in Splunk Search 11-13-2018 0 11	0	11
Can you help me with the following value extraction of XML data? I want to say there's a "simple" way to sets of data from XML. For example: in the XML below, i want two records/even... by moorvogi Path Finder in Splunk Search 11-13-2018 1 6	1	6
How can I fill different values according to different conditions ? Hi , Here's my SPL: index="last_f" \| stats count by level,sys_name _time \| eval rate=case( lev... by WXY Path Finder in Splunk Search 11-13-2018 0 3	0	3
Create field extractions without the capability admin_all_objects Hi, my customer wants to create field extractions for the whole app. For this he need the permission admin_all_obje... by cesarb Path Finder in Splunk Search 11-13-2018 2 6	2	6
How do you plot a line over a timechart using an average taken of 6 out of 7 results? Basically, I want to plot a baseline (average count per host over 1 week) over an existing graph I have of my "top 10... by Haybuck15 Explorer in Splunk Search 11-13-2018 0 5	0	5
How do I combine start time from one event and end time in another and display the stats table in one row? Hello, I have the following search that generates the below table. How do i get the starting timestamp and the Succe... by x213217 Explorer in Splunk Search 11-13-2018 0 3	0	3
How do I convert total values as percentages? I have a query which shows tables as below I want to get the percentage in the total column instead of decimal nu... by jitin_ratra New Member in Splunk Search 11-13-2018 0 1	0	1
Is there a way to set the trellis chart color? Hello, I have a dashboard with the trellis displaying the numbers in the column chart (KPIs by host). The question ... by damucka Builder in Splunk Search 11-13-2018 0 1	0	1
How do you combine two fields from a username search into one field? Hey, I'm having an issue trying to combine a field into one when searching a separate field. I have tried two separ... by synking Explorer in Splunk Search 11-13-2018 0 5	0	5
Can you help me with extract fields from the following WMIC log files? I've got wmic logfiles which look like this: Name Vendor Version Java 8 Update 1... by rfellmann New Member in Splunk Search 11-13-2018 0 2	0	2
Default Values to a column for update this value in a popup Guys i have a table with 3 columns, events name, events count, and the last column is a comments column, that i need ... by lucasfbeinjamin Path Finder in Splunk Search 11-13-2018 0 0	0	0
Can you help me with the following regex please? hi I want to add a rex field in my search index=windows sourcetype="wineventlog:system" SourceName="Disk" count="$p... by jip31 Motivator in Splunk Search 11-13-2018 0 2	0	2
regex to extract part of the variable Hello, I need help with regex. I have the following string under the Tracefile variable in my search: /usr/sap... by damucka Builder in Splunk Search 11-13-2018 0 1	0	1
Can I do an eval on static values of an input? i have an input where I choose some values, based on which i want another input value to be calculated. Can I do an ... by jiaqya Builder in Splunk Search 11-12-2018 0 2	0	2
[Inquiry]: Retrieving search results with schedule timings Hi everyone, Good day! I would like to ask about my search query below. index="myIndex" source IN(MyLogs) host=s... by dcresido New Member in Splunk Search 11-12-2018 0 0	0	0
How do you compare 2 fields in a lookup against a single field in Splunk? Hi, I have a lookup with 2 fields, (device and IP) either of which can be used to log in to Splunk as the 'host' fie... by jacqu3sy Path Finder in Splunk Search 11-12-2018 0 1	0	1
Can you help me with my field extraction? As I extract a field with regex, and it has finished successful, why can't I find my created field in the field side ... by sabaKhadivi Path Finder in Splunk Search 11-12-2018 0 2	0	2
How do you create a subsearch for two correlated queries? Query One: One that is exclusive of Server4 in Index1 based of the hosts in Index2. I.e. based on the Index2 hosts, ... by princeali Engager in Splunk Search 11-12-2018 0 4	0	4
Sorting chart headers (dates) by descending I am trying to sort the column headers of a chart (dates) so they appear with the most recent date on the far left. I... by lukepatrick Explorer in Splunk Search 11-12-2018 0 0	0	0
Stats sum command experiencing strange behavior after 7.2.0 upgrade Hi Folks; So getting a very bizaare issue here after our upgrade to 7.2 index="app_rocket_dxs" sourcetype="fluentd_... by paimonsoror Builder in Splunk Search 11-12-2018 0 4	0	4
Get metrics from events in between 2 events I want to get metrics from events which occur between 2 events(eg: Job Start, Job end). This job event runs every 1h... by rajeshad45 Engager in Splunk Search 11-12-2018 1 1	1	1