Splunk Search

Community Activity

timechart issiue Hi , i have 3 fields host , swapfree, memoryfree in my index i want to display count like this : timechart span=1h... by Mohsin123 Path Finder in Splunk Search 11-14-2018 0 5	0	5
Datamodel is giving results outside of the constraints given in Summary Range I have accelerated my data model for 7 days period and Rebuild the datamodel. After its completion, I have executed ... by jshah24 Explorer in Splunk Search 11-14-2018 1 0	1	0
Why doesn't my columnchart show all events? For monitoring purposes I have a columnchart showing the number of events per minute for the last 30 minutes ("30 min... by Oerstier New Member in Splunk Search 11-14-2018 0 0	0	0
How do I get data from a stats table to send as a token? Hi , I have a table with a single data value inside. \|makeresults \|eval value=1 I just want to get the val... by jadengoho Builder in Splunk Search 11-14-2018 0 2	0	2
Why does the "transaction" command return different results by search mode(fast,smart,verbose) OR whether using optimization? My environment : splunk stand-alone ver7.1.4 *I found same phenomenon in ver7.1.3 I executed search below by using t... by yutaka1005 Builder in Splunk Search 11-13-2018 0 4	0	4
Grouping panels from different rows into one panel? Need your help friends. I have data appear as mentioned below. But i have requirement that instead of displaying sam... by Shan Builder in Splunk Search 11-13-2018 0 3	0	3
How to search for and trigger an email alert when there are no logs generated in a directory? I am needing to create an Alert to run every 30 minutes to monitor the file size of all the log files in a directory ... by venkatdba64 New Member in Splunk Search 11-13-2018 0 6	0	6
Predict Command - Alert when value breaches upper95 Hi All, I'm trying to write a search that looks at creating an alert where there is a significant spike in HTTP POST... by MikeElliott Communicator in Splunk Search 11-13-2018 1 7	1	7
Predict Command: Endpoint Communicating with Excessive Hosts Hi team, I hope that we are all well? I'm looking to develop a use case designed to identify where an endpoint has ... by MikeElliott Communicator in Splunk Search 11-13-2018 1 0	1	0
How can I obtain a list of values returned by one query, but not another? I have one query that returns SESSION_IDs of attempted orders: index=my_index "abc" \| rex field=_raw "(?<SESSION_ID>... by jbrenner Path Finder in Splunk Search 11-13-2018 0 8	0	8
How do you join a field which does not exist in the subsearch? I need help with the following scenario. I want to join one of the fields of the main search to the sub search,l whi... by bollam Path Finder in Splunk Search 11-13-2018 0 4	0	4
How do you compare 2 multivalued fields from different indices? I am attempting to correlate network latency fields from different indices. Basically, I would like to end up with a ... by maxzintel Path Finder in Splunk Search 11-13-2018 0 11	0	11
Can you help me with the following value extraction of XML data? I want to say there's a "simple" way to sets of data from XML. For example: in the XML below, i want two records/even... by moorvogi Path Finder in Splunk Search 11-13-2018 1 6	1	6
How can I fill different values according to different conditions ? Hi , Here's my SPL: index="last_f" \| stats count by level,sys_name _time \| eval rate=case( lev... by WXY Path Finder in Splunk Search 11-13-2018 0 3	0	3
Create field extractions without the capability admin_all_objects Hi, my customer wants to create field extractions for the whole app. For this he need the permission admin_all_obje... by cesarb Path Finder in Splunk Search 11-13-2018 2 6	2	6
How do you plot a line over a timechart using an average taken of 6 out of 7 results? Basically, I want to plot a baseline (average count per host over 1 week) over an existing graph I have of my "top 10... by Haybuck15 Explorer in Splunk Search 11-13-2018 0 5	0	5
How do I combine start time from one event and end time in another and display the stats table in one row? Hello, I have the following search that generates the below table. How do i get the starting timestamp and the Succe... by x213217 Explorer in Splunk Search 11-13-2018 0 3	0	3
How do I convert total values as percentages? I have a query which shows tables as below I want to get the percentage in the total column instead of decimal nu... by jitin_ratra New Member in Splunk Search 11-13-2018 0 1	0	1
Is there a way to set the trellis chart color? Hello, I have a dashboard with the trellis displaying the numbers in the column chart (KPIs by host). The question ... by damucka Builder in Splunk Search 11-13-2018 0 1	0	1
How do you combine two fields from a username search into one field? Hey, I'm having an issue trying to combine a field into one when searching a separate field. I have tried two separ... by synking Explorer in Splunk Search 11-13-2018 0 5	0	5
Can you help me with extract fields from the following WMIC log files? I've got wmic logfiles which look like this: Name Vendor Version Java 8 Update 1... by rfellmann New Member in Splunk Search 11-13-2018 0 2	0	2
Default Values to a column for update this value in a popup Guys i have a table with 3 columns, events name, events count, and the last column is a comments column, that i need ... by lucasfbeinjamin Path Finder in Splunk Search 11-13-2018 0 0	0	0
Can you help me with the following regex please? hi I want to add a rex field in my search index=windows sourcetype="wineventlog:system" SourceName="Disk" count="$p... by jip31 Motivator in Splunk Search 11-13-2018 0 2	0	2
regex to extract part of the variable Hello, I need help with regex. I have the following string under the Tracefile variable in my search: /usr/sap... by damucka Builder in Splunk Search 11-13-2018 0 1	0	1
Can I do an eval on static values of an input? i have an input where I choose some values, based on which i want another input value to be calculated. Can I do an ... by jiaqya Builder in Splunk Search 11-12-2018 0 2	0	2