Splunk Search

Community Activity

Compare field with lookup Hi I have a lookup table containg the host name and a software version hostlookup.csv hostname,version hostA,2 hos... by mfritsch New Member in Splunk Search 10-18-2018 0 3	0	3
How do you use the timechart command to retrieve top IP by span window with top value in this window? I try to get from iis logs top source IP by requests with the number of requests in every 5 seconds. If I just try to... by evkuzin New Member in Splunk Search 10-18-2018 0 2	0	2
find maximum value of a field by host over the last 7 days I need am trying to find the maximum value of a field(Peak value and time at which it happened everyday) based on a ... by arrangineni Path Finder in Splunk Search 10-17-2018 0 1	0	1
How do I make an alert which triggers if an event's delay is unusually long? I have multiple events such as below: Key points here: New values of event_type may be added randomly and the sched... by matthewg Explorer in Splunk Search 10-17-2018 0 2	0	2
SPLUNK Search derived from Stream app produces strange result... Hi there, when I run this search: index=* source=stream:Splunk_IP \| rex field=src_ip "(?<src1>.)\.(?<src2>.)\.(?<... by heskez Engager in Splunk Search 10-17-2018 0 7	0	7
Quote escaping best practices I'm trying to figure out how I can format my logs such that splunk does not get confused by an escaped quote. I'm cur... by stevennoble Explorer in Splunk Search 10-17-2018 3 5	3	5
Comparing raw data volume Vs indexed data volume How do i compare my raw data volume to the indexed data volume for a specific source type? Can someone help with thi... by gnanaraj_mcc Loves-to-Learn Lots in Splunk Search 10-17-2018 0 1	0	1
How do I return a string field (e.g. FQDN) with an IF statement? I am trying to look up a server (using an input field - $field1$) in my dashboard and pull the most recent alerts for... by josephinemho Path Finder in Splunk Search 10-17-2018 1 0	1	0
Clear textbox value after submit I have a dashboard where I want to use a textbox input to add data to a lookup file. I have managed to get this to ... by garryclarke Path Finder in Splunk Search 10-17-2018 1 6	1	6
How do you extract the following field using the rex command? Additional backup items: /db/cos7j.dump.Z /db/PSCSS.dump.Z /db/imqdb0152.dump.Z I want to extract 0152 from this. by shubhambhagat02 New Member in Splunk Search 10-17-2018 0 10	0	10
Can you help me use the tstats command with a fillnull? Greetings, So, I want to use the tstats command. It's super fast and efficient. But not if it's going to remove im... by chris94089 Path Finder in Splunk Search 10-17-2018 1 2	1	2
How to exclude multiple time ranges in a search? Hi, I would like to execute a search, where several non-overlapping time ranges are excluded. An exclusion time rang... by hbacbs Explorer in Splunk Search 10-17-2018 2 2	2	2
Why is a search for fields added with _meta in inputs.conf not returning any results? Hello, We added several fields with the _meta keyword in inputs.conf. When we search for the fields with "field::val... by rainerzufall Path Finder in Splunk Search 10-17-2018 0 8	0	8
How do I rename field name with dollar and curly braces in name? Hello, I would like to ask you how to rename field name like "${http.headers.ClientSide}". Such names are generate... by ReddySk Explorer in Splunk Search 10-17-2018 0 6	0	6
Can anyone help me split this field into 2? Hi! temp=C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe to... path=C:\Program Files\SplunkUn... by hok2010 New Member in Splunk Search 10-17-2018 0 2	0	2
Why is _time showing in 12 hr format in the following graph? For some reason, my column graph is showing the time in a 12hr (AM or PM) format, which I do not want. The same query... by svijay30 Engager in Splunk Search 10-17-2018 1 2	1	2
How do you fetch table data from join table? There are two tables: "Table A" is a detailed information, and the "Table B" is the primary key. The two tables are ... by flzhang132 Explorer in Splunk Search 10-17-2018 0 4	0	4
count value per minute and then sum the count per hour I have the query that gives me the results I need. I just wanted to ask the gurus out here to look at my SPL and if ... by mmdacutanan Explorer in Splunk Search 10-16-2018 0 0	0	0
Hi All, how can i take result (which is a macro ) of inputlookup table and use that result to extract data from the macro ?? \| inputlookup ED_ENDI_Digital_Flow \| search Flow="ED_ENDI_FLOW_" \| search Step="ED_ENDI_STEP" \| rex field=Step "ED... by Anantha123 Communicator in Splunk Search 10-16-2018 0 3	0	3
Your maximum disk usage quota has been reached - WHat does this mean? When I try to run a search in Splunk Web, I see this error message - Your maximum disk usage quota has been reached... by mctester Communicator in Splunk Search 10-16-2018 7 5	7	5
How to append values from a field to all values of a multivalued field? Hi All, I have a multivalued field. I want to take values from one field and append the same to all the values of a... by kabiraj Path Finder in Splunk Search 10-16-2018 0 7	0	7
Trendline to work grouped by field Hi, My intention is to measure the 2 hour moving average of the events with X201 reason code ratio compared to the t... by Esperteyu Explorer in Splunk Search 10-16-2018 1 2	1	2
Can you help me with my non overlapping time window query? Min and Max are _time min and max values per database. Any ideas on how can I find when a MIN is higher than another ... by tamakg Path Finder in Splunk Search 10-16-2018 0 1	0	1
Multiple queries for single value panel? I have some index=job_console source="DEV2" "Finished:" \| sort - _time <_time value here> Result: 2018-10-16T12:... by pshangguan New Member in Splunk Search 10-16-2018 0 0	0	0
How do I extract a year and use as a chart? I have a csv lookup that has the date in MM/DD/YYYY format. I managed to get the data into splunk with DBConnect. Ult... by devfrag New Member in Splunk Search 10-16-2018 0 1	0	1