Splunk Search

Community Activity

How to group by month if we have data from. Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time) by rajhemant26 New Member in Splunk Search 10-26-2018 0 2	0	2
Eval round gives inconsistent half-rounding results I tried setting up a Splunk alert to check for inconsistencies between a rounded total and a raw total, but the alert... by pentwist Engager in Splunk Search 10-26-2018 0 5	0	5
Extracting unique Null Pointer Exception from the logs via Splunk I am looking to extract unique NullPointerException from the Splunk Logs. Unfortunately somehwere my regex is isnt ex... by ashirgao New Member in Splunk Search 10-25-2018 0 1	0	1
Can you help me with my stats count? hello I use the request below, which works: index="windows" sourcetype="wineventlog:Application" "SourceName=*" Typ... by jip31 Motivator in Splunk Search 10-25-2018 0 4	0	4
How do I use the eval command to calculate error rates and show them as percentages? Hello, I am creating a dashboard in which I am displaying total logins, successful logins, failed logins, error rate... by moizmmz Path Finder in Splunk Search 10-25-2018 0 20	0	20
How do I rename the values in the following field? https://drive.google.com/file/d/13tgNyaelfyPwxIvgAOA1Gn1hI628dGB2/view?usp=sharing[link text]1 I want to rename the ... by moizmmz Path Finder in Splunk Search 10-25-2018 0 2	0	2
search time data masking Hi I am trying to mask indexed data using following props.conf comfig for linux_secure. [linux_secure] EXTRACT-ip ... by melonman Motivator in Splunk Search 10-25-2018 0 3	0	3
Error message above search bar Hi All, When I am executing a search query something like "index=index1", I am getting the below error message above... by bsantosh New Member in Splunk Search 10-25-2018 0 3	0	3
Can you help me with an issue i'm having with the strptime function? I am trying to implement strptime command on my lookup named test.csv, which has fields _time, hits with data from ... by Divyachundu New Member in Splunk Search 10-25-2018 0 4	0	4
How do you convert numeric value from 5000 to 5k for a field? I am planning to convert the value of a count into 5k, 500k format rather than the whole number. May I know how I can... by arrangineni Path Finder in Splunk Search 10-25-2018 0 1	0	1
Make data in a stacked area chart 'float' Any way to make one series in a stacked area chart invisible? I've got a bunch of data I want to make a floating rib... by mikclrk Explorer in Splunk Search 10-25-2018 0 0	0	0
How come only one of many fields is not extracting? I have a weird behavior in my environment. When I get new data, I parse them using my regex (= as delimiter between ... by shayhibah Path Finder in Splunk Search 10-25-2018 0 6	0	6
How do I count occurrences with wildcard in count by field? Hi, I have the following values from my search result: /api/v2/nodes/107757943/nodes /api/v2/nodes/107758003/nodes... by mhornste Path Finder in Splunk Search 10-25-2018 1 4	1	4
Can you help me break my search up into two smaller ones? I have a query that is taking up too many resources I am told. I decided to break it up into two smaller reports (on... by bealm New Member in Splunk Search 10-25-2018 0 3	0	3
Splunk dbxquery to call stored procedure with subsearch to populate parameter not working I have two working Splunk queries as follows. The first one takes in an IP Address and datetime and returns a Mac Ad... by rdclark Engager in Splunk Search 10-25-2018 0 1	0	1
Why is HTTP is working while HTTPS is not? Hi, I tried to enable SSL on my Splunk instances. A few of them were successful. Some of them(specifically none of t... by graju89 Path Finder in Splunk Search 10-25-2018 0 2	0	2
In a statistics table, how do I make it so a row hides when clicked upon? Hello guys I want to hide the row of a table after clicking on a cell on this table. I guess I should look for JS so... by denys_k Explorer in Splunk Search 10-25-2018 0 2	0	2
Feature Suggestion: Panel-local variables for prebuilt panels Prebuilt panels would be more useful if they allowed local variables. This would parallel the way macros allow argum... by madkins23 New Member in Splunk Search 10-25-2018 0 1	0	1
Merge tables by aligning fields with same value Hello, I have two tables listed below. The small table is a subset of the large table. Large_table S... by Thuan Explorer in Splunk Search 10-24-2018 0 0	0	0
Use a lookup file to show IP name Hello,I have a csv file ,and I use it as a lookup table, it has two fields : IP,IP Name; \| inputlookup ip_name.csv ... by WXY Path Finder in Splunk Search 10-24-2018 0 1	0	1
How to increase the maximum number of conditions in a splunk search? Hi there, I have a search below: host = xxx.xxx.xxx.xxx AND duration \| rex field=_raw (something) \| rex field=_raw (... by zongwei New Member in Splunk Search 10-24-2018 0 2	0	2
Field extraction for IP ADFS Logs Hello, I found one post but the REGEX search didn't work. How would I extract the IP into a new field that comes aft... by donaldmayo New Member in Splunk Search 10-24-2018 0 1	0	1
Can eventstats or streamstats be used with accelerated data model searches? We are looking to convert most if not all of our existing searches and correlation rules to search against accelerate... by john_dagostino Path Finder in Splunk Search 10-24-2018 0 3	0	3
How to compare two CSVs and see what's missing from the original? Hi, consider these two CSVs septemberheros.csv: name alias best_power origin clark superman fl... by russell120 Communicator in Splunk Search 10-24-2018 0 3	0	3
How to find a difference between two times which are off by two different formats and set an alert if the difference is more than 10mins? Hi, I have a query which returns two columns Time1 which is _time and one more column Time 2 which is user calculat... by sangs8788 Communicator in Splunk Search 10-24-2018 0 3	0	3