Splunk Search

Community Activity

How do I split an event with extracted fields into rows? Hello all, I've used the following SPL to extract some fields from my logs. I got the following result. My issue... by shaheelkhan59 New Member in Splunk Search 10-12-2018 0 3	0	3
What should be the sequence of using dedup and sort together in a query? When dedup is used before sort in a query, the number of events returned is greater than the vice versa. by prachi0693 New Member in Splunk Search 10-12-2018 0 1	0	1
How to estimate an empty value in a search I have some events like : _time CITY %CPU %Disk Read Time %Disk Writ... by celianouguier Explorer in Splunk Search 10-12-2018 0 4	0	4
map command works but need more fields Hi Guys, I have a search that is working fine.. However the issue is that using the map command removes all other fi... by mwdbhyat Builder in Splunk Search 10-12-2018 0 1	0	1
Subsearch timeout SPL Hi guys, I have a search with subsearch that times out before it can complete. The subsearch doesnt finalise, so the... by mwdbhyat Builder in Splunk Search 10-11-2018 0 4	0	4
Average of a field Hi, I have a log trace like, ...........................wages: 50 I have written a splunk query to skip all the e... by saranyaa21 Path Finder in Splunk Search 10-11-2018 0 6	0	6
Throughput calculate for web servers How to calculate Throughput for web servers. if we have following data source. server name RAF,TAP,DFT by rajhemant26 New Member in Splunk Search 10-11-2018 0 1	0	1
Spaces removed from query - repeatable We have a report that runs and when you edit the report in the edit window, it will strip the space if the line wraps... by moorvogi Path Finder in Splunk Search 10-11-2018 0 3	0	3
SPlunk search not returning all events Hi, We have a query with below format: (index=A sourcetype=A1) OR (index=A sourcetype=A2) OR (index=B sourcetype=B1... by varun85negi Engager in Splunk Search 10-11-2018 1 3	1	3
Why does creating a new field sometimes require restarting Splunk services? We are having an issue when creating a New Field by using RegEx instead of the Field Extractor. The field itself may ... by sgoodman26 Explorer in Splunk Search 10-11-2018 0 3	0	3
How do you count the least number of events (as opposed to the highest number)? I have a Top Ten report going which counts the highest number of network timeout/disconnects on wireless devices by t... by stcrispan Communicator in Splunk Search 10-11-2018 0 5	0	5
tstats summariesonly query does not return results Hi all, my query is not returning any results and I think it's an error in the query. The clauses 'as' and 'from' in ... by kokanne Communicator in Splunk Search 10-11-2018 1 19	1	19
How do I fetch data from an existing field? I have a field in my log which contains a huge text data with two different formats. I tried to catch a few parts in ... by twh1 Communicator in Splunk Search 10-11-2018 0 3	0	3
How do you create a Splunk query to get new inbound IP's? I am trying to get a list of new inbound IPs/hosts, which would compare to the old data of the previous month from a ... by arrangineni Path Finder in Splunk Search 10-11-2018 0 0	0	0
mstats latest(_time) not working I am not able to get the latest (or earliest) _time values using mstats. \| mstats sum(bytes) latest(_time) where ind... by simpkins1958 Contributor in Splunk Search 10-11-2018 0 2	0	2
Regex Expressions Hi Team, I need to extract the fields from the JSON format in my Search Head GUI so kindly let us know how to procee... by anandhalagarasa Path Finder in Splunk Search 10-11-2018 0 6	0	6
How do I compare the log date with the time picker date? I want to check the records for which CREATE_TIME matches based on my date selection from time picker control. Curren... by twh1 Communicator in Splunk Search 10-11-2018 0 8	0	8
Display all values at time when hoovering over timechart I have a timechart with multiple values/graphs. When hoovering my mouse over the timechart I can only see one value ... by snorri Path Finder in Splunk Search 10-11-2018 0 4	0	4
How do I convert rows to columns by time? I have universal forwarder data which I access using the below query, but the fields are coming in each row. I want ... by jiaqya Builder in Splunk Search 10-11-2018 0 5	0	5
How do you tweak Splunk to display an event that is more than 500 lines long? I'm getting an error in Splunk GUI that says my events are exceeding a 500 max limit. How do you tweak Splunk to disp... by maverick Splunk Employee in Splunk Search 10-10-2018 3 4	3	4
How do you do a trend calculation with a plus sign? hello, With the code below, i calculate a % trend between values. When the result of the trend is negative, a negati... by jip31 Motivator in Splunk Search 10-10-2018 0 6	0	6
How do you use Splunk to search within document text of wiki server and SharePoint data sources? Is it possible to use Splunk as search engine that uses a wiki server and SharePoint as its data sources? It must sea... by roseneric4 Engager in Splunk Search 10-10-2018 0 1	0	1
Is there a way to determine if Splunk results will return in tabular format or raw events format? Hi All, I have a requirement to email Splunk results. The problem is some Splunk results are in table format and some... by kunal0311 New Member in Splunk Search 10-10-2018 0 5	0	5
How do you calculate the difference between two specific values in the same field (%) then timechart span=1h for the past 24hrs How do you calculate the difference between two specific values in the same field and return that value in a percent ... by johnward4 Communicator in Splunk Search 10-10-2018 0 3	0	3
How do I display multiple sources, hosts, and source types on a table? I want a table that shows my hosts, sources, source types, and indexes with some data feeds. How do I approach that? ... by maryamchar Explorer in Splunk Search 10-10-2018 0 2	0	2