Splunk Search

Community Activity

How to estimate an empty value in a search I have some events like : _time CITY %CPU %Disk Read Time %Disk Writ... by celianouguier Explorer in Splunk Search 10-12-2018 0 4	0	4
map command works but need more fields Hi Guys, I have a search that is working fine.. However the issue is that using the map command removes all other fi... by mwdbhyat Builder in Splunk Search 10-12-2018 0 1	0	1
Subsearch timeout SPL Hi guys, I have a search with subsearch that times out before it can complete. The subsearch doesnt finalise, so the... by mwdbhyat Builder in Splunk Search 10-11-2018 0 4	0	4
Average of a field Hi, I have a log trace like, ...........................wages: 50 I have written a splunk query to skip all the e... by saranyaa21 Path Finder in Splunk Search 10-11-2018 0 6	0	6
Throughput calculate for web servers How to calculate Throughput for web servers. if we have following data source. server name RAF,TAP,DFT by rajhemant26 New Member in Splunk Search 10-11-2018 0 1	0	1
Spaces removed from query - repeatable We have a report that runs and when you edit the report in the edit window, it will strip the space if the line wraps... by moorvogi Path Finder in Splunk Search 10-11-2018 0 3	0	3
SPlunk search not returning all events Hi, We have a query with below format: (index=A sourcetype=A1) OR (index=A sourcetype=A2) OR (index=B sourcetype=B1... by varun85negi Engager in Splunk Search 10-11-2018 1 3	1	3
Why does creating a new field sometimes require restarting Splunk services? We are having an issue when creating a New Field by using RegEx instead of the Field Extractor. The field itself may ... by sgoodman26 Explorer in Splunk Search 10-11-2018 0 3	0	3
How do you count the least number of events (as opposed to the highest number)? I have a Top Ten report going which counts the highest number of network timeout/disconnects on wireless devices by t... by stcrispan Communicator in Splunk Search 10-11-2018 0 5	0	5
tstats summariesonly query does not return results Hi all, my query is not returning any results and I think it's an error in the query. The clauses 'as' and 'from' in ... by kokanne Communicator in Splunk Search 10-11-2018 1 19	1	19
How do I fetch data from an existing field? I have a field in my log which contains a huge text data with two different formats. I tried to catch a few parts in ... by twh1 Communicator in Splunk Search 10-11-2018 0 3	0	3
How do you create a Splunk query to get new inbound IP's? I am trying to get a list of new inbound IPs/hosts, which would compare to the old data of the previous month from a ... by arrangineni Path Finder in Splunk Search 10-11-2018 0 0	0	0
mstats latest(_time) not working I am not able to get the latest (or earliest) _time values using mstats. \| mstats sum(bytes) latest(_time) where ind... by simpkins1958 Contributor in Splunk Search 10-11-2018 0 2	0	2
Regex Expressions Hi Team, I need to extract the fields from the JSON format in my Search Head GUI so kindly let us know how to procee... by anandhalagarasa Path Finder in Splunk Search 10-11-2018 0 6	0	6
How do I compare the log date with the time picker date? I want to check the records for which CREATE_TIME matches based on my date selection from time picker control. Curren... by twh1 Communicator in Splunk Search 10-11-2018 0 8	0	8
Display all values at time when hoovering over timechart I have a timechart with multiple values/graphs. When hoovering my mouse over the timechart I can only see one value ... by snorri Path Finder in Splunk Search 10-11-2018 0 4	0	4
How do I convert rows to columns by time? I have universal forwarder data which I access using the below query, but the fields are coming in each row. I want ... by jiaqya Builder in Splunk Search 10-11-2018 0 5	0	5
How do you tweak Splunk to display an event that is more than 500 lines long? I'm getting an error in Splunk GUI that says my events are exceeding a 500 max limit. How do you tweak Splunk to disp... by maverick Splunk Employee in Splunk Search 10-10-2018 3 4	3	4
How do you do a trend calculation with a plus sign? hello, With the code below, i calculate a % trend between values. When the result of the trend is negative, a negati... by jip31 Motivator in Splunk Search 10-10-2018 0 6	0	6
How do you use Splunk to search within document text of wiki server and SharePoint data sources? Is it possible to use Splunk as search engine that uses a wiki server and SharePoint as its data sources? It must sea... by roseneric4 Engager in Splunk Search 10-10-2018 0 1	0	1
Is there a way to determine if Splunk results will return in tabular format or raw events format? Hi All, I have a requirement to email Splunk results. The problem is some Splunk results are in table format and some... by kunal0311 New Member in Splunk Search 10-10-2018 0 5	0	5
How do you calculate the difference between two specific values in the same field (%) then timechart span=1h for the past 24hrs How do you calculate the difference between two specific values in the same field and return that value in a percent ... by johnward4 Communicator in Splunk Search 10-10-2018 0 3	0	3
How do I display multiple sources, hosts, and source types on a table? I want a table that shows my hosts, sources, source types, and indexes with some data feeds. How do I approach that? ... by maryamchar Explorer in Splunk Search 10-10-2018 0 2	0	2
How does Splunk Universal Forwarder (UF) take the ulimit value for Open files? hi All, On one of our servers, we recently faced issues with file forwarding. Upon checking in internal logs, we sa... by mallempatisreed Explorer in Splunk Search 10-10-2018 0 2	0	2
How do I remove dynamically named columns from a table when their values contain a specific string? I have an API input that returns a JSON object containing a nested element with multiple dynamically named columns, w... by Cuyose Builder in Splunk Search 10-10-2018 0 2	0	2