Splunk Search

Community Activity

Why is the Search and Reporting default overwritten during start up? The default folder under SPLUNK_HOME/etc/apps/search has been overwritten and all my changes are now in a default.old... by sarahafrin Explorer in Splunk Search 10-08-2018 0 2	0	2
Is there a good book for learning Splunk queries? Hi, Can someone suggest a good way (or a real good book) on how to learn splunk queries. any suggestions would be ap... by cosmo360 New Member in Splunk Search 10-08-2018 0 4	0	4
How do I get top values based on eval? I have a relatively simple query with which I am evaluating a new field. I'd like to get the top values of this new ... by jackpal Path Finder in Splunk Search 10-08-2018 0 2	0	2
How do I map a field from a lookup to a Splunk index? Hello Splunkers, I have a requirement to match a field from an index to a field in a lookup and then extract the res... by Sidharda Path Finder in Splunk Search 10-08-2018 0 1	0	1
How can I create a search with the stats command which breaks up results into separate rows? Trying to create a query that would search two different network logs (firewall and proxy) and return results. The re... by showard22 New Member in Splunk Search 10-08-2018 0 1	0	1
Why are comparisons not working with percentages as expected? Im working with some thresholds and I'm using \|eval score = if(percentage>Target, 1, percentage<=Target, 0) Looks s... by jamin358 Explorer in Splunk Search 10-08-2018 0 1	0	1
Is there an alternative to JOIN when records are more than 50000? Scenario - I have two indexes: index1 and index2. Inner Query: I need to compare two indexes (Index1 and Index2) wi... by srujan9292 Explorer in Splunk Search 10-08-2018 0 5	0	5
In a dashboard, can you help me with the HTML, CSS and Js for displaying a single number in a bubble chart? I am trying to display number of events by day, number of events of each day in a bubble chart where bubble size depe... by sandeepmakkena Contributor in Splunk Search 10-08-2018 0 0	0	0
How to extract field values in eval with tstats? \| tstats count from datamodel=~~ where Field1="A" by B, C \| eval Addition = B + C When I run above query, all value... by apple143 Engager in Splunk Search 10-08-2018 0 4	0	4
How come empty event information is being displayed? I've been seeing some occurrences in Splunk that I haven't been able to find a reason why this is being shown We use ... by cschavarro New Member in Splunk Search 10-08-2018 0 4	0	4
help with breaking events from router Good Day All. I came across a log file which seems to be missing the carriage and ends. Can anyone assist me in break... by ranjitbrhm1 Communicator in Splunk Search 10-08-2018 0 3	0	3
How do I create a field that contains the differences between 2 other multi value (MV) fields? I have a search that returns two multi value fields. I am looking to create a third field which would contain the dif... by bkwoka Explorer in Splunk Search 10-08-2018 0 7	0	7
Need to extract fields at index time Hello Experts, I am new to Splunk and trying to extract fields at index time. I have distributed setup where have 2 c... by Ajinkya1992 Path Finder in Splunk Search 10-08-2018 0 7	0	7
Can you help me add a multvalue field extracting search to props? Hello Splunkers, I have the below search working fine and extracting fields so how can i add to props file to make i... by Splunk_rocks Path Finder in Splunk Search 10-08-2018 1 3	1	3
issue : splunk query is not displying correct result for negative number in range between min(-10) to max(-7) Hi , we have one field Score which contain floating poiint value(score) score -9.5 -9.4 -9.3 -9.0 -8.9 -8.7 -7.9 -7.... by PCIIT New Member in Splunk Search 10-07-2018 0 0	0	0
sourcetype linux_secure fields not extracted According to the Splunk documentation some sourcetypes will be automatically recognized. This includes linux_secure. ... by jeremyarcher Path Finder in Splunk Search 10-07-2018 0 8	0	8
How do I activate "_thefishbucket" index? Hi, Im trying to execute index="_thefishbucket" but I cannot get any kind on data, searching in forum looks like the... by sant1ago New Member in Splunk Search 10-06-2018 0 3	0	3
Is there a lookup table in Splunk ES for mac addresses? All, Is there a lookup table for mac addresses in Splunk ES ? Any formal way or tackling this if not? by daniel333 Builder in Splunk Search 10-06-2018 0 1	0	1
How do I divide the sum based on a criterion using the eval command? Hi I have the following search: [my search] \|dedup @timestamp \|stats sum(json_message.amount) as "total" by json_me... by xelian New Member in Splunk Search 10-06-2018 0 5	0	5
How expensive is sha256() in computing power? Our saved-search is summary-index enabled and is running every 5 minutes. Each event's uniqueness is a combination o... by morethanyell Builder in Splunk Search 10-06-2018 0 2	0	2
How do I convert milliseconds on y axis to seconds in query Splunk? Im trying to convert the milliseconds on the y axis to seconds, TM is the field that has the milliseconds. (TM field ... by Jewatson17 Path Finder in Splunk Search 10-06-2018 0 2	0	2
How do I perform eval function on chart values? Example Search: Index=* \|chart count over Character \|addcoltotals Example output: Char ........Count A... by Romeo_James Engager in Splunk Search 10-05-2018 0 1	0	1
How do you extract and aggregate on field names instead of values? I am working with a log format that contains some upstream and downstream request details, containing a URI and a var... by bcatwork Path Finder in Splunk Search 10-05-2018 0 2	0	2
How do you take a value out of a field and make a new field with it? How do i take out the port number (portnr) from the args field and make it to a field called "port" by a search? Can... by aatha89 Explorer in Splunk Search 10-05-2018 0 8	0	8
How do you consolidate values when fields are the same? Hey guys, thanks for taking time out of your day. I'm relatively new to Splunk and just need help with formatting s... by riffe88 Engager in Splunk Search 10-05-2018 0 6	0	6