Splunk Search

Community Activity

Can you help me create a table like the one in the following example? Dear Team, I have data in this format, as shown in actual and expecting results as shown in expected. Is this achiev... by syjayaraj Explorer in Splunk Search 10-05-2018 0 3	0	3
Could you help me with the syntax for an "IF/THEN" and "IF/ELSE" search? Hi , i want a syntax for this: if Response_time>3000 then Response_time="gt3SEC" else if Response_time>1000 and Re... by Mohsin123 Path Finder in Splunk Search 10-05-2018 0 7	0	7
How do I extract multiple key values from a double quoted JSON? I have data in splunk as following: log: [INFO ] 17:01:43.572 : [main] o.a.k.c.Processor:process(103): response ... by baskarkrishnanc Engager in Splunk Search 10-05-2018 0 7	0	7
How do I find events that have a specific value in an array of JSON strings? I have a JSON object that includes a field that is an array of strings. So something like this: { "tags": [ "v... by cpomerantzuniso New Member in Splunk Search 10-05-2018 0 1	0	1
How do I use an If statement to set rangemap in Splunk? how do I set if condition if the "failurepercentage" is greater than 10 as amber and greater than 20 should be severe... by karthi2809 Builder in Splunk Search 10-05-2018 0 1	0	1
How can I prepare a chart based on different values for a field in logs? We have a message in logs which prints based on values sent in request. Ex in logs : "service-1 requested with typ... by naga1105 New Member in Splunk Search 10-05-2018 0 1	0	1
Can you help me with a query that uses the stats command? Hello, I have a list of users and the time they entered a building. I'm trying to find the earliest + latest time. ... by andreiraduta New Member in Splunk Search 10-05-2018 0 1	0	1
How do I add a CSV file as an input to show the header as a field name? I am trying to add the below CSV file data into Splunk as an input through the ‘Add Data’ section. Time, Main_Release... by akarivaratharaj Communicator in Splunk Search 10-05-2018 0 4	0	4
GroupBy multiple fields within single result I have a splunk query which results in the output as: INFO :url="some_url": APIFilter.onComplete@87 : type=finalRes... by punixtr New Member in Splunk Search 10-05-2018 0 8	0	8
Does anybody have any idea how to make values appear in a line chart while hovering on it? For example i have the below search eval Time_To_Map=strftime(strptime(STATUS_TIME,"%Y-%m-%d-%H.%M.%S.%3N"),"%H.%M"... by manijain New Member in Splunk Search 10-04-2018 0 1	0	1
Can you help me chart how many users are connecting to a certain application? I am collecting the logs for an application and I'm trying to chart how many users are connecting to it over time. My... by richard_temple New Member in Splunk Search 10-04-2018 0 1	0	1
Windows password reset/creation: Will you help me create a search that returns Event "A" and NOT Event "B" within a given period of time? Hi All, We've set up an alert to flag AD Service account passwords are reset. Below is the alert condition: index=... by utsav45 Explorer in Splunk Search 10-04-2018 0 4	0	4
How do I get min/max of a column chart PER field? I created values for the average CPU, memory and swap memory usage and managed to get it in a column chart. I'd like ... by josephinemho Path Finder in Splunk Search 10-04-2018 0 8	0	8
Why does removing a search term reduce the number of results returned? My data looks like this: { [-] computer_dns_name: computer.domain.com computer_sid: 22264db9ce59... by jfriedman_ofigl Explorer in Splunk Search 10-04-2018 0 4	0	4
How do you search a value from one query in another second query? We have two different search queries with no unique fields and we would like to get the below info: we would like t... by dsha Engager in Splunk Search 10-04-2018 0 8	0	8
How do I break a chart with too many columns into several charts within the same report? I created a chart with too many columns, like following: source="/abc/def/aaa.log \| chart count(eval(searchmatch("12... by qhma New Member in Splunk Search 10-04-2018 0 1	0	1
How do I show the sum of events that occurred before a specific time on a line chart? I currently have a search that shows a line chart of events according to a "Created" date field, but would like to sh... by anlai2 Engager in Splunk Search 10-04-2018 0 0	0	0
Typecast an integer to a float? \| makeresults \| eval a=1024.0 \| eval b=.15 \| eval c=a*(1.0-b) \| table a b c gives a b c 1024.0 0.15 870 ... by nick405060 Motivator in Splunk Search 10-04-2018 0 3	0	3
Best practice for dealing with Unicode codepoints in Splunk ? Dear Splunkers, I face logs, where special characters have been encoded into Unicode codepoints (e. g. \u0301 instea... by smichalski Explorer in Splunk Search 10-04-2018 3 3	3	3
Can someone help me fix my search that uses the sort command? I'm getting strange behavior with a sort, and wondered if anyone knows why. If I run: index=os source=/var/log/sla... by mitchellthom Engager in Splunk Search 10-04-2018 0 2	0	2
OR connection with missing fileds Hello Folks, i have folowing question I have folowing search index=indexA OR index=indexB OR indexC user=alex OR ip... by alex_kh Explorer in Splunk Search 10-04-2018 0 2	0	2
How do I filter values with at least one zero in time? Hello! I want to find local IPs that communicate with outside IPs every 5 minutes, for example: ... by Shark2112 Communicator in Splunk Search 10-04-2018 0 1	0	1
Can you help me with the following conditional streamstats issue? Hi splunkers, Suppose I have the following table: Date ItemsPurchased UnitPrice 1/1/1111 20 0.5 2/1/1111 10 1 3/1... by ADRIANODL Explorer in Splunk Search 10-03-2018 0 7	0	7
Can you help me with a regex expression(multiple in one query)? Trying to capture multiple groups, basically after the colon MacAddress : 7A:AA:82:31:24:B1 Manufactu... by JoshuaJohn Contributor in Splunk Search 10-03-2018 0 4	0	4
In a search, Is there an alternative for the eventstats command? I need to find another way instead of eventstats for my search. Is there a way where I can tag the events and add an... by patricianaguit Explorer in Splunk Search 10-03-2018 0 2	0	2