Splunk Search

Community Activity

	How do I divide the sum based on a criterion using the eval command? Hi I have the following search: [my search] \|dedup @timestamp \|stats sum(json_message.amount) as "total" by json_me... by xelian New Member in Splunk Search 10-06-2018 0 5	0	5
	How expensive is sha256() in computing power? Our saved-search is summary-index enabled and is running every 5 minutes. Each event's uniqueness is a combination o... by morethanyell Builder in Splunk Search 10-06-2018 0 2	0	2
	How do I convert milliseconds on y axis to seconds in query Splunk? Im trying to convert the milliseconds on the y axis to seconds, TM is the field that has the milliseconds. (TM field ... by Jewatson17 Path Finder in Splunk Search 10-06-2018 0 2	0	2
	How do I perform eval function on chart values? Example Search: Index=* \|chart count over Character \|addcoltotals Example output: Char ........Count A... by Romeo_James Engager in Splunk Search 10-05-2018 0 1	0	1
	How do you extract and aggregate on field names instead of values? I am working with a log format that contains some upstream and downstream request details, containing a URI and a var... by bcatwork Path Finder in Splunk Search 10-05-2018 0 2	0	2
	How do you take a value out of a field and make a new field with it? How do i take out the port number (portnr) from the args field and make it to a field called "port" by a search? Can... by aatha89 Explorer in Splunk Search 10-05-2018 0 8	0	8
	How do you consolidate values when fields are the same? Hey guys, thanks for taking time out of your day. I'm relatively new to Splunk and just need help with formatting s... by riffe88 Engager in Splunk Search 10-05-2018 0 6	0	6
	How to get the field name of the maximum value of several fields? I have data that has several fields. I want to compare the fields to find the max value of them, which I can do via ... by brajaram Communicator in Splunk Search 10-05-2018 0 2	0	2
	How come the text input token is not filtering out all results? I'm having trouble filtering results using a text input token. When I enter the name of an application, the record... by gbwilson Path Finder in Splunk Search 10-05-2018 0 11	0	11
	How do you group data in 5-minute windows? I have several lines which look like : 2018-10-05 15:10:00.000, STEP="STEP1", VALUE="1965.00000", ZONE="CITY1", CODE... by celianouguier Explorer in Splunk Search 10-05-2018 0 1	0	1
	How do I convert results to an X-Y table? I have query results that look like this: Risk Age Total High gt30 16 High gt60 3 High ... by claatu Explorer in Splunk Search 10-05-2018 0 8	0	8
	How do I use the addcoltotals command with a stats list or stats values? How do I use addcoltotals with a stats list or with stats values? I'm trying to include the totals for each line val... by johnward4 Communicator in Splunk Search 10-05-2018 0 5	0	5
	How do I use a field with a dash (-) in an "if" search? I get a minus error if the search if looks like this: index=my_index sourcetype=my_sourcetype \| eval my_field = if (... by jwhughes58 Contributor in Splunk Search 10-05-2018 0 3	0	3
	How do you compare several values to get the highest one? Hello, I want to compare several values to get the highest one. For example: index / count .................... by sant1ago New Member in Splunk Search 10-05-2018 0 2	0	2
	Can you help me create a table like the one in the following example? Dear Team, I have data in this format, as shown in actual and expecting results as shown in expected. Is this achiev... by syjayaraj Explorer in Splunk Search 10-05-2018 0 3	0	3
	Could you help me with the syntax for an "IF/THEN" and "IF/ELSE" search? Hi , i want a syntax for this: if Response_time>3000 then Response_time="gt3SEC" else if Response_time>1000 and Re... by Mohsin123 Path Finder in Splunk Search 10-05-2018 0 7	0	7
	How do I extract multiple key values from a double quoted JSON? I have data in splunk as following: log: [INFO ] 17:01:43.572 : [main] o.a.k.c.Processor:process(103): response ... by baskarkrishnanc Engager in Splunk Search 10-05-2018 0 7	0	7
	How do I find events that have a specific value in an array of JSON strings? I have a JSON object that includes a field that is an array of strings. So something like this: { "tags": [ "v... by cpomerantzuniso New Member in Splunk Search 10-05-2018 0 1	0	1
	How do I use an If statement to set rangemap in Splunk? how do I set if condition if the "failurepercentage" is greater than 10 as amber and greater than 20 should be severe... by karthi2809 Builder in Splunk Search 10-05-2018 0 1	0	1
	How can I prepare a chart based on different values for a field in logs? We have a message in logs which prints based on values sent in request. Ex in logs : "service-1 requested with typ... by naga1105 New Member in Splunk Search 10-05-2018 0 1	0	1
	Can you help me with a query that uses the stats command? Hello, I have a list of users and the time they entered a building. I'm trying to find the earliest + latest time. ... by andreiraduta New Member in Splunk Search 10-05-2018 0 1	0	1
	How do I add a CSV file as an input to show the header as a field name? I am trying to add the below CSV file data into Splunk as an input through the ‘Add Data’ section. Time, Main_Release... by akarivaratharaj Communicator in Splunk Search 10-05-2018 0 4	0	4
	GroupBy multiple fields within single result I have a splunk query which results in the output as: INFO :url="some_url": APIFilter.onComplete@87 : type=finalRes... by punixtr New Member in Splunk Search 10-05-2018 0 8	0	8
	Does anybody have any idea how to make values appear in a line chart while hovering on it? For example i have the below search eval Time_To_Map=strftime(strptime(STATUS_TIME,"%Y-%m-%d-%H.%M.%S.%3N"),"%H.%M"... by manijain New Member in Splunk Search 10-04-2018 0 1	0	1
	Can you help me chart how many users are connecting to a certain application? I am collecting the logs for an application and I'm trying to chart how many users are connecting to it over time. My... by richard_temple New Member in Splunk Search 10-04-2018 0 1	0	1