Splunk Search

Community Activity

	How to get the field name of the maximum value of several fields? I have data that has several fields. I want to compare the fields to find the max value of them, which I can do via ... by brajaram Communicator in Splunk Search 10-05-2018 0 2	0	2
	How come the text input token is not filtering out all results? I'm having trouble filtering results using a text input token. When I enter the name of an application, the record... by gbwilson Path Finder in Splunk Search 10-05-2018 0 11	0	11
	How do you group data in 5-minute windows? I have several lines which look like : 2018-10-05 15:10:00.000, STEP="STEP1", VALUE="1965.00000", ZONE="CITY1", CODE... by celianouguier Explorer in Splunk Search 10-05-2018 0 1	0	1
	How do I convert results to an X-Y table? I have query results that look like this: Risk Age Total High gt30 16 High gt60 3 High ... by claatu Explorer in Splunk Search 10-05-2018 0 8	0	8
	How do I use the addcoltotals command with a stats list or stats values? How do I use addcoltotals with a stats list or with stats values? I'm trying to include the totals for each line val... by johnward4 Communicator in Splunk Search 10-05-2018 0 5	0	5
	How do I use a field with a dash (-) in an "if" search? I get a minus error if the search if looks like this: index=my_index sourcetype=my_sourcetype \| eval my_field = if (... by jwhughes58 Contributor in Splunk Search 10-05-2018 0 3	0	3
	How do you compare several values to get the highest one? Hello, I want to compare several values to get the highest one. For example: index / count .................... by sant1ago New Member in Splunk Search 10-05-2018 0 2	0	2
	Can you help me create a table like the one in the following example? Dear Team, I have data in this format, as shown in actual and expecting results as shown in expected. Is this achiev... by syjayaraj Explorer in Splunk Search 10-05-2018 0 3	0	3
	Could you help me with the syntax for an "IF/THEN" and "IF/ELSE" search? Hi , i want a syntax for this: if Response_time>3000 then Response_time="gt3SEC" else if Response_time>1000 and Re... by Mohsin123 Path Finder in Splunk Search 10-05-2018 0 7	0	7
	How do I extract multiple key values from a double quoted JSON? I have data in splunk as following: log: [INFO ] 17:01:43.572 : [main] o.a.k.c.Processor:process(103): response ... by baskarkrishnanc Engager in Splunk Search 10-05-2018 0 7	0	7
	How do I find events that have a specific value in an array of JSON strings? I have a JSON object that includes a field that is an array of strings. So something like this: { "tags": [ "v... by cpomerantzuniso New Member in Splunk Search 10-05-2018 0 1	0	1
	How do I use an If statement to set rangemap in Splunk? how do I set if condition if the "failurepercentage" is greater than 10 as amber and greater than 20 should be severe... by karthi2809 Builder in Splunk Search 10-05-2018 0 1	0	1
	How can I prepare a chart based on different values for a field in logs? We have a message in logs which prints based on values sent in request. Ex in logs : "service-1 requested with typ... by naga1105 New Member in Splunk Search 10-05-2018 0 1	0	1
	Can you help me with a query that uses the stats command? Hello, I have a list of users and the time they entered a building. I'm trying to find the earliest + latest time. ... by andreiraduta New Member in Splunk Search 10-05-2018 0 1	0	1
	How do I add a CSV file as an input to show the header as a field name? I am trying to add the below CSV file data into Splunk as an input through the ‘Add Data’ section. Time, Main_Release... by akarivaratharaj Communicator in Splunk Search 10-05-2018 0 4	0	4
	GroupBy multiple fields within single result I have a splunk query which results in the output as: INFO :url="some_url": APIFilter.onComplete@87 : type=finalRes... by punixtr New Member in Splunk Search 10-05-2018 0 8	0	8
	Does anybody have any idea how to make values appear in a line chart while hovering on it? For example i have the below search eval Time_To_Map=strftime(strptime(STATUS_TIME,"%Y-%m-%d-%H.%M.%S.%3N"),"%H.%M"... by manijain New Member in Splunk Search 10-04-2018 0 1	0	1
	Can you help me chart how many users are connecting to a certain application? I am collecting the logs for an application and I'm trying to chart how many users are connecting to it over time. My... by richard_temple New Member in Splunk Search 10-04-2018 0 1	0	1
	Windows password reset/creation: Will you help me create a search that returns Event "A" and NOT Event "B" within a given period of time? Hi All, We've set up an alert to flag AD Service account passwords are reset. Below is the alert condition: index=... by utsav45 Explorer in Splunk Search 10-04-2018 0 4	0	4
	How do I get min/max of a column chart PER field? I created values for the average CPU, memory and swap memory usage and managed to get it in a column chart. I'd like ... by josephinemho Path Finder in Splunk Search 10-04-2018 0 8	0	8
	Why does removing a search term reduce the number of results returned? My data looks like this: { [-] computer_dns_name: computer.domain.com computer_sid: 22264db9ce59... by jfriedman_ofigl Explorer in Splunk Search 10-04-2018 0 4	0	4
	How do you search a value from one query in another second query? We have two different search queries with no unique fields and we would like to get the below info: we would like t... by dsha Engager in Splunk Search 10-04-2018 0 8	0	8
	How do I break a chart with too many columns into several charts within the same report? I created a chart with too many columns, like following: source="/abc/def/aaa.log \| chart count(eval(searchmatch("12... by qhma New Member in Splunk Search 10-04-2018 0 1	0	1
	How do I show the sum of events that occurred before a specific time on a line chart? I currently have a search that shows a line chart of events according to a "Created" date field, but would like to sh... by anlai2 Engager in Splunk Search 10-04-2018 0 0	0	0
	Typecast an integer to a float? \| makeresults \| eval a=1024.0 \| eval b=.15 \| eval c=a*(1.0-b) \| table a b c gives a b c 1024.0 0.15 870 ... by nick405060 Motivator in Splunk Search 10-04-2018 0 3	0	3