Splunk Search

Community Activity

How to calculate the "number of files" field in the table colunm of "Files & directories Hi, I would like to know how to calculate the "number of files" field in the table colunm of "Files & directories",w... by Shuhei052492 Path Finder in Splunk Search 10-03-2018 0 0	0	0
In a search, How do I get the next to the last value(or field)? I have data that looks like this; When I perform my search the data returned by Splunk looks like this on the dashbo... by hartcl1 Explorer in Splunk Search 10-02-2018 0 2	0	2
How do I combine " \|stats count by host " and "\| stats distinct_count(host)" in one table? I can search for events and run stats count by host. And I can run a search of distinct number of hosts. I want t... by pretzel2 Path Finder in Splunk Search 10-02-2018 0 8	0	8
Is there a way to search for what searches have been run over a period of time and by who? Hi, Is there a way to search for what searches have been run over a period of time and by who - preferably listing t... by Skins Path Finder in Splunk Search 10-02-2018 0 2	0	2
Error after stats command Hi, I need your help, I have a search like this index=test sourcetype=XY \| stats count(Field1) AS f1 by action=... by hoerberm New Member in Splunk Search 10-02-2018 0 4	0	4
Can you help me optimize this query without join using stats and OR? index="index1" sourcetype=show_command \| join id [ search index="index2" sourcetype=software_data ] \| sort _time \| ... by m4sucess New Member in Splunk Search 10-02-2018 0 3	0	3
How do I create an alarm if a value stored in a CSV changes? Hi, I have a CSV file with the following structure: NAME DiskSerial ProcSerial ... by josedgaravito New Member in Splunk Search 10-02-2018 0 1	0	1
How do I join an index with a lookup? Hi, I need to join my query with a lookup which contains a field called username. I need to get the users who — exi... by Shashank_87 Explorer in Splunk Search 10-02-2018 0 1	0	1
How do I extract IP and port using regex in Splunk Cloud? Hi , May I please get some help on extracting 1) IP only 2) IP and corresponding port together Connection termin... by harishnpandey Explorer in Splunk Search 10-02-2018 0 4	0	4
How do you join 2 tables while showing what's not in table 1? This successfully shows a combined table with users that are in Table1 and Table2. However, I want to show all users ... by zaynaly Explorer in Splunk Search 10-02-2018 0 3	0	3
How do I use the tstats command to count field pairs? Hello everybody, i want to count how often does a specific pair of src-dest appear... something like src, dest, co... by alex_kh Explorer in Splunk Search 10-02-2018 0 1	0	1
Chart Drill Down changes Date time range I have a dashboard with a chart inside it. The query of the chart is: base_search \| eval _time = time\| bucket _time... by shayhibah Path Finder in Splunk Search 10-02-2018 0 5	0	5
Join two stats searches and run stats/group on the result I'd like to join two searches and run some stats to group the combined result to see how many users change/update bro... by gregorymountfor Explorer in Splunk Search 10-02-2018 0 0	0	0
No results DBX I like to use DATABASES. I connected DBX and made a connection. With the query: \| dbxquery query="SELECT * FROM \"XXX... by LH_SPLUNK Explorer in Splunk Search 10-02-2018 0 1	0	1
How do I remove a particular row from my stats command based on the value of another row? source="something_source" topic="something_topic1" OR topic="something_topic2" earliest = "-1d" client="cpu1305" \| st... by avisriv New Member in Splunk Search 10-02-2018 0 2	0	2
How do you stop displaying a timechart line when value is 0? I'm trying to display a timechart based on count by a type. But, for a certain type, the value will always be 0 for... by dfofie New Member in Splunk Search 10-01-2018 0 2	0	2
How do you store multiple similar field names as values in a new field? I have multiple fields with similar names abc*, example: abcXYZ1 abcKLM abc_DEF I want to create a new field, say 'E... by mpatel11 Explorer in Splunk Search 10-01-2018 1 6	1	6
How do I fill values in a timechart for a non existing event? How do I fill values in a timechart for a non existing event? Suppose that the event is received at 5:00AM. Then, I w... by avisriv New Member in Splunk Search 10-01-2018 0 3	0	3
Can you help me with my sum of counts query? I'm trying to get the sum of spam folders and where they are quarantined by user. Is there a better way to do this, e... by gdavid Path Finder in Splunk Search 10-01-2018 0 2	0	2
How do you store field names as values in a new field based on presence of that field? Say I have 100 rows of logs. Some have only field "abcXYZ1" and not the other two. Some have field "abcKLM" and not t... by mpatel11 Explorer in Splunk Search 10-01-2018 0 2	0	2
How do you customize the drilldown of a search? I've got a search viewed as a table and one of the values of the table cell is a URL. I want to be able to click on t... by heatonra Engager in Splunk Search 10-01-2018 1 3	1	3
transforms.conf regex extract strange fields with value $2 my transforms.conf has such lines [api-param] REGEX=^(\w+)=(.+?)\n FORMAT=$1::$2 props.conf [api] TZ = Europe/Mo... by exmuzzy Explorer in Splunk Search 10-01-2018 0 0	0	0
How do I combine data from CSV with data from index Now ,I have a lookup named exchange.csv , and index="exchange_data" The data in the exchange.csv is extracted from ... by WXY Path Finder in Splunk Search 10-01-2018 0 7	0	7
Can you help me make a Splunk Search for all Splunk Clients using TLS1.2? Is there any way we can frame a Splunk query which we can run on a search head to get the list of all the Splunk clie... by arrangineni Path Finder in Splunk Search 10-01-2018 0 0	0	0
How do I run forecast time series multiple times using one search? I want to run a forecast time series multiple times using one search on the remaining freespace of a number of our da... by mtmoore Explorer in Splunk Search 10-01-2018 0 2	0	2