Splunk Search

Community Activity

	How do you use a range with the where command? TransactionName=WPP* \| stats count(TransactionStatus) as TOTAL count(eval(TransactionStatus == "true")) as SUCCESS c... by rsm1444 New Member in Splunk Search 09-17-2018 0 5	0	5
	How do you search to return a table of only fields that change between events? Lets say I have a query that returns all of the updates for a given bug ID. This returns a result set for the specif... by smahone11 Engager in Splunk Search 09-17-2018 0 5	0	5
	How do you remove all duplicate events from a search? I have two indexes, A and B. Events are copied using the \|collect command from Index A to index B. Later, I am trying... by strickland12345 Explorer in Splunk Search 09-17-2018 0 23	0	23
	Why is the following regex expression not matching as expected? I have a field user= xyz\user11 and i need to match user11 ignoring xyz in the user filed below is the regex expres... by SunilMaharishi Path Finder in Splunk Search 09-17-2018 0 3	0	3
	Best way to publish a live dashboard that does not allow the logged in user to search other data, and has a persistent login. I'm trying to put a dashboard on a TV in a high traffic hallway with people that aren't allowed to search the other i... by bgagliardi1 Path Finder in Splunk Search 09-17-2018 0 3	0	3
	How do you use multiple y-axis fields while using the xyseries command? I have a static table data which gives me the results in the format like ERRORCODE(Y-Axis) and When It happens(_time... by rshivakrishna New Member in Splunk Search 09-17-2018 0 1	0	1
	Why is tstats command with eval not working on a particular field? hi, I am trying to combine results into two categories based of an eval statement. The original query returns the... by nmohammed Builder in Splunk Search 09-17-2018 0 3	0	3
	Enable FTP How do I enable FTP? (I know how to capture the logs after they are FTP'd to us) We have devices that cannot have a... by Michael_Schyma1 Contributor in Splunk Search 09-17-2018 0 10	0	10
	How do I use a comparison search to find all devices not reporting to Splunk? I am trying to find all devices not reporting into splunk via a qualys scan of our DMZ and searching against all inde... by edwardrose Contributor in Splunk Search 09-17-2018 0 4	0	4
	Can you use a regex in serverclass.conf? Trying to filter out a specific type of device type, by host name, in serverclass.conf. Currently all our tablets ar... by stcrispan Communicator in Splunk Search 09-17-2018 0 6	0	6
	How do you count the difference in an ongoing count for a given time period? I have a JMX search going on which tracks orders placed every 30 seconds. index=dot_jmx mbean_property_destinationNa... by stcrispan Communicator in Splunk Search 09-17-2018 0 16	0	16
	In a chart count where days are the column header, how do I get the days to list in chronological order? I'm trying to get a table where "Days" are the column headers (chronologically) and hours are the row headers that sh... by rossblassingame New Member in Splunk Search 09-17-2018 0 2	0	2
	What does "P" stand for in regular expression query? I am trying to understand more about a regular expression query used in Splunk. what does character P stands for in t... by pradjswl Explorer in Splunk Search 09-17-2018 0 3	0	3
	Why are two of my columns empty in a table returned by a lookup file with multiple fields? I used a lookup file which is configuring like this field1, field2, field3, field4 value1, value2, value3, value4 v... by faribole Path Finder in Splunk Search 09-17-2018 0 2	0	2
	How do I combine 3 searches? I have search1 which is a join of 2 different log sources ( S1 , S2 ). After joining these sources, I used rex to ext... by USER78 New Member in Splunk Search 09-16-2018 0 0	0	0
	Transpose command causes other columns to be displayed as rows? I am having issues with the QuestionText fields in my query below. I am trying to take all the QuestionText entries a... by rkassabov Path Finder in Splunk Search 09-16-2018 0 0	0	0
	How to rebuild Timeline custom visualization app in windows? Need to change the date format for timeline graph and found solution. Accordingly updated the 2 js file for the app a... by sunith35 Engager in Splunk Search 09-16-2018 0 1	0	1
	Can you help me with my table count? Hello, I use the table count below : index="wineventlog" sourcetype="wineventlog:" SourceName="" Type="Critique" ... by jip31 Motivator in Splunk Search 09-16-2018 0 5	0	5
	count events from a radio button choice issue Hello I use the code below in order to display the events corresponding to these event code index="windows" sour... by jip31 Motivator in Splunk Search 09-16-2018 0 7	0	7
	How do I extract farm name from IIS logs to a table? I'm Trying to run a table on IIS logs. The farm is https://sp001, examples below)... However, within the farm we hav... by smudge797 Path Finder in Splunk Search 09-15-2018 0 3	0	3
	How do I combine two fields from different sources but of the same source type in a single search? I am trying to perform a ratio calculation on 2 fields (values) coming from different sources but of the same source... by rkatsnel New Member in Splunk Search 09-15-2018 0 6	0	6
	How to get all items after count and get a list of items in an array? Hi, what is the best way to get all items from a count? Let's say I have two columns. First column displays the items... by mabinn Explorer in Splunk Search 09-15-2018 0 2	0	2
	Display last 8 hours from now () ..? Hi Splunkers, i want to display the last 8 hours of data with 1 hour different without any index or kv table .like m... by harishalipaka Motivator in Splunk Search 09-15-2018 0 4	0	4
	Should I use a lookup or an inner query for the following search? Sample Logs: Incident=112 Group=ABC Status = Open Incident=113 Group=ABC Status = Open - Incident=113 Group=X... by joydeep741 Path Finder in Splunk Search 09-14-2018 0 4	0	4
	Why is my search returning no events after data entry? Hello I have done a data entry in Splunk for the log event below : [WinEventLog://Microsoft-Windows-PowerCfg/Diagno... by jip31 Motivator in Splunk Search 09-14-2018 0 6	0	6