Splunk Search

Community Activity

How to separate the count of two fields into ranges? Hi - I have a dataset which contains two scan dates fields per server. There are 50000 events in the dataset, one e... by skelly99 Explorer in Splunk Search 08-31-2018 1 2	1	2
How do I compare search results from two different time periods? Hi, I'm looking to do something like this: Take a search, with three fields, one being a count (ExceptionClass, Cla... by ryangrobbel Explorer in Splunk Search 08-30-2018 0 3	0	3
Timechart trend over the same interval as the search range Hi! I have a scenario where we have used "\| stats count" and gotten the total number for the range that we picked. T... by epacke Path Finder in Splunk Search 08-30-2018 0 2	0	2
How do I Search for IP address hitting a specific port + any other ports? I think this should be within my grasp, but I don't seem to be able to create a search that returns what I'm looking ... by lucamarc Path Finder in Splunk Search 08-30-2018 0 2	0	2
SPL: How to perform a SQL Like Minus Operation? I am trying to remove certain logs from a base query of a certain type based on the results of another query of a dif... by ahendler1 Explorer in Splunk Search 08-30-2018 0 3	0	3
How do you create an alert for different cron schedules? We have 4 tasks that run on different schedules and log an event in the application logs when the job starts. The ta... by nmohammed Builder in Splunk Search 08-30-2018 0 3	0	3
How do I "OR" two regexs for two different fields? I need to be able to do: ... \| regex fieldA="<regex>" OR regex fieldB="<regex>" \| ... All of the other rex answers... by nick405060 Motivator in Splunk Search 08-30-2018 1 8	1	8
aggregate url calls , ignoring number in the route HI Guys, I have a url like this: https://localhost/Client/V2/clients/23423/acc/view https://localhost/Client/V2/cl... by codebased Explorer in Splunk Search 08-30-2018 0 3	0	3
Will someone help me with my REGEX in this Transforms.conf? 8/30/18 9:38:51.000 AM rec_type=71 dns_query=s3.amazonaws.com dns_record_name=A src_tos=0 ssl_expected_action=Unk... by haoban Path Finder in Splunk Search 08-30-2018 0 7	0	7
How do I group fairly unstructured events by specific words that they contain? I have data that doesn't contain many useful fields. I have an initial query that returns a large set of events, and ... by samsam48 Explorer in Splunk Search 08-30-2018 0 3	0	3
How to embed a timechart visualization from a Splunk query into a web app? I have the following Splunk query that produces the following visualization: I would like to embed this exact visu... by emiliavanderwer Explorer in Splunk Search 08-30-2018 1 5	1	5
How to find the earliest event in a query that can search in an index? My understanding is Splunk will purge old data in an index when the disk limit is reached. What is the easy/fast way ... by xindeNokia Path Finder in Splunk Search 08-30-2018 0 1	0	1
What is the function of host_regex? In our Splunk forwarder, in the path: /opt/splunk/etc/apps/app01/default we have many stanzas such as: [monitor:///e... by dkr3500 Path Finder in Splunk Search 08-30-2018 0 2	0	2
Is there an alternate to join? I am trying to create a join with a subsearch, but the subsearch results are getting truncated. is there a better way... by djain Path Finder in Splunk Search 08-30-2018 0 9	0	9
How do I display values of two fields in a stacked column chart? My intent of this panel is to show the proportion of Compliant IPs (a field) to their respective Total IPs (another f... by russell120 Communicator in Splunk Search 08-30-2018 0 5	0	5
How do I perform math against two searches? I have two searches that use the same index and each return a numerical total, differing only in the period of time o... by mo86 New Member in Splunk Search 08-30-2018 0 4	0	4
Using chained eval or separate eval statements, any performance gains? Is there any performance benefit in : using one eval with several chained statements v/s using separate eval stat... by stanwin Contributor in Splunk Search 08-30-2018 0 7	0	7
How do I create a new column with incremental change based on another column? Hello everyone, I am new to Splunk world and stuck with a query. Can you please help me find the solution for followi... by KChaudhary Explorer in Splunk Search 08-30-2018 2 2	2	2
common sql query to have for multiple sites dashboard with same metrices I have a server in 30 sites in which each site has the same dashboard with the same metrics. But, the host will be in... by DataOrg Builder in Splunk Search 08-30-2018 0 0	0	0
How to rewite a query to change the columns to rows and the rows to columns? How to convert below query such that rows are converted to columns index=data earliest=-1w@w latest=now \|eval reques... by sangs8788 Communicator in Splunk Search 08-30-2018 0 6	0	6
How to find the request per second by organization? Hi I have an event which is comprised of OrgName, RequestName and others. How do i find the the average & max reque... by sangs8788 Communicator in Splunk Search 08-30-2018 0 9	0	9
How to extract fields in a file? I need to extract each filed in "monitoringdata" in file. belo is sample of data: {"@timestamp":"2018-07-27T16:06:28... by dhirendra761 Contributor in Splunk Search 08-29-2018 0 14	0	14
Alert suppression What is the best way to run a search to be alerted/emailed between 4pm-6am M-F, weekend and holidays? Should the sea... by ahuihou New Member in Splunk Search 08-29-2018 0 9	0	9
Why is _time is NULL when using JOIN? I have this search query: \| inputlookup "asset-list" \| SEARCH PROD_CAT_2="Database" PROD_CAT_3="SQL Server" STATUS=... by malmiran Path Finder in Splunk Search 08-29-2018 0 5	0	5
How to search with a fixed time span timechart everyday? I am trying to find my average response time of everyday events (not avg of all the events of that day , but the even... by zacksoft Contributor in Splunk Search 08-29-2018 0 6	0	6