Splunk Search

Community Activity

Can you help me format a table that would generate the highest CPU users per hour over a day? G'Day I've got some data I'm pulling out of some events with a search: HOUR - Two digit hour of the day PROCESS - N... by mikclrk Explorer in Splunk Search 08-31-2018 1 3	1	3
Can you help me write a subsearch? Firstly, i am trying to separate 1) cachekey=false in one query and 2) cachekey=true in another query and 3) with bot... by Rocky31 Path Finder in Splunk Search 08-31-2018 0 2	0	2
How can I use rex to dedup and extract certain data from a field? Hello, I am new to using rex and extract. I am trying to come up with a regex to extract certain data from a field o... by ameyapatil29 Explorer in Splunk Search 08-31-2018 0 3	0	3
How do I turn search terms into an extracted field? I would like to turn the seach terms into a extract field at the time of search. For e.g. "search term 1" OR "search... by saqibhome Explorer in Splunk Search 08-31-2018 0 4	0	4
How to join events with different fields name but same values ? Hello, I have different sets of events that are linked together and correspond to the same process. Field1: One, Tw... by lyds Explorer in Splunk Search 08-31-2018 0 2	0	2
How to create a conditional eval to fill a new field depending on other fields? Hello, I want to create a new field that will take the value of other fields depending of which one is filled. For e... by lyds Explorer in Splunk Search 08-31-2018 0 9	0	9
Correlating Data from 2 Indexes Hi everyone, I've been trying to add results from 2 different indexes using search after the pipe but it doesn't seem... by JRamirezEnosys Explorer in Splunk Search 08-31-2018 0 5	0	5
How do you calculate average time between transaction groups by two fields? I have logs from a SIP proxy server and I'm trying to get metrics from SIP transactions metrics from a SIP proxy ser... by rparadinha Explorer in Splunk Search 08-31-2018 0 2	0	2
How to separate the count of two fields into ranges? Hi - I have a dataset which contains two scan dates fields per server. There are 50000 events in the dataset, one e... by skelly99 Explorer in Splunk Search 08-31-2018 1 2	1	2
How do I compare search results from two different time periods? Hi, I'm looking to do something like this: Take a search, with three fields, one being a count (ExceptionClass, Cla... by ryangrobbel Explorer in Splunk Search 08-30-2018 0 3	0	3
Timechart trend over the same interval as the search range Hi! I have a scenario where we have used "\| stats count" and gotten the total number for the range that we picked. T... by epacke Path Finder in Splunk Search 08-30-2018 0 2	0	2
How do I Search for IP address hitting a specific port + any other ports? I think this should be within my grasp, but I don't seem to be able to create a search that returns what I'm looking ... by lucamarc Path Finder in Splunk Search 08-30-2018 0 2	0	2
SPL: How to perform a SQL Like Minus Operation? I am trying to remove certain logs from a base query of a certain type based on the results of another query of a dif... by ahendler1 Explorer in Splunk Search 08-30-2018 0 3	0	3
How do you create an alert for different cron schedules? We have 4 tasks that run on different schedules and log an event in the application logs when the job starts. The ta... by nmohammed Builder in Splunk Search 08-30-2018 0 3	0	3
How do I "OR" two regexs for two different fields? I need to be able to do: ... \| regex fieldA="<regex>" OR regex fieldB="<regex>" \| ... All of the other rex answers... by nick405060 Motivator in Splunk Search 08-30-2018 1 8	1	8
aggregate url calls , ignoring number in the route HI Guys, I have a url like this: https://localhost/Client/V2/clients/23423/acc/view https://localhost/Client/V2/cl... by codebased Explorer in Splunk Search 08-30-2018 0 3	0	3
Will someone help me with my REGEX in this Transforms.conf? 8/30/18 9:38:51.000 AM rec_type=71 dns_query=s3.amazonaws.com dns_record_name=A src_tos=0 ssl_expected_action=Unk... by haoban Path Finder in Splunk Search 08-30-2018 0 7	0	7
How do I group fairly unstructured events by specific words that they contain? I have data that doesn't contain many useful fields. I have an initial query that returns a large set of events, and ... by samsam48 Explorer in Splunk Search 08-30-2018 0 3	0	3
How to embed a timechart visualization from a Splunk query into a web app? I have the following Splunk query that produces the following visualization: I would like to embed this exact visu... by emiliavanderwer Explorer in Splunk Search 08-30-2018 1 5	1	5
How to find the earliest event in a query that can search in an index? My understanding is Splunk will purge old data in an index when the disk limit is reached. What is the easy/fast way ... by xindeNokia Path Finder in Splunk Search 08-30-2018 0 1	0	1
What is the function of host_regex? In our Splunk forwarder, in the path: /opt/splunk/etc/apps/app01/default we have many stanzas such as: [monitor:///e... by dkr3500 Path Finder in Splunk Search 08-30-2018 0 2	0	2
Is there an alternate to join? I am trying to create a join with a subsearch, but the subsearch results are getting truncated. is there a better way... by djain Path Finder in Splunk Search 08-30-2018 0 9	0	9
How do I display values of two fields in a stacked column chart? My intent of this panel is to show the proportion of Compliant IPs (a field) to their respective Total IPs (another f... by russell120 Communicator in Splunk Search 08-30-2018 0 5	0	5
How do I perform math against two searches? I have two searches that use the same index and each return a numerical total, differing only in the period of time o... by mo86 New Member in Splunk Search 08-30-2018 0 4	0	4
Using chained eval or separate eval statements, any performance gains? Is there any performance benefit in : using one eval with several chained statements v/s using separate eval stat... by stanwin Contributor in Splunk Search 08-30-2018 0 7	0	7