Splunk Search

Community Activity

How do I group fairly unstructured events by specific words that they contain? I have data that doesn't contain many useful fields. I have an initial query that returns a large set of events, and ... by samsam48 Explorer in Splunk Search 08-30-2018 0 3	0	3
How to embed a timechart visualization from a Splunk query into a web app? I have the following Splunk query that produces the following visualization: I would like to embed this exact visu... by emiliavanderwer Explorer in Splunk Search 08-30-2018 1 5	1	5
How to find the earliest event in a query that can search in an index? My understanding is Splunk will purge old data in an index when the disk limit is reached. What is the easy/fast way ... by xindeNokia Path Finder in Splunk Search 08-30-2018 0 1	0	1
What is the function of host_regex? In our Splunk forwarder, in the path: /opt/splunk/etc/apps/app01/default we have many stanzas such as: [monitor:///e... by dkr3500 Path Finder in Splunk Search 08-30-2018 0 2	0	2
Is there an alternate to join? I am trying to create a join with a subsearch, but the subsearch results are getting truncated. is there a better way... by djain Path Finder in Splunk Search 08-30-2018 0 9	0	9
How do I display values of two fields in a stacked column chart? My intent of this panel is to show the proportion of Compliant IPs (a field) to their respective Total IPs (another f... by russell120 Communicator in Splunk Search 08-30-2018 0 5	0	5
How do I perform math against two searches? I have two searches that use the same index and each return a numerical total, differing only in the period of time o... by mo86 New Member in Splunk Search 08-30-2018 0 4	0	4
Using chained eval or separate eval statements, any performance gains? Is there any performance benefit in : using one eval with several chained statements v/s using separate eval stat... by stanwin Contributor in Splunk Search 08-30-2018 0 7	0	7
How do I create a new column with incremental change based on another column? Hello everyone, I am new to Splunk world and stuck with a query. Can you please help me find the solution for followi... by KChaudhary Explorer in Splunk Search 08-30-2018 2 2	2	2
common sql query to have for multiple sites dashboard with same metrices I have a server in 30 sites in which each site has the same dashboard with the same metrics. But, the host will be in... by DataOrg Builder in Splunk Search 08-30-2018 0 0	0	0
How to rewite a query to change the columns to rows and the rows to columns? How to convert below query such that rows are converted to columns index=data earliest=-1w@w latest=now \|eval reques... by sangs8788 Communicator in Splunk Search 08-30-2018 0 6	0	6
How to find the request per second by organization? Hi I have an event which is comprised of OrgName, RequestName and others. How do i find the the average & max reque... by sangs8788 Communicator in Splunk Search 08-30-2018 0 9	0	9
How to extract fields in a file? I need to extract each filed in "monitoringdata" in file. belo is sample of data: {"@timestamp":"2018-07-27T16:06:28... by dhirendra761 Contributor in Splunk Search 08-29-2018 0 14	0	14
Alert suppression What is the best way to run a search to be alerted/emailed between 4pm-6am M-F, weekend and holidays? Should the sea... by ahuihou New Member in Splunk Search 08-29-2018 0 9	0	9
Why is _time is NULL when using JOIN? I have this search query: \| inputlookup "asset-list" \| SEARCH PROD_CAT_2="Database" PROD_CAT_3="SQL Server" STATUS=... by malmiran Path Finder in Splunk Search 08-29-2018 0 5	0	5
How to search with a fixed time span timechart everyday? I am trying to find my average response time of everyday events (not avg of all the events of that day , but the even... by zacksoft Contributor in Splunk Search 08-29-2018 0 6	0	6
Change the color of rows in a table based on text value in Splunk Enterprise v6.4 My Table is as follows RAG status Count Red 1 Amber 4 Green 10 Grey 7 I am ... by rijinc Explorer in Splunk Search 08-29-2018 1 14	1	14
Could you help me create a search query which fetches Saved Searches with enabled Email Ids? We have configured around 700+ Searches and Reports (Saved searches) in our Search Head server and, for most of tho... by anandhalagarasa Path Finder in Splunk Search 08-29-2018 0 2	0	2
How do you set the order of queries to be run in a Splunk dashboard? We have 2 different searches which are interrelated. 1st search is called through a macro which publishes its result... by rbal_splunk Splunk Employee in Splunk Search 08-29-2018 0 2	0	2
How do you set up a timechart with multiple rows? I am trying to setup a timechart and I am a beginner in Splunk. I'd like to show a timechart with two rows, i.e., two... by baskarkrishnanc Engager in Splunk Search 08-29-2018 0 2	0	2
Extraction: How to split the values and search for specific words? Hello, I have got a few events with the fields "Information" and "Name". Few events look like below, and I have many ... by bollam Path Finder in Splunk Search 08-29-2018 0 3	0	3
What is the best way to get the running average and standard deviations for HTTP request character length? What would be the best way to search for anomalies/outliers for HTTP request character length by source IP? Looking f... by jwalzerpitt Influencer in Splunk Search 08-29-2018 0 1	0	1
How to extract multiple values from a multi-value field and use these in a table? I have a multivalue field (custom_4) separated by dollar signs that I have separated in to separate values with the b... by mal81394 New Member in Splunk Search 08-29-2018 0 1	0	1
Timechart as VS Timechart by Over the last 3 days I was trying to create dashboard with single value + trends. The query was something like this:... by shayhibah Path Finder in Splunk Search 08-29-2018 0 8	0	8
Can I REGEX a string and assign to field? I have Graylog forwarding Windows events and I use this command in my props.conf to parser FIELDALIAS-winlogbeat_as... by pfabrizi Path Finder in Splunk Search 08-29-2018 0 10	0	10