Splunk Search

Community Activity

How do I create a new column with incremental change based on another column? Hello everyone, I am new to Splunk world and stuck with a query. Can you please help me find the solution for followi... by KChaudhary Explorer in Splunk Search 08-30-2018 2 2	2	2
common sql query to have for multiple sites dashboard with same metrices I have a server in 30 sites in which each site has the same dashboard with the same metrics. But, the host will be in... by DataOrg Builder in Splunk Search 08-30-2018 0 0	0	0
How to rewite a query to change the columns to rows and the rows to columns? How to convert below query such that rows are converted to columns index=data earliest=-1w@w latest=now \|eval reques... by sangs8788 Communicator in Splunk Search 08-30-2018 0 6	0	6
How to find the request per second by organization? Hi I have an event which is comprised of OrgName, RequestName and others. How do i find the the average & max reque... by sangs8788 Communicator in Splunk Search 08-30-2018 0 9	0	9
How to extract fields in a file? I need to extract each filed in "monitoringdata" in file. belo is sample of data: {"@timestamp":"2018-07-27T16:06:28... by dhirendra761 Contributor in Splunk Search 08-29-2018 0 14	0	14
Alert suppression What is the best way to run a search to be alerted/emailed between 4pm-6am M-F, weekend and holidays? Should the sea... by ahuihou New Member in Splunk Search 08-29-2018 0 9	0	9
Why is _time is NULL when using JOIN? I have this search query: \| inputlookup "asset-list" \| SEARCH PROD_CAT_2="Database" PROD_CAT_3="SQL Server" STATUS=... by malmiran Path Finder in Splunk Search 08-29-2018 0 5	0	5
How to search with a fixed time span timechart everyday? I am trying to find my average response time of everyday events (not avg of all the events of that day , but the even... by zacksoft Contributor in Splunk Search 08-29-2018 0 6	0	6
Change the color of rows in a table based on text value in Splunk Enterprise v6.4 My Table is as follows RAG status Count Red 1 Amber 4 Green 10 Grey 7 I am ... by rijinc Explorer in Splunk Search 08-29-2018 1 14	1	14
Could you help me create a search query which fetches Saved Searches with enabled Email Ids? We have configured around 700+ Searches and Reports (Saved searches) in our Search Head server and, for most of tho... by anandhalagarasa Path Finder in Splunk Search 08-29-2018 0 2	0	2
How do you set the order of queries to be run in a Splunk dashboard? We have 2 different searches which are interrelated. 1st search is called through a macro which publishes its result... by rbal_splunk Splunk Employee in Splunk Search 08-29-2018 0 2	0	2
How do you set up a timechart with multiple rows? I am trying to setup a timechart and I am a beginner in Splunk. I'd like to show a timechart with two rows, i.e., two... by baskarkrishnanc Engager in Splunk Search 08-29-2018 0 2	0	2
Extraction: How to split the values and search for specific words? Hello, I have got a few events with the fields "Information" and "Name". Few events look like below, and I have many ... by bollam Path Finder in Splunk Search 08-29-2018 0 3	0	3
What is the best way to get the running average and standard deviations for HTTP request character length? What would be the best way to search for anomalies/outliers for HTTP request character length by source IP? Looking f... by jwalzerpitt Influencer in Splunk Search 08-29-2018 0 1	0	1
How to extract multiple values from a multi-value field and use these in a table? I have a multivalue field (custom_4) separated by dollar signs that I have separated in to separate values with the b... by mal81394 New Member in Splunk Search 08-29-2018 0 1	0	1
Timechart as VS Timechart by Over the last 3 days I was trying to create dashboard with single value + trends. The query was something like this:... by shayhibah Path Finder in Splunk Search 08-29-2018 0 8	0	8
Can I REGEX a string and assign to field? I have Graylog forwarding Windows events and I use this command in my props.conf to parser FIELDALIAS-winlogbeat_as... by pfabrizi Path Finder in Splunk Search 08-29-2018 0 10	0	10
Is there a way to avoid the join command between indexes? I'm trying to get my head around the alternatives, but can't see how I could get rid of the join in the following que... by Esperteyu Explorer in Splunk Search 08-29-2018 0 8	0	8
Can someone help me chart JSON values? I have a JSON just like this. I want to chart data of the values inside values key. The keys of the data in the value... by sarnathkj Explorer in Splunk Search 08-29-2018 0 1	0	1
Lookup matching question Hi, I used the code below. In a first version of the code, my code began by \| inputlookup append=t NZDL.csv And afte... by jip31 Motivator in Splunk Search 08-29-2018 0 1	0	1
Is it possible to extract dimensions from the source field for metrics imported from CSV files? We already use a custom CSV formt to report application metrics. The format is very similar to the one introduced in ... by krdo Communicator in Splunk Search 08-29-2018 0 7	0	7
How to check if the field exists and extract the value? Hi. I need to use IP Address in iplocation, but O365 returns 2 different logs. one with "ClientIP" field and others w... by avtandil Engager in Splunk Search 08-29-2018 0 2	0	2
Remove CN= string and the rest from my search results Hi guys! I'm loking for a search like this: source="WinEventLog:Security" name = "A member group" Group_Name="*ad... by jnahuelperez35 Path Finder in Splunk Search 08-29-2018 0 4	0	4
Find Hosts which do their searches in alphabetical order Hi there I have many log-entries with the two fields "host_address" (an IP address) and "query" (a search query). On... by switch_dast Explorer in Splunk Search 08-29-2018 1 6	1	6
How to join two searches that both have subsearches and transactions I have an index with email data. With it, I have two separate searches that utilize subsearches to put together a se... by DEAD_BEEF Builder in Splunk Search 08-28-2018 0 1	0	1