Splunk Search

Community Activity

Is it possible to do a conditional stats values command A common usecase I run into is I want to join two sources of data together only if fields meet certain criteria. The ... by twhite_splunk Splunk Employee in Splunk Search 08-20-2018 0 7	0	7
check if stringa in stingb how can i make a case condition to check if StingA is in StringB? for example StingA is "xxx.com." StingB is: "a.xxx... by mcohen13 Loves-to-Learn in Splunk Search 08-20-2018 0 3	0	3
Back end query to pull the active searches running in Search Head I want to check what are the searches which are running currently or which are finalizing or which is done via our ba... by anandhalagarasa Path Finder in Splunk Search 08-20-2018 0 5	0	5
Help on complex request in order to improve the performances Hello I need help on a complex request with different indexes and with a "primary key" (host which is the name of th... by jip31 Motivator in Splunk Search 08-19-2018 0 15	0	15
Hide a column based on search criteria I want to hide a column based on some search. I have three columns. Host, Value , Unit If(host=abc) then hide the ... by sahil237888 Path Finder in Splunk Search 08-19-2018 0 8	0	8
Can someone help me with regex to remove HTML tags from fields? Hello, Could someone please help me with removing the HTML tags from fields. The data is a few sentences, such as r... by ndsouza25 New Member in Splunk Search 08-19-2018 0 12	0	12
how to calculate Throughput Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time) by rajhemant26 New Member in Splunk Search 08-18-2018 0 2	0	2
How to export a Splunk search and display it in Grafana without requiring to use their own data source? Hello I would like to export the Splunk's search and to also display it in Grafana without requiring to use their ow... by bernardchew New Member in Splunk Search 08-18-2018 0 2	0	2
How to return full count of field1, and a TRUE/FALSE field if 1 or more of the results in field1 matches a specific criteria? eventtype=X \| iplocation ClientIP \| where Country!="United States" \| eval bad=if(match(Country,"Brazil\|China\|Vietnam... by Earenhart Path Finder in Splunk Search 08-18-2018 0 3	0	3
Why does Fillnull not work without specifying a field? Hi,If I try to run this search, the value of my_null_field doesn't change to "?" \| makeresults \| table _time my_null... by 606866581 Path Finder in Splunk Search 08-18-2018 1 5	1	5
Splitting columns into rows Hi Splunk Gurus, I have an unusual requirement where I need to create two rows from one: A \| B \| C \|D \| E to Row ... by greg_cox1979 New Member in Splunk Search 08-18-2018 0 3	0	3
Limitation on number of boolean clauses within search string Is there a limitation on the number of search boolean clauses (i.e. OR, AND) within a search string? For example \|... by jcart11entergy Engager in Splunk Search 08-18-2018 0 1	0	1
Assign keys to tokenised string Hi there, Can someone help me with reading the tokenized string and assign the keys to each index retrieved. It is di... by afulamba Explorer in Splunk Search 08-17-2018 0 5	0	5
Using tstats to extract first element in multivalue field I have a field that looks something like this in the event viewer: project_sources: [ { scmEvent: { ... by BarnesLeo Engager in Splunk Search 08-17-2018 0 2	0	2
select latest timestamp of data and from second to last date. I have this data set of data coming in multiple times a day. I want to select all the latest timestamp and the lates... by michaelrosello Path Finder in Splunk Search 08-17-2018 0 3	0	3
How to extract fields from JSON data in Splunk? Hi We have the below data, out of which I wanted to extract specific data from the json format. 06/Feb/2016:16:10:... by kotig Path Finder in Splunk Search 08-17-2018 2 7	2	7
Monitoring the directories recursively Hi, I have a directory on E drive by name SPLUNK. It has 3 to 4 subdirectories in it and under each subdirectory the... by sushma7 Path Finder in Splunk Search 08-17-2018 0 8	0	8
How to calculate the average delta between each event and the event count? Hi Splunkers, Need a help in forming a splunk query. Requirement: Find the time difference (delta1, delta2,delta3..... by ankithnageshshe Path Finder in Splunk Search 08-17-2018 0 1	0	1
Strange search behavior with "transaction" Hello, Could someone explain me the following strange behavior with search With this type of search : sourcetype="... by cnoulin Explorer in Splunk Search 08-17-2018 0 7	0	7
How can I extract key value pair in a table? I have data like Data: {"code": "abc", "version": "2018.6", "name": "testdata", "group": "QA", "DB": "oracle"} i... by siddharthmis Explorer in Splunk Search 08-17-2018 0 2	0	2
How can I split multi values in a single value ? Hi guys, I wanna get 2 values in a single value (visualization) as picture. Please help me. Thanks by haind27 New Member in Splunk Search 08-17-2018 0 1	0	1
Is there a shortcut to piping the table command where splunk-created fields are automatically excluded? Given that my search criteria is this: index=some_index sourcetype=some_sourcetype, is there a shortcut to piping the... by morethanyell Builder in Splunk Search 08-16-2018 0 3	0	3
How to combine unique values of the field into one? I am trying to make a report with the unique combination of ID, AVER SRV & ZONE. However, since I am getting lots of ... by srizan Path Finder in Splunk Search 08-16-2018 0 4	0	4
wget URL for apps Thanks Splunk for such a great and powerful system. I'm trying to do a scripted deploy using this URL. http://splun... by cutmedia Engager in Splunk Search 08-16-2018 2 5	2	5
Data Visualization Collision Hi all, I am having trouble with data visualizations. Two of my data points are layered on top of each other. I hav... by zgoda Explorer in Splunk Search 08-16-2018 0 5	0	5