Splunk Search

Community Activity

Getting results from multiple searches without append or join Hi All, I have 2 sourcetypes as following:- Sourcetype_A Ticket \| Main_Ticket \| Value \| Line \| LinkedTicket Sou... by Chandras11 Communicator in Splunk Search 07-18-2018 0 4	0	4
search for eventcount comparison for two different time ranges i want to count eventcount comparison using time trends chart for today , lastweek and last2weeks. below are the my s... by john_q Explorer in Splunk Search 07-17-2018 0 3	0	3
Percentage based on Grand Total index="stage" \|stats dc(customers_name) as "Distinct Customer" by sku_name sku_number \|rename sku_name as Product sku... by andrehl Explorer in Splunk Search 07-17-2018 0 3	0	3
Does anyone have a sample CSV file with server health data (timestamp, CPU, etc) that I can index in Splunk to test operational analytics? Hi, Could anyone please provide some information on the below? If you have an excel/csv file with server health det... by tmmet New Member in Splunk Search 07-17-2018 0 5	0	5
eval'd value: Why is the 'search' command not able to get the value? I'm trying to use a search that looks like index=<index> sourcetype=<sourcetype> \| eval site=<site> \| lookup host_an... by mfrost8 Builder in Splunk Search 07-17-2018 0 2	0	2
Search result as input to another search Hi, anybody has an idea on how to get a value from one search and input it to another search, then display them in a ... by mcm10285 Communicator in Splunk Search 07-17-2018 1 9	1	9
Does anyone know of a right way to perform a case match statement with an or condition? I am looking to perform a case match search and have found that this query template attempted to answer how to define... by ixixix_spl Explorer in Splunk Search 07-17-2018 0 3	0	3
How to accelerate using transaction Hi, all for example, I want find all transactions contains some word. How to make it more faster ? If I have too mu... by keekkenen Engager in Splunk Search 07-17-2018 0 6	0	6
How to change the output in this format? Hi Splunker, Originally I have an output like this as a raw event in Splunk:- 2018-07-17 14:56:08 MIR="TUE, 17-JUL-... by m7787580 Explorer in Splunk Search 07-17-2018 0 2	0	2
How do you multiply a field value by the value's count? For example, I have the field "received_files" with 3 values: 1, 2, and 3. I already ran "convert num(received_files... by ryan_t_gavin New Member in Splunk Search 07-17-2018 0 0	0	0
How to build a srchFilter when two indexes are allowed? Hello, I am trying to build a role that would allow the users to access to two indexes (index1 and index2). The inde... by Clovisa Path Finder in Splunk Search 07-17-2018 0 2	0	2
How to display zero count in a stats table? Hi, I wonder whether someone may be able to help me please. I'm using the following stats query. `wso2_wmf(RequestC... by IRHM73 Motivator in Splunk Search 07-17-2018 1 6	1	6
How to use the time range in search query? I would like to find a error occurs in the past 30, 60 and 90 days. How to do that? by gokikrishnan198 New Member in Splunk Search 07-16-2018 0 1	0	1
how can I get data from tableelement In my dashBoard,i edit a table in sampleXML,then, The table is converted from sampleXML to HTML. and Converted code v... by flzhang132 Explorer in Splunk Search 07-16-2018 0 1	0	1
wmi.conf "interval" and "batch_size" I'm using Windows Universal Forwarder (UF) 7.1.2 in my test environment. Windows 2012 R2 (gets security event from R... by naotoyoshida New Member in Splunk Search 07-16-2018 0 0	0	0
How to rename multiple field names and bind them by one common field? Team, We have 3 different sourcetype on which endpoint/device are identified by different fieldname: sourcetype=x e... by CryoHydra Path Finder in Splunk Search 07-16-2018 0 4	0	4
How to assign numeric values based on counts? Hello, I need some help. I'm trying to make a search where I take recipient_count and assign a "value" based on how... by yagbootz48 New Member in Splunk Search 07-16-2018 0 3	0	3
Using Lookup table of known errors in search to not include in results. Hello splunk users, So I have a system that I am logging all errors to splunk. I have been getting a few false posi... by SSchaff81 New Member in Splunk Search 07-16-2018 0 2	0	2
How to eliminate duplicate rows in a scheduled lookup? I have created a search to populate a lookup periodically. index x sourcetype=y \| outputlookup abc.csv append=true ... by joydeep741 Path Finder in Splunk Search 07-16-2018 0 2	0	2
Get search results after earlier search query I have a requirement where I have to show the logs in splunk after an earlier search query. i.e Suppose I get a set o... by aravindkv805 New Member in Splunk Search 07-16-2018 0 0	0	0
Why is Splunk Python SDK export not using field extraction? Hi there, I am trying to use the Python Splunk-SDK to query results from a search, and return a specific field that... by zhatsispgx Path Finder in Splunk Search 07-16-2018 0 7	0	7
Find event with invalid JSON Trying to find a consistent way of finding events that contain invalid JSON. We've ran into all sorts of different is... by tjago11 Communicator in Splunk Search 07-16-2018 0 14	0	14
How do you create an if statement without the else? I am producing a table that will monitor what various users are searching for and I am trying to limit the amount of ... by zikpefu New Member in Splunk Search 07-16-2018 0 2	0	2
help on eval hello i try to use the code below but everytimes i have an issue of quote or parenthesis even if i do modifications: ... by jip31 Motivator in Splunk Search 07-16-2018 0 9	0	9
How to assign multivalued field to a variable? Hi, I'm trying to assign the multivalue field ApixRes and RestRes to a new variable result . But , it isnt working a... by Mohsin123 Path Finder in Splunk Search 07-16-2018 0 3	0	3