Splunk Search

Community Activity

How to extract all my fields from the log? 2018-07-19 02:05:13,901\|3801531980313892\|MA_SE\|aabbcc\|12121212\|10\|FGH\|lOP\|\|\|EMAIL\|KARTHI@GMAIL.COM\|LEVEL2\|12/22/2017\|... by karthi2809 Builder in Splunk Search 07-19-2018 0 3	0	3
How to call external Python interpreter using .path file? I want to use the python on OS instead of Splunk in-built python as it failed to import numpy and scipy. In the searc... by dragut New Member in Splunk Search 07-18-2018 0 0	0	0
Get alerted for 4consecutive failure SUCCESS_STATUS=FAILED I have a base search with index , source , and the sourcetype , I want to build alert when the SUCCESS_STATUS is havi... by Manoj_g New Member in Splunk Search 07-18-2018 0 1	0	1
How to calculate the difference between two rows with multiple fields? I have a search returns two rows of records (check the result from the following query): \| makeresults \| eval date=... by splunkrocks2014 Communicator in Splunk Search 07-18-2018 0 1	0	1
How to manipulate stats or chart results mathematically? Hey everyone, I've got a search search = * \| eval _time=_time - (66060) \| bucket _time span=1d # Takes the curr... by MaxwellCrew New Member in Splunk Search 07-18-2018 0 4	0	4
How to install Timeline and Calendar Heat Map? We would like to install the Timeline and Calendar Heat Map. What do we need to do? by ddrillic Ultra Champion in Splunk Search 07-18-2018 0 3	0	3
Splunk query to merge 2 timecharts as overlay Hello, I have 2 timecharts that are working independently, can you help to merge both to one query (as overylay), th... by Mathanjey Explorer in Splunk Search 07-18-2018 0 2	0	2
How to convert a chart back to its original format? I have the following SPL: some search \| table _time, col1, col2 \| timechart span=2m useother=f values(col2) as col2 ... by jkalyanasundara New Member in Splunk Search 07-18-2018 0 1	0	1
_time field is lost after merging events with command transaction? I want to merge multiple events that contains the same ID into an unique event. For example: {id: 123 setDate: 201... by edigilink Explorer in Splunk Search 07-18-2018 0 5	0	5
Create new field based off of sort order I've just created a simple search which sorts people's scores (anywhere from 0 to 10000). I want to be able to show t... by corematrix New Member in Splunk Search 07-18-2018 0 3	0	3
Alerting on multiple emails from grouping IPs I'm running into an issue where I am receiving a flood of emails for an alert. The alert works as expected when I al... by ksinghg Engager in Splunk Search 07-18-2018 0 0	0	0
I have to aggregate events in index by week and by month I have tried using bin command but as index=test\| bin span=1w _time \| chart count as total_count by _time, action B... by snigdhasaxena Communicator in Splunk Search 07-18-2018 0 1	0	1
How to create a regex that captures the first 6 characters of a mac address and removes the hyphen characters? I'm unable to create a regex that captures the first 6 characters of a mac address and removes the hyphen characters.... by dkorlat Explorer in Splunk Search 07-18-2018 0 4	0	4
Using subsearch we can pull several fields to main search, but the returned fields will be by default run with AND condition. Is there a way to pull multiple fields and run with OR condition ? Ex: sourcetype=abcd [search sourcetype=xyz field1=200 \| table field2,field3,field4] which will be literally sourc... by Uday_Gonti New Member in Splunk Search 07-18-2018 0 2	0	2
I have to aggregate events in index by week and by month. I have tried using bin command but as index=test\| bin span=1w _time \| chart count as total_count by _time, action ... by snigdhasaxena Communicator in Splunk Search 07-18-2018 0 2	0	2
How do you remove part of a field value? I am trying to remove the +'s in between words for my table (i.e. stainless+steel to be just stainless steel) and my ... by zikpefu New Member in Splunk Search 07-18-2018 0 2	0	2
Primary search for earliest=-24h, with subsearch for -15m ? A user has a dashboard made of multiple searches all based on the last 24 hours of a single very large index. Some p... by robgarner Path Finder in Splunk Search 07-18-2018 0 7	0	7
Help regarding splunk queries ? Hi Splunk members, How Can I get some metrics to indicate things like search concurrency, search queue depth, cancel... by splunker969 Communicator in Splunk Search 07-18-2018 0 2	0	2
Getting results from multiple searches without append or join Hi All, I have 2 sourcetypes as following:- Sourcetype_A Ticket \| Main_Ticket \| Value \| Line \| LinkedTicket Sou... by Chandras11 Communicator in Splunk Search 07-18-2018 0 4	0	4
search for eventcount comparison for two different time ranges i want to count eventcount comparison using time trends chart for today , lastweek and last2weeks. below are the my s... by john_q Explorer in Splunk Search 07-17-2018 0 3	0	3
Percentage based on Grand Total index="stage" \|stats dc(customers_name) as "Distinct Customer" by sku_name sku_number \|rename sku_name as Product sku... by andrehl Explorer in Splunk Search 07-17-2018 0 3	0	3
Does anyone have a sample CSV file with server health data (timestamp, CPU, etc) that I can index in Splunk to test operational analytics? Hi, Could anyone please provide some information on the below? If you have an excel/csv file with server health det... by tmmet New Member in Splunk Search 07-17-2018 0 5	0	5
eval'd value: Why is the 'search' command not able to get the value? I'm trying to use a search that looks like index=<index> sourcetype=<sourcetype> \| eval site=<site> \| lookup host_an... by mfrost8 Builder in Splunk Search 07-17-2018 0 2	0	2
Search result as input to another search Hi, anybody has an idea on how to get a value from one search and input it to another search, then display them in a ... by mcm10285 Communicator in Splunk Search 07-17-2018 1 9	1	9
Does anyone know of a right way to perform a case match statement with an or condition? I am looking to perform a case match search and have found that this query template attempted to answer how to define... by ixixix_spl Explorer in Splunk Search 07-17-2018 0 3	0	3