Splunk Search

Community Activity

_time field is lost after merging events with command transaction? I want to merge multiple events that contains the same ID into an unique event. For example: {id: 123 setDate: 201... by edigilink Explorer in Splunk Search 07-18-2018 0 5	0	5
Create new field based off of sort order I've just created a simple search which sorts people's scores (anywhere from 0 to 10000). I want to be able to show t... by corematrix New Member in Splunk Search 07-18-2018 0 3	0	3
Alerting on multiple emails from grouping IPs I'm running into an issue where I am receiving a flood of emails for an alert. The alert works as expected when I al... by ksinghg Engager in Splunk Search 07-18-2018 0 0	0	0
I have to aggregate events in index by week and by month I have tried using bin command but as index=test\| bin span=1w _time \| chart count as total_count by _time, action B... by snigdhasaxena Communicator in Splunk Search 07-18-2018 0 1	0	1
How to create a regex that captures the first 6 characters of a mac address and removes the hyphen characters? I'm unable to create a regex that captures the first 6 characters of a mac address and removes the hyphen characters.... by dkorlat Explorer in Splunk Search 07-18-2018 0 4	0	4
Using subsearch we can pull several fields to main search, but the returned fields will be by default run with AND condition. Is there a way to pull multiple fields and run with OR condition ? Ex: sourcetype=abcd [search sourcetype=xyz field1=200 \| table field2,field3,field4] which will be literally sourc... by Uday_Gonti New Member in Splunk Search 07-18-2018 0 2	0	2
I have to aggregate events in index by week and by month. I have tried using bin command but as index=test\| bin span=1w _time \| chart count as total_count by _time, action ... by snigdhasaxena Communicator in Splunk Search 07-18-2018 0 2	0	2
How do you remove part of a field value? I am trying to remove the +'s in between words for my table (i.e. stainless+steel to be just stainless steel) and my ... by zikpefu New Member in Splunk Search 07-18-2018 0 2	0	2
Primary search for earliest=-24h, with subsearch for -15m ? A user has a dashboard made of multiple searches all based on the last 24 hours of a single very large index. Some p... by robgarner Path Finder in Splunk Search 07-18-2018 0 7	0	7
Help regarding splunk queries ? Hi Splunk members, How Can I get some metrics to indicate things like search concurrency, search queue depth, cancel... by splunker969 Communicator in Splunk Search 07-18-2018 0 2	0	2
Getting results from multiple searches without append or join Hi All, I have 2 sourcetypes as following:- Sourcetype_A Ticket \| Main_Ticket \| Value \| Line \| LinkedTicket Sou... by Chandras11 Communicator in Splunk Search 07-18-2018 0 4	0	4
search for eventcount comparison for two different time ranges i want to count eventcount comparison using time trends chart for today , lastweek and last2weeks. below are the my s... by john_q Explorer in Splunk Search 07-17-2018 0 3	0	3
Percentage based on Grand Total index="stage" \|stats dc(customers_name) as "Distinct Customer" by sku_name sku_number \|rename sku_name as Product sku... by andrehl Explorer in Splunk Search 07-17-2018 0 3	0	3
Does anyone have a sample CSV file with server health data (timestamp, CPU, etc) that I can index in Splunk to test operational analytics? Hi, Could anyone please provide some information on the below? If you have an excel/csv file with server health det... by tmmet New Member in Splunk Search 07-17-2018 0 5	0	5
eval'd value: Why is the 'search' command not able to get the value? I'm trying to use a search that looks like index=<index> sourcetype=<sourcetype> \| eval site=<site> \| lookup host_an... by mfrost8 Builder in Splunk Search 07-17-2018 0 2	0	2
Search result as input to another search Hi, anybody has an idea on how to get a value from one search and input it to another search, then display them in a ... by mcm10285 Communicator in Splunk Search 07-17-2018 1 9	1	9
Does anyone know of a right way to perform a case match statement with an or condition? I am looking to perform a case match search and have found that this query template attempted to answer how to define... by ixixix_spl Explorer in Splunk Search 07-17-2018 0 3	0	3
How to accelerate using transaction Hi, all for example, I want find all transactions contains some word. How to make it more faster ? If I have too mu... by keekkenen Engager in Splunk Search 07-17-2018 0 6	0	6
How to change the output in this format? Hi Splunker, Originally I have an output like this as a raw event in Splunk:- 2018-07-17 14:56:08 MIR="TUE, 17-JUL-... by m7787580 Explorer in Splunk Search 07-17-2018 0 2	0	2
How do you multiply a field value by the value's count? For example, I have the field "received_files" with 3 values: 1, 2, and 3. I already ran "convert num(received_files... by ryan_t_gavin New Member in Splunk Search 07-17-2018 0 0	0	0
How to build a srchFilter when two indexes are allowed? Hello, I am trying to build a role that would allow the users to access to two indexes (index1 and index2). The inde... by Clovisa Path Finder in Splunk Search 07-17-2018 0 2	0	2
How to display zero count in a stats table? Hi, I wonder whether someone may be able to help me please. I'm using the following stats query. `wso2_wmf(RequestC... by IRHM73 Motivator in Splunk Search 07-17-2018 1 6	1	6
How to use the time range in search query? I would like to find a error occurs in the past 30, 60 and 90 days. How to do that? by gokikrishnan198 New Member in Splunk Search 07-16-2018 0 1	0	1
how can I get data from tableelement In my dashBoard,i edit a table in sampleXML,then, The table is converted from sampleXML to HTML. and Converted code v... by flzhang132 Explorer in Splunk Search 07-16-2018 0 1	0	1
wmi.conf "interval" and "batch_size" I'm using Windows Universal Forwarder (UF) 7.1.2 in my test environment. Windows 2012 R2 (gets security event from R... by naotoyoshida New Member in Splunk Search 07-16-2018 0 0	0	0