Splunk Search

Community Activity

	How to do a timechart of a week with a timewrap on the previous year? Hi ! I am trying to display a timechart that gives the data of a week, and the data of the same week but one year ear... by Clovisa Path Finder in Splunk Search 07-06-2018 0 3	0	3
	How to search data for a unique user count by date? Hi, I am completely new to Splunk and I have a specific need to address so please be patient with my newbie incompet... by NealM New Member in Splunk Search 07-06-2018 0 5	0	5
	Merging Splunk Searches Hi Pros, I want to merge results of two queries together and need some help in achieving the best possible way to do... by memow8 New Member in Splunk Search 07-06-2018 0 1	0	1
	Exclude non-standard IIS result codes I am trying to get a chart of IIS result codes (mapped as sc_status) and ignore crap data. For example, one of the r... by drultima New Member in Splunk Search 07-06-2018 0 2	0	2
	Grouping Errors extracted with field extraction for to run trasform commands Hi All, I am trying to group different errors that i have extracted to run transform commands, like stats, chart, e... by VI371887 Path Finder in Splunk Search 07-06-2018 0 1	0	1
	Can I use an eval statement inside an if statement? Hi , Can I use an eval statement inside an if? I have to implement something like this : I have two fields : one ... by Mohsin123 Path Finder in Splunk Search 07-06-2018 0 10	0	10
	How to correlate events in ITSI ? How to correlate events in ITSI ? New to Splunk ITSI Example CPU and DB alerts collection based on CI match . Cur... by anurag0011 New Member in Splunk Search 07-05-2018 0 2	0	2
	Using eval from outer search to inner Hi, I am aware that an eval in the parent search cannot be used in a subsearch like this - \| eval foo = ..... \| e... by dhruv101 Path Finder in Splunk Search 07-05-2018 0 1	0	1
	Getting hold of an eval from subsearch Hello, How do I do something like this in splunk? eval base_starttime = [search index="app_event"\| eval starttime =... by dhruv101 Path Finder in Splunk Search 07-05-2018 0 2	0	2
	Removing redundancy from query Hi, I have a query with 5 joins but I am sure that this can be reduced to just one join. I cant figure out the syntax... by dhruv101 Path Finder in Splunk Search 07-05-2018 0 0	0	0
	Regex Help I'm trying to parse out the exception type and exception message from the DB Connect dbx_server logs. I'm having som... by bschaap Path Finder in Splunk Search 07-05-2018 0 5	0	5
	How to exclude events through lookup? Hi there, trying to exclude some events through the use of a lookup but it's not working for some reason: index=mai... by mmoermans Path Finder in Splunk Search 07-05-2018 0 3	0	3
	How do you see events where a variable's value is null? I am trying to see the events that have null values for a variable called 'Issuer', but I can't seem to find a way to... by pjdwyer Explorer in Splunk Search 07-05-2018 0 7	0	7
	How to use append on stats table to show count past 5 minutes? Hello, I am trying to show the last 5 minute count with a larger time period spark chart. index="iis" \|stats sparkl... by brianMiller94 Engager in Splunk Search 07-05-2018 0 2	0	2
	How do I merge two fields together and get rid of what does not match? Hi. I have two sources that I am trying to merge and dedup similar data. They both have a license key, one was longer... by Ragate Explorer in Splunk Search 07-05-2018 0 13	0	13
	Display the Results of Search Query at regular intervals of time with fixed start DateTime Hi , Currently am running below SPlunk Search Query where am using earliest=-0d@d latest=-2m. earliest=-0d@d latest... by boppana New Member in Splunk Search 07-05-2018 0 4	0	4
	How to do a common eval operation with dynamic field values? I have a splunk query index=abc sourcetype=xyz \| timechart by field1 This gives me data like _time column1 cloum... by joydeep741 Path Finder in Splunk Search 07-05-2018 0 2	0	2
	How to create a regex domain to not include "@" and terminate capture before ">"? Hi, I have been tinkering with regex101 for some time now and no luck. I have a field called sender Return-Path:<s... by Log_wrangler Builder in Splunk Search 07-05-2018 0 8	0	8
	How to make Linechart of users logged in throughout the day with tstats? I want to make a linechart of users in a division logged in throughout the day, but I can't make the tstat search wor... by powermundsen Engager in Splunk Search 07-05-2018 0 2	0	2
	Sequentially search a time range by multi-hour blocks, output each to csv Hi All! Here's my scenario: I'm searching 24 hours worth of data, but due to load I can only search in 4 hour increm... by jvesrc New Member in Splunk Search 07-05-2018 0 0	0	0
	Why is the walklex command not working? Hello splunkers, I'm trying to visualize one of my .tsidx file with the splunk "walklex" command, in order to see my... by julienoud New Member in Splunk Search 07-05-2018 0 2	0	2
	plus and minus in a trend calcul Hello In this piece of code, i want to add th possibility to display a percent result with + or - before the percen... by jip31 Motivator in Splunk Search 07-05-2018 0 6	0	6
	tstats subsearch Hi, I have a tstats query working perfectly however I need to then cross reference a field returned with the data he... by griggsy New Member in Splunk Search 07-05-2018 0 14	0	14
	How to split the value into title and value? I have a field that I extract to information from Whois this field every value is write so that the title of the valu... by mcohen13 Loves-to-Learn in Splunk Search 07-05-2018 0 2	0	2
	How to group and count together the rows based on some field value in splunk? Example: I am having a search in my view code and displaying results in the form of table. small example result: cust... by gokikrishnan198 New Member in Splunk Search 07-04-2018 0 1	0	1