Splunk Search

Community Activity

How can I use the value of previous records field as new field value? I have a tabled data set like: ID Assessment Name Workflow Name Phase Name Process Name Step Name Step Owne... by tkwaller_2 Communicator in Splunk Search 07-03-2018 0 2	0	2
How can I concatenate tables from the same search at different time periods ? Hi, I am trying to compare the top sales of the latest week to the top sales of the previous week. I am trying to ge... by Clovisa Path Finder in Splunk Search 07-03-2018 0 2	0	2
Using Lookups in Splunk with CASE statements I am using CASE statements to evaluate value of msgcode variable below. Can this set of CASE-like statements be repla... by JuhiSaxena Explorer in Splunk Search 07-03-2018 0 2	0	2
Rex field extraction Could someone help me extract the two bold words from the following sample SAMPLE EVENT 1 2018-07-02 08:51:44,648 ht... by zacksoft Contributor in Splunk Search 07-03-2018 0 11	0	11
Multiple stats counts on different criteria Hi all, first question on Splunk Answers. I just finished the Fundamentals I training and am now wanting to do some m... by guythomasdavis Explorer in Splunk Search 07-03-2018 0 4	0	4
How to limit runtime for a search? Hi, Is there a setting to limit max runtime for a search? I don't see anything obvious. by a212830 Champion in Splunk Search 07-03-2018 0 4	0	4
Fetch the latest _raw event I have query which goes like this sourcetype="A" host=B \|rex "^(?:[^ \n]* ){2}(?P<user>\w+)"\|rex "^(?:[^... by zacksoft Contributor in Splunk Search 07-03-2018 0 1	0	1
how to see pan and zoom selected in a chart when dashboard is copied Hi, i want to send a dashboard link to someone, after selecting a zoom/pan in a chart and i want that pan to be copie... by monteiroh Explorer in Splunk Search 07-03-2018 0 12	0	12
Is there a function to create MD5 hash? Hi, is there a function to create the MD5 hash of a value? Cheers Heinz by HeinzWaescher Motivator in Splunk Search 07-03-2018 0 1	0	1
Calculate percentage between 2 reports Hello I use 2 reports with the code below index="windows-wmi" sourcetype="wmi:DiskRAMLoad" host="$field1$" (Name="m... by jip31 Motivator in Splunk Search 07-02-2018 0 4	0	4
Event count mismatch when using using `field_name="*"` and `field_name!=""` in tstats query Why is there a difference between the number of events scanned in both these queries? Using below query getting stati... by jshah24 Explorer in Splunk Search 07-02-2018 1 4	1	4
When i add a lookup search, source field goes missing Here is my query > index="test" (source="28q" OR > source="29q") \| bucket _time > span=1d as day \| rex field=_r... by premraj_vs Path Finder in Splunk Search 07-02-2018 0 1	0	1
Missing subsearch results I've created a search that is composed of two subsearches. I have a dashboard where if I search an application name,... by gbwilson Path Finder in Splunk Search 07-02-2018 0 6	0	6
Populate dropdown menu using lookup and tokens with multiple field values I am trying to populate a dropdown menu using a lookup table that contains all my server's hostname in one column and... by johnward4 Communicator in Splunk Search 07-02-2018 0 7	0	7
how to use transaction command for event spanning multiple days I'm trying to show the total HVAC usage during the day using transaction command: name=thermostatoperatingstate \| t... by jassal New Member in Splunk Search 07-02-2018 0 2	0	2
Splunk - How do i build a timeline chart to trace a transaction that has multiple asynchronous processes I would like to create a timeline view that shows the begin/end time of every event for a given transaction. The tran... by eplate New Member in Splunk Search 07-02-2018 0 2	0	2
How to merge one query with another one that has the same field? I currently have this search query: source="C:\Users\ragate\Desktop\splunk\JsonDump.txt" \| eval "LicenseKeyID"=su... by Ragate Explorer in Splunk Search 07-02-2018 0 3	0	3
Can I pass an indexed Date value to the time picker? As far as I know the time picker searches based on the time that the data was indexed in Splunk. I need to search bas... by calarie001 Explorer in Splunk Search 07-02-2018 0 5	0	5
Hybrid Search not working in Splunk Cloud "The searchhead is unable to update the peer information. Error = 'Master has multisite enabled but the search head is missing the 'multisite' attribute' for master" When I join the Hybrid Search Head to Cloud clustermaster I get this error. The searchhead is unable to update the p... by khourihan_splun Splunk Employee in Splunk Search 07-02-2018 0 2	0	2
Why is my scheduled search so much quicker than my adhoc search? Hi, I have a number of scheduled searches which run significantly faster than the same search run from the search-ba... by a212830 Champion in Splunk Search 07-02-2018 0 7	0	7
Transaction with multiple down events but only one up event results in incorrect duration calculation I've created a dashboard showing downtime for BGP adjacencies and WAN circuits. It works (almost) perfectly, but rece... by NJL Explorer in Splunk Search 07-02-2018 0 4	0	4
avg many fields HELLO I try to do an avg on multiple fields but i dont succeed for one field i use this / stats avg(ReadOperation... by jip31 Motivator in Splunk Search 07-02-2018 0 3	0	3
How to build a lookup table with a condition? I have a lookup of epoch times: epoch_time_lookup.csv Start Time End Time 1529737700 1529737800 1529737600 15297... by joydeep741 Path Finder in Splunk Search 07-01-2018 1 2	1	2
Why is the query with 3 sub search returning several items? Hello there ! This is my first post here  I've already read a lot of query/answer, try a lot of things, but .... ... by tomtomFR Explorer in Splunk Search 07-01-2018 0 7	0	7
How to show a true value for the If function? Hello All i have the below query which is based on a ping request running on the back end. the data looks like this ... by ranjitbrhm1 Communicator in Splunk Search 07-01-2018 0 3	0	3