Splunk Search

Community Activity

For multiple single value chart use one drilldown table when all chart having drilldown In my dashboard i have 5 single value chart and all 5 having drilldown so i have 5 drilldown table i want to combine ... by anjneesharma New Member in Splunk Search 07-03-2018 0 5	0	5
Overlaying on chart with a previous years data when x-axis do not match I am displaying some data by Month for 2018/2019 (i.e. 01-2018, 02-2018) on a barchart. Search Query: ( sourcetype=s... by jackreeves Explorer in Splunk Search 07-03-2018 0 1	0	1
How to extract with rex from the beginning of a string to delimiter or the end of line? How do I write a rex command to extract from up to a particular delimiter (such as comma) or (if there is no delimite... by pm771 Communicator in Splunk Search 07-03-2018 1 4	1	4
How to use different time ranges in sub-queries in savedsearches.conf I am using a composite query which has join to another query. I need to use a longer time range in the main/outer que... by isamrat Explorer in Splunk Search 07-03-2018 0 1	0	1
In field extraction, how to do the matching between them and increment the result? Hi everyone, I'm looking to have this result: For that I have 2 lines in my file: Question: Service + IdTransac... by omarka New Member in Splunk Search 07-03-2018 0 11	0	11
Translating string in search string In my search strings I often rename columns using "AS". Is there a way I can expose those as parameters so that when ... by derekf Explorer in Splunk Search 07-03-2018 0 3	0	3
where clause evaluates differently with presence of fields in prior table command I am putting a query to findout all SSH connection between internal network and external network. Logic I am trying... by sdesigowda New Member in Splunk Search 07-03-2018 0 4	0	4
How do you turn this test string into a regular expression Hello How do you convert the following test string to a regular expression, if the test string contains spaces? Beca... by Danielle2018V New Member in Splunk Search 07-03-2018 0 2	0	2
How to plot max system load against the actual load? I have the following simple query: index=os sourcetype=vmstat tag=dcv-na \| eval MaxLoad = 28 \| timechart max(loadA... by jackpal Path Finder in Splunk Search 07-03-2018 0 3	0	3
How can I use the value of previous records field as new field value? I have a tabled data set like: ID Assessment Name Workflow Name Phase Name Process Name Step Name Step Owne... by tkwaller_2 Communicator in Splunk Search 07-03-2018 0 2	0	2
How can I concatenate tables from the same search at different time periods ? Hi, I am trying to compare the top sales of the latest week to the top sales of the previous week. I am trying to ge... by Clovisa Path Finder in Splunk Search 07-03-2018 0 2	0	2
Using Lookups in Splunk with CASE statements I am using CASE statements to evaluate value of msgcode variable below. Can this set of CASE-like statements be repla... by JuhiSaxena Explorer in Splunk Search 07-03-2018 0 2	0	2
Rex field extraction Could someone help me extract the two bold words from the following sample SAMPLE EVENT 1 2018-07-02 08:51:44,648 ht... by zacksoft Contributor in Splunk Search 07-03-2018 0 11	0	11
Multiple stats counts on different criteria Hi all, first question on Splunk Answers. I just finished the Fundamentals I training and am now wanting to do some m... by guythomasdavis Explorer in Splunk Search 07-03-2018 0 4	0	4
How to limit runtime for a search? Hi, Is there a setting to limit max runtime for a search? I don't see anything obvious. by a212830 Champion in Splunk Search 07-03-2018 0 4	0	4
Fetch the latest _raw event I have query which goes like this sourcetype="A" host=B \|rex "^(?:[^ \n]* ){2}(?P<user>\w+)"\|rex "^(?:[^... by zacksoft Contributor in Splunk Search 07-03-2018 0 1	0	1
how to see pan and zoom selected in a chart when dashboard is copied Hi, i want to send a dashboard link to someone, after selecting a zoom/pan in a chart and i want that pan to be copie... by monteiroh Explorer in Splunk Search 07-03-2018 0 12	0	12
Is there a function to create MD5 hash? Hi, is there a function to create the MD5 hash of a value? Cheers Heinz by HeinzWaescher Motivator in Splunk Search 07-03-2018 0 1	0	1
Calculate percentage between 2 reports Hello I use 2 reports with the code below index="windows-wmi" sourcetype="wmi:DiskRAMLoad" host="$field1$" (Name="m... by jip31 Motivator in Splunk Search 07-02-2018 0 4	0	4
Event count mismatch when using using `field_name="*"` and `field_name!=""` in tstats query Why is there a difference between the number of events scanned in both these queries? Using below query getting stati... by jshah24 Explorer in Splunk Search 07-02-2018 1 4	1	4
When i add a lookup search, source field goes missing Here is my query > index="test" (source="28q" OR > source="29q") \| bucket _time > span=1d as day \| rex field=_r... by premraj_vs Path Finder in Splunk Search 07-02-2018 0 1	0	1
Missing subsearch results I've created a search that is composed of two subsearches. I have a dashboard where if I search an application name,... by gbwilson Path Finder in Splunk Search 07-02-2018 0 6	0	6
Populate dropdown menu using lookup and tokens with multiple field values I am trying to populate a dropdown menu using a lookup table that contains all my server's hostname in one column and... by johnward4 Communicator in Splunk Search 07-02-2018 0 7	0	7
how to use transaction command for event spanning multiple days I'm trying to show the total HVAC usage during the day using transaction command: name=thermostatoperatingstate \| t... by jassal New Member in Splunk Search 07-02-2018 0 2	0	2
Splunk - How do i build a timeline chart to trace a transaction that has multiple asynchronous processes I would like to create a timeline view that shows the begin/end time of every event for a given transaction. The tran... by eplate New Member in Splunk Search 07-02-2018 0 2	0	2