Splunk Search

Community Activity

Why is my scheduled search so much quicker than my adhoc search? Hi, I have a number of scheduled searches which run significantly faster than the same search run from the search-ba... by a212830 Champion in Splunk Search 07-02-2018 0 7	0	7
Transaction with multiple down events but only one up event results in incorrect duration calculation I've created a dashboard showing downtime for BGP adjacencies and WAN circuits. It works (almost) perfectly, but rece... by NJL Explorer in Splunk Search 07-02-2018 0 4	0	4
avg many fields HELLO I try to do an avg on multiple fields but i dont succeed for one field i use this / stats avg(ReadOperation... by jip31 Motivator in Splunk Search 07-02-2018 0 3	0	3
How to build a lookup table with a condition? I have a lookup of epoch times: epoch_time_lookup.csv Start Time End Time 1529737700 1529737800 1529737600 15297... by joydeep741 Path Finder in Splunk Search 07-01-2018 1 2	1	2
Why is the query with 3 sub search returning several items? Hello there ! This is my first post here  I've already read a lot of query/answer, try a lot of things, but .... ... by tomtomFR Explorer in Splunk Search 07-01-2018 0 7	0	7
How to show a true value for the If function? Hello All i have the below query which is based on a ping request running on the back end. the data looks like this ... by ranjitbrhm1 Communicator in Splunk Search 07-01-2018 0 3	0	3
AND condition in Regex I need solution for the following example, My String : {<!-- -->{My_pa{ss}word}} In this string I want to select only star... by Piraisudan New Member in Splunk Search 06-30-2018 0 3	0	3
How can I split similar fields into multiple related events? I have some events like this. Wifi AP and DEVICE connected to it. A one to many AP to DEVICE relationship exists AP,... by pwild_splunk Splunk Employee in Splunk Search 06-30-2018 0 2	0	2
Spunk Search Query for Trimming and Grouping Hi, I have a CSV named Results2018. It has fields Group, Server, Issue. The field Issue has information about CPU ... by mbasharat Builder in Splunk Search 06-30-2018 0 6	0	6
How to configure Splunk statistics table to display more than 100 rows? Hi all, How to configure Splunk statistics table to display more than 100 rows? can this be achieved by editing a sp... by mjlsnombrado Communicator in Splunk Search 06-30-2018 1 1	1	1
Does a saved search get a new sid each time it runs? I'm trying to use the REST API to get the results of a search. I need to run a saved search daily and then extract t... by ericlarsen Path Finder in Splunk Search 06-30-2018 0 4	0	4
Confused with Trigger Conditions - Confused by Documentation I am reading the documentation at the following page: http://docs.splunk.com/Documentation/Splunk/7.1.1/Alert/AlertTr... by rogue_carrot Communicator in Splunk Search 06-30-2018 0 3	0	3
\| tstats to include data enrichment from a lookup Hi, How can I use a tstats search, to match against a result and then OUTPUT additional content from the lookup wher... by jacqu3sy Path Finder in Splunk Search 06-30-2018 0 3	0	3
Alternative of list(x) Is there any alternative to list() function as it has limitation to return only 100 values? i have a multivalue list ... by sindhoo Engager in Splunk Search 06-30-2018 0 5	0	5
If event X then event Y occurred Return no results, If just X occured return results I am trying to perform a search to return only results that are "Broke". Broke means Event 7000 with a specific Messa... by benj851 Explorer in Splunk Search 06-30-2018 0 3	0	3
How can i use a field value from lookup file to set my earliest time for search dynamically ? Hi, I have a PriorityEngines.csv lookup file like this - EngineName,TimePeriod Engine1,5 Engine2,10 Engine3,12 I hav... by Upas02 Path Finder in Splunk Search 06-30-2018 0 3	0	3
How to return events from a different time range dependent upon field value? Completely new to Splunk, and hoping to find help with a search I'm using for a dashboard, but cannot get this workin... by ShaunSutton New Member in Splunk Search 06-30-2018 0 4	0	4
adding multiple fields and value for fillnull Following search is working perfectly fine. If field1 is Null it gets substitute by RandomString1 search \| fillnull ... by ataunk Explorer in Splunk Search 06-30-2018 0 8	0	8
Using streamstats to track currently active values Given input like this: id, action, message 1, add, Adding this thing 2, add, Adding this other thing , ... by vbumgarner Contributor in Splunk Search 06-30-2018 3 19	3	19
How do scheduled searches work? General question about how scheduling searching behaves, we have a 3 node SH cluster and couple of indexers, and th... by perfecto25 Path Finder in Splunk Search 06-30-2018 0 6	0	6
OTHER option in timechart doesn't work Hi Splunkers, I have search like this: index="myindex" host="myhost" \| timechart span=1month latest(all_cnt) as "Num... by amresovci New Member in Splunk Search 06-30-2018 0 1	0	1
How to join two searches? Hi, I am trying to join two of my searches in splunk using a common field uniqueID but I am getting a error in Splunk... by Shashank_87 Explorer in Splunk Search 06-30-2018 0 4	0	4
How to access values from event in Splunk I want to access the values of the events that are coming after splunk search . Data is coming in below format on t... by gauravepi Path Finder in Splunk Search 06-30-2018 0 2	0	2
CIM version check How do you check your CIM version info if you are using Splunk Managed Cloud Service? by kevinleeV New Member in Splunk Search 06-30-2018 0 3	0	3
transaction alternative Have data in the following format ; 1:26:[06/28/2018][08:00:00.149][6959][3868982128][s537565/r17][servername1][filen... by jhnworks New Member in Splunk Search 06-30-2018 0 1	0	1