Splunk Search

Community Activity

How to calculate multiple fields total count? I have following fileds, I want to calculate the total f count: (count(f1)+count(f2)+count(f3)+count(f4))=3+3+2+1=9. ... by Min1025 Explorer in Splunk Search 06-19-2018 0 2	0	2
Why does the DBX read count and write count doesn't match and is throwing an error? I have a DBX 3.1.2 job that's failing at some point along the way. I don't get any error messages (everything is set ... by BenjaminWyatt Communicator in Splunk Search 06-19-2018 0 3	0	3
Want to condition match when a value is a single asterisk Have tried every combination I can think of. Want to set some tokens in a when the value is a single asterisk. As a... by simpkins1958 Contributor in Splunk Search 06-19-2018 0 5	0	5
How do I set an alert when 95th percentile is over the threshold? Hi all, Here is my base search index=java location=APICall api_method=POST Duration \|stats median(Duration) as... by mlui_2 Explorer in Splunk Search 06-19-2018 2 3	2	3
if .csv file is empty how to get correct result in search For one of my dashboards I am working with .csv files which are generated every day. these contain certain failures f... by Mike6960 Path Finder in Splunk Search 06-19-2018 0 4	0	4
Regex isnt working for my search string I want to extract a field from the log event using regex .following is the sample log event , can someone tell me how... by navd New Member in Splunk Search 06-19-2018 0 1	0	1
What are the limitations regarding lookups? Hey there. This isn't a specific code question but rather a more general question regarding limitations of lookups. F... by DerBastler New Member in Splunk Search 06-19-2018 0 2	0	2
How do you handle multiple sanitizations in the same regex? Hi all, I have the following data being indexed by splunk: POST /somendpoint.asmx HTTP/1.1 Host: somehost Connect... by zhatsispgx Path Finder in Splunk Search 06-19-2018 0 2	0	2
Flattening Hierarchical Relationships without transaction or join I'm looking for an efficient way to build multiple parent child event pairs into a flat string of parent,children,gra... by ErikaE Communicator in Splunk Search 06-19-2018 1 2	1	2
How to create a different search for each column in a chart? I would like to have a chart that shows the different values (I used a unique field extraction for this) found and di... by link22 Explorer in Splunk Search 06-19-2018 0 2	0	2
Joining 2 events that have different content [updated the question based on feedback] I am trying to join events from these 2 log entries Events of Type 1 dateTi... by patb23 Engager in Splunk Search 06-19-2018 0 4	0	4
How to perform subtraction on results? I'm currently using this in a search: index=OS sourcetype=cpu \| timechart avg(pctIdle) by host This typically gives ... by brosselle New Member in Splunk Search 06-19-2018 0 3	0	3
How to use eval for basic search terms (NOT fields)? So I want to get the stats count of two search terms in a search that looks like this: index=myIndex "searchTermA" OR... by link22 Explorer in Splunk Search 06-19-2018 0 2	0	2
Change x axis _time display to weekly instead of daily So I'm aiming for a month's worth of data to be displayed as "Week 1, Week 2, Week 3, Week 4" instead of by "Apr 13, ... by link22 Explorer in Splunk Search 06-19-2018 0 3	0	3
centralize search queries with links Hello community, I'm currently building an application for a customer. Since the needs of the customer are steadily ... by at1ll3y New Member in Splunk Search 06-19-2018 0 1	0	1
What indexes are included in search by default? Hi, I was in the process of changing the index that certain events write to and came across a problem with a query I... by dswanson99 Path Finder in Splunk Search 06-19-2018 1 6	1	6
Change X Axis Display to Week Instead of Day I have the x axis of my search displaying by week however I do not want this format: Apr 23 Apr 30 etc. I have my c... by link22 Explorer in Splunk Search 06-19-2018 0 3	0	3
In a tstats query, how to discover the username's line manager which is listed in the lookup? Hello, I have a tstats query running which returns the data. I then want to look up the username returned as part of... by griggsy New Member in Splunk Search 06-19-2018 0 11	0	11
Search Query when having multiple right boundaries. Hi i would like to get the commands from the below pattern. For example i am looking for search, content, gcom.sugges... by xvxt006 Contributor in Splunk Search 06-19-2018 0 4	0	4
How to use group by aggregate function in 'tstats' query when field value in some events in null?? I want to use group by aggregate function with a field called "field1". Some events in my data donot consists of thi... by darshildave Explorer in Splunk Search 06-19-2018 0 1	0	1
How to give a time value to a field with eval command? Hey I want to create a field with a time value using following commend \| inputlookup task_time_worked.csv \| eval de... by samlinsongguo Communicator in Splunk Search 06-19-2018 0 3	0	3
saved search with conditions Hi - I am try to build a saved search that has conditions so that the full search only executes when all conditions a... by skelly99 Explorer in Splunk Search 06-19-2018 0 0	0	0
Can I table the output on conditional basis? index=adjusted\| eval Variance=TOTAL_PAID_DRVR_MINUTE_CNT-PLAN_PAID_DRVR_MINUTE_CNT\|eval test=if(Variance>=120,[search... by ppanchal Path Finder in Splunk Search 06-18-2018 0 1	0	1
How to take a result from one search into another search Hi, I'm trying to see if there is an easy way to take a result from event error codes, attempting to logon a disabled... by ejans100 Observer in Splunk Search 06-18-2018 0 1	0	1
Is it possible to pass dynamic field name to kvstore lookup? Hi All, I need to lookup a value on three different kvstore fields based on its regex format. Is it possible to pass... by Murali2888 Communicator in Splunk Search 06-18-2018 0 0	0	0