Splunk Search

Community Activity

How to convert the values of multiple fields to number? Hi All, Good day! I just want to ask for some help here.  I have multiple fields with the data I'm working on wit... by jvmerilla Path Finder in Splunk Search 06-14-2018 1 5	1	5
Subsearch Not Filtering Results I am trying to pull a list of filtered IPs from one index and then use that list as a reference to see external traff... by jcullins21 New Member in Splunk Search 06-14-2018 0 2	0	2
Line chart does not display the value zero even after setting the code to use one decimal place Hello, Seeking for any assistance on the issue I am encountering. Issue: Line chart does not display the value zer... by marklindo New Member in Splunk Search 06-13-2018 0 8	0	8
How to separate rows as column? I have trouble in manipulating the table Date contains (index, name, date). name ..... date ................ coun... by apple143 Engager in Splunk Search 06-13-2018 0 7	0	7
Why is my search resulting in "Regex: UTF-8 error: isolated byte with 0x80 bit set error" \| tstats count(host) as count WHERE index=* earliest=-1d@d latest=@d by host\|search [\|inputlookup mylast\|fields host... by saisrujan28 Explorer in Splunk Search 06-13-2018 0 6	0	6
How to get value of a field corresponding to max value of another field Hi, I have a table with the fields 'loadtime', 'application', and 'user'. First I want to compute the maximum value o... by ggangwar Path Finder in Splunk Search 06-13-2018 0 7	0	7
Average on a value over time Hi, I have this query (yes I know its ugly but it works  ) . What I need to do is present the current RSSI value (t... by dbcase Motivator in Splunk Search 06-13-2018 0 6	0	6
Returning Non-Duplicates from a table My data tells me if counts on a specific server are timing out, and we are trying to set up an alert for when this oc... by brajaram Communicator in Splunk Search 06-13-2018 0 5	0	5
Retrieve the Data from multiple searches Hi, I have something like this - Search 1 - for media customers - Summary Index A - contains data from 20th May till... by Shashank_87 Explorer in Splunk Search 06-13-2018 0 1	0	1
SPLUNK_BINDIP, web and daemon don't agree I've quickly skimmed through the answers already here, and not found a corresponding answer, although there is a ques... by grijhwani Motivator in Splunk Search 06-13-2018 1 2	1	2
Need to omit events with specific strings (info or debug) in them. I am trying to prevent debug and info events from getting logged into splunk. I created an inputs.conf and used black... by Arpit_S Path Finder in Splunk Search 06-13-2018 0 2	0	2
Eval and match create a new field I have fields like Uid and Case If the case is authentication then then my new field has to show Uid number. Case.... by Splunk_rocks Path Finder in Splunk Search 06-13-2018 0 4	0	4
Search String \| metadata type=sourcetypes index=_internal Search String \| metadata type=sourcetypes index=_internal , what is its meaning here. by lmjoin Explorer in Splunk Search 06-13-2018 0 1	0	1
How do you concatenate strings of two multi-value fields together to make one mv field? I have two multi-value fields, one contains addresses and the other contains the date and time an event occurred at s... by pjdwyer Explorer in Splunk Search 06-13-2018 0 2	0	2
regex for TIME_FORMAT in epoch milliseconds time Hey There ! I have this sort of entry in my event : startedTime: 1528840802983 this is in epoch time I was try... by Mohsin123 Path Finder in Splunk Search 06-13-2018 0 6	0	6
Case condition check issue Application logs execution time for many apis. I am interested in 2 apis with following urls. /apis/deviceservice/2.0... by mugilbala Engager in Splunk Search 06-13-2018 0 6	0	6
query a field with result from another query Hello all, I have query1 looks like below: <query1> \| fields dialog1 \| table dialog1 I want to have query2 to sear... by Cbr1sg Path Finder in Splunk Search 06-13-2018 0 3	0	3
Increase count by 1 for every 10 Minutes Hi All, index="XXX" \|stats latest(_time) as last_seen,values(ID) as ID, count by IP_Add \| eval Filter=if(count%2=... by denamza New Member in Splunk Search 06-13-2018 0 2	0	2
How do I use rex command here? sample event: fullFormattedMessage: Device naa.60000970000297500017533030313231 performance has improved. I/O lat... by harshal94 Engager in Splunk Search 06-13-2018 0 2	0	2
how to convert days,minutes,hours and seconds to just seconds format to obtain the visualization? I have a simple lookup query as follows :- \| inputlookup ABC.csv which gives the result as follows :- Which does... by pavanae Builder in Splunk Search 06-13-2018 0 4	0	4
Calculate Time Difference between multiple event I have a use case to calculate time difference between four events. The first event is when the server receives a req... by chidex New Member in Splunk Search 06-13-2018 0 6	0	6
How to decrease the max size of index without changing data I have an index that contains 151GB data. Now, I want to change the Max Size from 500GB to 50GB. Will I lose some dat... by yxh545869419 New Member in Splunk Search 06-13-2018 0 2	0	2
Running phone uri=/services/broker/phonehome/connection is the only stanza in splunkd logs but not able to get the data Can some one help me, As I am not able to query the logs in my search head console. I dont have any errors in my splu... by RBADAMSU New Member in Splunk Search 06-13-2018 0 3	0	3
Can you combine fields from multiple search in one table? Hi I'm trying to combine fields in multiple search result in one output table as overall result, for example: Searc... by roopasree Engager in Splunk Search 06-13-2018 0 4	0	4
Where _time > 3/22/2018 I have events that only time stamp is the Splunk generated _time and I only need to return events after a certain dat... by griffinpair Path Finder in Splunk Search 06-12-2018 1 2	1	2