Splunk Search

Community Activity

AWS Bill month to date problem. I am trying to build a query to display month to date usage cost per AvailabilityZone/Region. Unfortunately it won't ... by horizn New Member in Splunk Search 06-12-2018 0 0	0	0
Define IP subnet in ALARM FILTER Hello, I need to make this search-filter host=10.29.57.(128-255) AND "%ETHPORT-5-IF_*" OR "(Link failure)" OR "chang... by null0 New Member in Splunk Search 06-12-2018 0 4	0	4
Provide hyperlink in Email alert body Hi, I am using Splunk 6.2. My Email alert body looks like below. Is it possible to provide hyperlink to each count in... by anantdeshpande Path Finder in Splunk Search 06-12-2018 1 1	1	1
How to rename distinct_count() in a stats command I am running the following search: source="whatever.log" user != \- user != \auto request=GET \| stats distinct_cou... by russelljesse Explorer in Splunk Search 06-12-2018 0 2	0	2
Understanding bins and spans Hi, here is a query that is supposed to calculate a % of failed operations over a period of time (A message 'end' is ... by rnayshulis New Member in Splunk Search 06-12-2018 0 1	0	1
How to compare timestamps? I want to compare timestamps of two events and determine which happened first? I want to compare two values of _time field and tell which event occurred first. by sridhar2901 New Member in Splunk Search 06-12-2018 0 1	0	1
how to split the json with 3 levels into individual event to a tabular format I want to split the fields into individual event for the below Json file. by Rajkumarkbm22 New Member in Splunk Search 06-12-2018 0 1	0	1
Different query's based on the result of previous Token Hello, I have a doubt that I think it´s easy to respond, but until now, I have no results. I want to make an query t... by splunk_exercice New Member in Splunk Search 06-11-2018 0 2	0	2
Timewrap: Compare last 24 hours to the same day over the last 4 weeks I would like to compare the last 24 hours to the same day the previous 4 weeks. by RMoore01 New Member in Splunk Search 06-11-2018 0 6	0	6
tstats peformance issues: admin vs user Hi Splunk experts, I am running below query and the results get loaded much faster for admin users compared to regul... by dvg06 Path Finder in Splunk Search 06-11-2018 0 0	0	0
How to count events from 5 pm today to 5 am the next day? Hi Guys, Our operations changed their schedule from 5 pm to 5 am. How can I count events from these times daily? I ... by auaave Communicator in Splunk Search 06-11-2018 0 4	0	4
rex capture groups - windows file name and path I'm attempting to capture 2 groups; a windows path and filename. I've successfully written the rex syntax and it work... by brdr Contributor in Splunk Search 06-11-2018 0 2	0	2
How do I get the number of daily logins over all days since the first event? Sorry for the confusing title. I'm trying to find out: 1) How many days a user has logged on (doesn't matter how ma... by sharonmok Path Finder in Splunk Search 06-11-2018 1 5	1	5
command to check if a field is binary does splunk have a command that can check to see if a field is binary or has binary characters in it? by brdr Contributor in Splunk Search 06-11-2018 0 2	0	2
How can I find users who had a particular event occur more than once within X days? I want to get a list of all users who had a particular event occur less than 30 days apart. The events look roughly ... by braveterry Engager in Splunk Search 06-11-2018 0 2	0	2
Multiple failed logins to corporate wifi I wanted to go over the following use case idea I had that I’ve been working. Basically, I am looking to gather abnor... by Ghanayem1974 Path Finder in Splunk Search 06-11-2018 0 0	0	0
fill in 0 when there is no data i have an index that calc amount of events for a specific domain name this index have 3 fields: date,domain_name, eve... by mcohen13 Loves-to-Learn in Splunk Search 06-11-2018 0 7	0	7
I am trying to run CLI searches and output it to a file but its only giving 100 results. Hello Everyone, I am trying to run below query everyday at 6AM through CLI and output the result to new text file. B... by jsuryaprakash Path Finder in Splunk Search 06-11-2018 0 5	0	5
Compare multi value fields to get Count Hi, I have a multi value field which contains some product codes separated by a code. Now the 2 events can have the s... by Shashank_87 Explorer in Splunk Search 06-11-2018 0 4	0	4
Lookup OUTPUTNEW Behavior Hello, I have a wrong behavior on lookup command with OUTPUTNEW options. What I'm trying to achieve is to update th... by olivier_ma Explorer in Splunk Search 06-11-2018 0 4	0	4
When the value is not showed in the result also i need to dispaly value as 0 in the result set .. In the below query. When i filter the sectodate count greater than 5. I’m missing the count of values “Cool","Super .... by Shan Builder in Splunk Search 06-11-2018 0 4	0	4
RegEx Extract value after string I'm trying to build an extraction to find the uptime from this data (example below) .1.3.6.1.4.1.789 Enterprise Spec... by arrowecssupport Communicator in Splunk Search 06-11-2018 0 1	0	1
"status = 404" does not appear in the field status. Hi, there! I installed the "Splunk Forwarder" on an Apache web server configured as "access_combined". The logs are ... by cesarfabre Explorer in Splunk Search 06-11-2018 0 1	0	1
Correct Search string for Memory and CPU utilization Hello, I am trying to create a dashboard report of CPU Utilization and Memory used for each of my application comp... by anzar_ahsan New Member in Splunk Search 06-11-2018 0 1	0	1
How to get filtered data with spath? I am trying to build stats for a set of JSON data which looks like this: { "ts":1527498793267, "version":"1.12... by developer_de New Member in Splunk Search 06-11-2018 0 2	0	2