Splunk Search

Community Activity

Increase count by 1 for every 10 Minutes Hi All, index="XXX" \|stats latest(_time) as last_seen,values(ID) as ID, count by IP_Add \| eval Filter=if(count%2=... by denamza New Member in Splunk Search 06-13-2018 0 2	0	2
How do I use rex command here? sample event: fullFormattedMessage: Device naa.60000970000297500017533030313231 performance has improved. I/O lat... by harshal94 Engager in Splunk Search 06-13-2018 0 2	0	2
how to convert days,minutes,hours and seconds to just seconds format to obtain the visualization? I have a simple lookup query as follows :- \| inputlookup ABC.csv which gives the result as follows :- Which does... by pavanae Builder in Splunk Search 06-13-2018 0 4	0	4
Calculate Time Difference between multiple event I have a use case to calculate time difference between four events. The first event is when the server receives a req... by chidex New Member in Splunk Search 06-13-2018 0 6	0	6
How to decrease the max size of index without changing data I have an index that contains 151GB data. Now, I want to change the Max Size from 500GB to 50GB. Will I lose some dat... by yxh545869419 New Member in Splunk Search 06-13-2018 0 2	0	2
Running phone uri=/services/broker/phonehome/connection is the only stanza in splunkd logs but not able to get the data Can some one help me, As I am not able to query the logs in my search head console. I dont have any errors in my splu... by RBADAMSU New Member in Splunk Search 06-13-2018 0 3	0	3
Can you combine fields from multiple search in one table? Hi I'm trying to combine fields in multiple search result in one output table as overall result, for example: Searc... by roopasree Engager in Splunk Search 06-13-2018 0 4	0	4
Where _time > 3/22/2018 I have events that only time stamp is the Splunk generated _time and I only need to return events after a certain dat... by griffinpair Path Finder in Splunk Search 06-12-2018 1 2	1	2
Dynamically populate and remove lookup entries We are attempting to replicate ArcSight's 'active list' functionality in Splunk. Is there a straight-forward means o... by dflodstrom Builder in Splunk Search 06-12-2018 0 4	0	4
How to fetch relative fields out of timechart result based on Max(column) ? I have requirement where in i have to display in a timerange, what is the peak number of request per min and correspo... by sangs8788 Communicator in Splunk Search 06-12-2018 0 2	0	2
Create Search, table and drilldown with events multivalues Hi, I have this log with the following structure. 12/06/2018 08.00:58.330 [[ACTIVE] Executetheread: '4' for queue... by Carolina Engager in Splunk Search 06-12-2018 0 5	0	5
Reduce number of searches I have about 20 searches going on in my dashboard which seems to have really slowed down the dashboard. I am trying ... by angersleek Path Finder in Splunk Search 06-12-2018 0 5	0	5
How to only include business days (excl. Sat & Sun) in my following query? Hi everyone! Recently, I got help on a query and it did what it was supposed to perfectly. Basically, I wanted to see... by sharonmok Path Finder in Splunk Search 06-12-2018 0 1	0	1
How to use timechart with counters? HI everyone I have two queries that returns an total accumulated of transactions. host="konecta-marketing" "reques... by cleal New Member in Splunk Search 06-12-2018 0 3	0	3
Dedup Sortby not working? I am trying to exclude duplicate events- first I want to only include the most recent event for each combination of v... by Tedesco1 Path Finder in Splunk Search 06-12-2018 0 8	0	8
How to include an app name as a part of the search query? Is there a way by which I can get the app name as the part of the search query. Something like index=myindex \| eval ... by nibinabr Communicator in Splunk Search 06-12-2018 2 9	2	9
Visualizations: Can eval tag (calculating token values) be used inside init, selection, progress or done? All this is happening in Splunk 6.6.2: I have a relatively complex form, with a timechart and a drilldown from it se... by arkadyz1 Builder in Splunk Search 06-12-2018 0 3	0	3
Getting user count Our logs contain user name and the corresponding agile-board he used. A user might have used multiple agile-boards ; ... by zacksoft Contributor in Splunk Search 06-12-2018 0 5	0	5
Loop to select a Range of values and display. Hi Team, I am trying to design a query here, i have a list of vales as below the requirement is that i wanna... by Vigneshprasanna Explorer in Splunk Search 06-12-2018 0 7	0	7
How to filter multiple regex condition and create column on basis of condition? I have a big table of many fields. From there I want to mark result. I have a lookup conditions, if those conditions... by anirban_nag Explorer in Splunk Search 06-12-2018 0 2	0	2
Convert _time to different time zone while searching I have a Splunk cloud instance getting data from multiple forwarders across globe from different time zone. I do have... by santosh_sshanbh Path Finder in Splunk Search 06-12-2018 0 3	0	3
AWS Bill month to date problem. I am trying to build a query to display month to date usage cost per AvailabilityZone/Region. Unfortunately it won't ... by horizn New Member in Splunk Search 06-12-2018 0 0	0	0
Define IP subnet in ALARM FILTER Hello, I need to make this search-filter host=10.29.57.(128-255) AND "%ETHPORT-5-IF_*" OR "(Link failure)" OR "chang... by null0 New Member in Splunk Search 06-12-2018 0 4	0	4
Provide hyperlink in Email alert body Hi, I am using Splunk 6.2. My Email alert body looks like below. Is it possible to provide hyperlink to each count in... by anantdeshpande Path Finder in Splunk Search 06-12-2018 1 1	1	1
How to rename distinct_count() in a stats command I am running the following search: source="whatever.log" user != \- user != \auto request=GET \| stats distinct_cou... by russelljesse Explorer in Splunk Search 06-12-2018 0 2	0	2