Splunk Search

Community Activity

Understanding bins and spans Hi, here is a query that is supposed to calculate a % of failed operations over a period of time (A message 'end' is ... by rnayshulis New Member in Splunk Search 06-12-2018 0 1	0	1
How to compare timestamps? I want to compare timestamps of two events and determine which happened first? I want to compare two values of _time field and tell which event occurred first. by sridhar2901 New Member in Splunk Search 06-12-2018 0 1	0	1
how to split the json with 3 levels into individual event to a tabular format I want to split the fields into individual event for the below Json file. by Rajkumarkbm22 New Member in Splunk Search 06-12-2018 0 1	0	1
Different query's based on the result of previous Token Hello, I have a doubt that I think it´s easy to respond, but until now, I have no results. I want to make an query t... by splunk_exercice New Member in Splunk Search 06-11-2018 0 2	0	2
Timewrap: Compare last 24 hours to the same day over the last 4 weeks I would like to compare the last 24 hours to the same day the previous 4 weeks. by RMoore01 New Member in Splunk Search 06-11-2018 0 6	0	6
tstats peformance issues: admin vs user Hi Splunk experts, I am running below query and the results get loaded much faster for admin users compared to regul... by dvg06 Path Finder in Splunk Search 06-11-2018 0 0	0	0
How to count events from 5 pm today to 5 am the next day? Hi Guys, Our operations changed their schedule from 5 pm to 5 am. How can I count events from these times daily? I ... by auaave Communicator in Splunk Search 06-11-2018 0 4	0	4
rex capture groups - windows file name and path I'm attempting to capture 2 groups; a windows path and filename. I've successfully written the rex syntax and it work... by brdr Contributor in Splunk Search 06-11-2018 0 2	0	2
How do I get the number of daily logins over all days since the first event? Sorry for the confusing title. I'm trying to find out: 1) How many days a user has logged on (doesn't matter how ma... by sharonmok Path Finder in Splunk Search 06-11-2018 1 5	1	5
command to check if a field is binary does splunk have a command that can check to see if a field is binary or has binary characters in it? by brdr Contributor in Splunk Search 06-11-2018 0 2	0	2
How can I find users who had a particular event occur more than once within X days? I want to get a list of all users who had a particular event occur less than 30 days apart. The events look roughly ... by braveterry Engager in Splunk Search 06-11-2018 0 2	0	2
Multiple failed logins to corporate wifi I wanted to go over the following use case idea I had that I’ve been working. Basically, I am looking to gather abnor... by Ghanayem1974 Path Finder in Splunk Search 06-11-2018 0 0	0	0
fill in 0 when there is no data i have an index that calc amount of events for a specific domain name this index have 3 fields: date,domain_name, eve... by mcohen13 Loves-to-Learn in Splunk Search 06-11-2018 0 7	0	7
I am trying to run CLI searches and output it to a file but its only giving 100 results. Hello Everyone, I am trying to run below query everyday at 6AM through CLI and output the result to new text file. B... by jsuryaprakash Path Finder in Splunk Search 06-11-2018 0 5	0	5
Compare multi value fields to get Count Hi, I have a multi value field which contains some product codes separated by a code. Now the 2 events can have the s... by Shashank_87 Explorer in Splunk Search 06-11-2018 0 4	0	4
Lookup OUTPUTNEW Behavior Hello, I have a wrong behavior on lookup command with OUTPUTNEW options. What I'm trying to achieve is to update th... by olivier_ma Explorer in Splunk Search 06-11-2018 0 4	0	4
When the value is not showed in the result also i need to dispaly value as 0 in the result set .. In the below query. When i filter the sectodate count greater than 5. I’m missing the count of values “Cool","Super .... by Shan Builder in Splunk Search 06-11-2018 0 4	0	4
RegEx Extract value after string I'm trying to build an extraction to find the uptime from this data (example below) .1.3.6.1.4.1.789 Enterprise Spec... by arrowecssupport Communicator in Splunk Search 06-11-2018 0 1	0	1
"status = 404" does not appear in the field status. Hi, there! I installed the "Splunk Forwarder" on an Apache web server configured as "access_combined". The logs are ... by cesarfabre Explorer in Splunk Search 06-11-2018 0 1	0	1
Correct Search string for Memory and CPU utilization Hello, I am trying to create a dashboard report of CPU Utilization and Memory used for each of my application comp... by anzar_ahsan New Member in Splunk Search 06-11-2018 0 1	0	1
How to get filtered data with spath? I am trying to build stats for a set of JSON data which looks like this: { "ts":1527498793267, "version":"1.12... by developer_de New Member in Splunk Search 06-11-2018 0 2	0	2
help regex hello in a log file i want to extract every tetx which starts with EU\SH but i dont succeed could you help me please?... by jip31 Motivator in Splunk Search 06-10-2018 0 3	0	3
Lookup error: Could not find all of the specified lookup fields Hi! I'm trying to use lookup table but I get the error I wrote in the title. My .conf files are props.conf: [mobile... by emaccaferri Communicator in Splunk Search 06-10-2018 0 7	0	7
How to create a new _time field by merging two separate fields I have a sample event log below: 2018-05-04 06:59:50 AAA="1", BBB="2", CCC="3", XXX="70029", ZZZ="2018-05-04 00:00:0... by dailv1808 Path Finder in Splunk Search 06-10-2018 0 1	0	1
Spliting a transaction from multiple events in a column, to seperate columns So i'm looking to find users that are going from Building A --> to Building B.. Problem is the transaction is showin... by Sp3ctre1 New Member in Splunk Search 06-10-2018 0 0	0	0