Splunk Search

Community Activity

Using lookup table as source for search I am looking for a way to perform a search and produce results matching search results against a lookup table or vice... by tmwhitm New Member in Splunk Search 06-06-2018 0 3	0	3
Timechart grouping I am trying to analyze patterns of heap usage by Java Virtual Machine (JVM) level and 5 jvms grouped as a host. Now I... by kmahamkali New Member in Splunk Search 06-06-2018 0 11	0	11
How to reformat the table output? \| base query with some eval commands \| table a_snake, a_cat, a_dog, b_snake, b_cat, b_dog, c_snake, c_cat, c_dog H... by zacksoft Contributor in Splunk Search 06-06-2018 0 4	0	4
How to get the overall average and average per 5 minutes on a Time Chart? I have a timechart which currently outputs the average value for every 5 minutes over a period of time for the field ... by angersleek Path Finder in Splunk Search 06-06-2018 1 1	1	1
extract fields from csv file preamble I have a csv file where the column header is on the fourth line. Before that are several interesting fields which i w... by dominiquevocat SplunkTrust in Splunk Search 06-06-2018 1 13	1	13
Search shows no results but there is 1 count I have a list of services named Service1, Service2, Service3, Service4. When I do a search as follows over past 60 m... by angersleek Path Finder in Splunk Search 06-06-2018 0 6	0	6
How to work on the latest event only? I have my query ready which essentially extracts some fields and displays in a table. But I want to work on the lates... by zacksoft Contributor in Splunk Search 06-06-2018 0 6	0	6
How to add css to table inside a popup modal Hi all, I have created a dashboard with a pop-up modal, I want to add css on the table inside the pop up modal, the ... by mjlsnombrado Communicator in Splunk Search 06-06-2018 0 7	0	7
Based on the current query need to show data -2weeks and +2weeks Hi All, Need you inputs based on the below query i need to display output such as it should be -2w and +2weeks : \|... by rijinc Explorer in Splunk Search 06-06-2018 0 0	0	0
Missing starting characters in a field Hi , I am facing a strange issue like missing 2 starting characters in a field.My data is coming as a view from data... by umsundar2015 Path Finder in Splunk Search 06-06-2018 0 4	0	4
Need regex help I am runnning below query to get zipCode and Zipcount but the result is not coming. Can somebody help ? index=orion-... by pswalia06 Explorer in Splunk Search 06-05-2018 0 3	0	3
How to change the _time to values inside the event data? I want to make area graphs of data usage on individual servers based on the timestamp given in the event data and not... by twmoffit Explorer in Splunk Search 06-05-2018 0 9	0	9
How to edit my search using a start time and an end time to list the duration in my results? The below query gave me Start time, end time grouped by Job name. I want to also list the duration by subtracting end... by abhi04 Communicator in Splunk Search 06-05-2018 0 12	0	12
Calculate delta of numeric field of events paired together by transaction I am trying to calculate the difference between the values of fields that are grouped together by transaction. I am ... by jkimmel6 Explorer in Splunk Search 06-05-2018 0 7	0	7
How can we include sourcetype in the beginning of subdirectories and still have optimal searches in HUNK? We currently are using MapR and HUNK to index files of the structure: /user/mapr/(sourcetype)/(year)/(month)/(day)/(... by EricLloyd79 Builder in Splunk Search 06-05-2018 0 2	0	2
Can Splunk filter/match events and bring back neighbouring events like GNU grep? Hi, We would like to be able to search a log file for a certain pattern or string, and then be able to return neighb... by Glenn Builder in Splunk Search 06-05-2018 14 18	14	18
How to merge two search heads to contain the same apps, alert, reports, dashboards, etc... ? I have two sh(s) both contain different apps, alerts, reports, dashboards, etc. I am going to upgrade SH-A(with 6.3... by Log_wrangler Builder in Splunk Search 06-05-2018 0 6	0	6
How to list all lookup files from an app? There are lots of posts about this topic; however, I used the rest command which was suggested from most of the posts... by splunkrocks2014 Communicator in Splunk Search 06-05-2018 0 1	0	1
How to get the number of events in a timechart query? Hi, I have a question about timechart query. Lets say I have a log line like: "I found XXX matches" How can I query... by niroren New Member in Splunk Search 06-05-2018 0 1	0	1
How to search in the subquery for join? I have a query that is similar to this: index=iot-productiondb source=Showers \| search serial_number="1006055" \| ren... by bshega Explorer in Splunk Search 06-05-2018 0 7	0	7
Event type disabled On the various dashboards created after the upgrade of the last Splunk Enterprice version (6.4.2) a yellow triangle i... by arkonner Path Finder in Splunk Search 06-05-2018 1 5	1	5
How to calculate the duration of a CRITICAL event? Is it possible to be able to calculate the total length of time that this host has had a CRITICAL status for if it? ... by davidcraven02 Communicator in Splunk Search 06-05-2018 0 5	0	5
I am combine two queries and calculating the percentage but. Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time) by rajhemant26 New Member in Splunk Search 06-05-2018 0 3	0	3
How to exclude field values from a column? sourcetype="rocket:access" (host="rocket0.painpoint.com" OR host="rocket5.painpoint.com") date_wday!=saturday AND dat... by zacksoft Contributor in Splunk Search 06-05-2018 0 11	0	11
Time Window feature Override with event time fields I have events that arrive present time but have time fields of something similar to index=idx_1 zone=aws event_type... by liondancer Explorer in Splunk Search 06-05-2018 0 0	0	0