Splunk Search

Community Activity

How to sort group by results? For example: raw data is 100,x,info=1,error=1,warn=1 101,x,info=1,error=1,warn=1 101,y,info=1,error=2,warn=1 101,y,... by ramki1459 Explorer in Splunk Search 06-07-2018 0 2	0	2
How to write a search using my sample test data to get the expected table of results? Hi Team, I'm Facing issue in designing a query for the following requirement : Sample data : Test data : 2017-08... by Vigneshprasanna Explorer in Splunk Search 06-07-2018 0 4	0	4
How can I chart queries over time? I have a query that end with \| table jra_conn bam_conn bib_conn jra_conn, bam_conn, bib_conn are not Splunk fields... by zacksoft Contributor in Splunk Search 06-07-2018 0 13	0	13
Search taking much time in different app than the search app I have a Dashboard that when i open in the search app it show the results quickly, but when i open in other one it ta... by Valdemir_Splunk Explorer in Splunk Search 06-07-2018 0 1	0	1
Why do the REST API and Splunk GUI give different results for the same query? When I run the query search index=* sourcetype="XXX" earliest=-7d@d latest=-6d@d \| stats count via the REST API, I ge... by btoomey New Member in Splunk Search 06-07-2018 0 0	0	0
How do I clean metadata after deleting the eventdata for a particular source Hello, I indexed data using files and directory monitor to index multiple files in a folder. I later deleted the dat... by sanurd Path Finder in Splunk Search 06-07-2018 2 3	2	3
How to typecast integer to string and save that to a new field? I have a numeric field that needs to be string to put be CIM compliant. I tried using tostring, but it still shows u... by DEAD_BEEF Builder in Splunk Search 06-07-2018 0 0	0	0
Joining multiple tables - about 3 or more tables I have about 4 different tables that i am trying to join table 1 and table two have a common id, sys_id and when yo... by Bentash Explorer in Splunk Search 06-07-2018 0 2	0	2
I'm not able to exclude maintenance time from my events when I use inputlookup. Any tips? I used this query: index="abc" source="xyz" \| search [inputlookup example] \| eval End=strptime("End_Date_Time","%Y/%... by tchintam Path Finder in Splunk Search 06-07-2018 0 22	0	22
return function on field with spaces Hello - searched, but no answer found. ...\| return 10 "Name of Field" Gives: Name="" of="" Field="" I know that ... by kwanx Explorer in Splunk Search 06-07-2018 0 9	0	9
how to expand multi value fields with different values in column values Dear Experts, Please provide a valuable solution for my problem. I am having the fields from JSON which is having mu... by Rajkumarkbm22 New Member in Splunk Search 06-07-2018 0 3	0	3
Can i use comparations and conditional like function with search Hi team i would like to use something like that \| eval foo=if(like(Description,"%[search index=prueba \| fields u_id_... by evinasco Communicator in Splunk Search 06-07-2018 0 2	0	2
What sort of regular expressions does splunk use? Just curious about this. Most of the regular expressions I see splunk use look nothing like standard/posix regular ex... by msarro Builder in Splunk Search 06-07-2018 4 8	4	8
How to write this type of return query? My query is: search[\|inputlookup abc \| stats count(Numbers) as sum\| eval end=strptime(End_Date_Time,"%Y/%m/%d %H:%M:... by tchintam Path Finder in Splunk Search 06-07-2018 0 4	0	4
Skipped SavedSearches Hi! I get sometimes messages that some savedsearches are skipped. The only information what I get is an event in th... by RobertRi Communicator in Splunk Search 06-07-2018 0 2	0	2
Combine 2 separate searches and display on a single Time Chart I am trying to combine the results from 2 different search queries into a single time chart. I am using "Shared Time ... by angersleek Path Finder in Splunk Search 06-07-2018 0 1	0	1
Data count issues using \| where _time>=info_min_time AND (_time<=info_max_time OR info_max_time="+Infinity") on a .csv to be able to search based on time Using \| where _time>=info_min_time AND (_time<=info_max_time OR info_max_time="+Infinity") on a .csv to be able to se... by Bentash Explorer in Splunk Search 06-07-2018 0 12	0	12
how to expand multi value fields with different formats Hi , I want to expand as erach event for the attached example by Rajkumarkbm2 Explorer in Splunk Search 06-07-2018 0 2	0	2
Search earliest"-10m" based on a datetime field from the event and not from the indexed time Hi, i want to search the events from the last 10 minutes based on the secondary datetime field from a event. Normal... by criedman Explorer in Splunk Search 06-07-2018 0 2	0	2
Show the a particular percentage using Single Value Hello Splunkers, I've been trying to show in a Single Value Visualization 3 different percentage values. My search ... by JRamirezEnosys Explorer in Splunk Search 06-07-2018 0 5	0	5
Chart for Events falling within same time I have events event_starttime, event_endtime, event_duration, event_name I want chart of events falling in common ti... by manuarora12 New Member in Splunk Search 06-07-2018 0 3	0	3
Lookup Tabel with UrLs Looking for assistance in creating a lookup table with UrLs, my syntax below does not work. Any ideas on how to use a... by tmwhitm New Member in Splunk Search 06-07-2018 0 4	0	4
How to form key, value pairs from 2 multivalue fields? Hi I am trying to extract data from 2 multivalue fields and trying to form key value pair, for example, I have data s... by ramki1459 Explorer in Splunk Search 06-07-2018 0 1	0	1
Merge dataset from tstat with data from external *.csv file. Hello, I have to merge dataset with data from csv file. CSV file is well added. Dataset: ACTION, CLASS, CURRENT_PA... by Czakanski Engager in Splunk Search 06-07-2018 0 10	0	10
How to take the values from lookup file as an input to a search query I am trying to take the value of a field from the lookup file and passing that as an input value to a field in my sea... by akarivaratharaj Communicator in Splunk Search 06-07-2018 0 13	0	13