Splunk Search

Community Activity

How to merge two search heads to contain the same apps, alert, reports, dashboards, etc... ? I have two sh(s) both contain different apps, alerts, reports, dashboards, etc. I am going to upgrade SH-A(with 6.3... by Log_wrangler Builder in Splunk Search 06-05-2018 0 6	0	6
How to list all lookup files from an app? There are lots of posts about this topic; however, I used the rest command which was suggested from most of the posts... by splunkrocks2014 Communicator in Splunk Search 06-05-2018 0 1	0	1
How to get the number of events in a timechart query? Hi, I have a question about timechart query. Lets say I have a log line like: "I found XXX matches" How can I query... by niroren New Member in Splunk Search 06-05-2018 0 1	0	1
How to search in the subquery for join? I have a query that is similar to this: index=iot-productiondb source=Showers \| search serial_number="1006055" \| ren... by bshega Explorer in Splunk Search 06-05-2018 0 7	0	7
Event type disabled On the various dashboards created after the upgrade of the last Splunk Enterprice version (6.4.2) a yellow triangle i... by arkonner Path Finder in Splunk Search 06-05-2018 1 5	1	5
How to calculate the duration of a CRITICAL event? Is it possible to be able to calculate the total length of time that this host has had a CRITICAL status for if it? ... by davidcraven02 Communicator in Splunk Search 06-05-2018 0 5	0	5
I am combine two queries and calculating the percentage but. Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time) by rajhemant26 New Member in Splunk Search 06-05-2018 0 3	0	3
How to exclude field values from a column? sourcetype="rocket:access" (host="rocket0.painpoint.com" OR host="rocket5.painpoint.com") date_wday!=saturday AND dat... by zacksoft Contributor in Splunk Search 06-05-2018 0 11	0	11
Time Window feature Override with event time fields I have events that arrive present time but have time fields of something similar to index=idx_1 zone=aws event_type... by liondancer Explorer in Splunk Search 06-05-2018 0 0	0	0
How to extract fields from /services/authentication/current-context? Hello all, The command \| rest /services/authentication/current-context will return some fields like username, email... by Cbr1sg Path Finder in Splunk Search 06-04-2018 0 8	0	8
in Panel result getting unwanted "NaN" in search query getting correct result. in my Splunk query result getting result as "NaN" but i will run my query in search i will get correct result not Na... by anjneesharma New Member in Splunk Search 06-04-2018 0 6	0	6
How to configure Splunk with my python script for an external lookup? Hi, I want to build my own python code that gets parameter IP address, My script using IP2Location and return inform... by yko84108 New Member in Splunk Search 06-04-2018 0 2	0	2
SPL - Hard multisearch with reference to other events Good afternoon, I've got a quite hard task to solve with SPL. Here are JSON data: {"name":"A", "pairs":["A","B"]},... by Kozokkon Engager in Splunk Search 06-04-2018 0 2	0	2
How to use regex to obtain a single string from a string sequence? I have not used regex in my queries much. Any help in resolving this would be much helpful. I have the following lo... by Nidd Path Finder in Splunk Search 06-04-2018 0 4	0	4
Is it possible to use results_preview with a tstats search on a data model? I am running a Splunk query that looks like this below, and runs on an accelerated data model (this is not an exact q... by emiliavanderwer Explorer in Splunk Search 06-04-2018 0 0	0	0
Splunk compare date strings by queries I want to compare date strings by splunk queries please. I have 2 dropdown inputs. StartDate and EndDate I have belo... by h52huang Path Finder in Splunk Search 06-04-2018 0 1	0	1
How can I extract this field using REGEX (rex)? Hi, I have the below raw, I would like to extract MaximumBatchQuantity value, which is 20. Can someone help me with ... by sarathipattam New Member in Splunk Search 06-04-2018 0 7	0	7
Determining dates older than 90 days Hi. I have a Field called "Hire Date" The format for this appears as "4/10/2018 12:00:00 AM" Basically all the dat... by ajdyer2000 Path Finder in Splunk Search 06-04-2018 0 5	0	5
How to subtract the date in my search? How to subtract the below date? End Time is 2018-06-04-10.45.09 Start Time is 2018-06-04-10.45.00 End Tim... by abhi04 Communicator in Splunk Search 06-04-2018 0 3	0	3
What is this query executing? Please explain the below query and why the source i.e. source="dfw1lvpap415" is mentioned in the join ? index="auto_... by abhi04 Communicator in Splunk Search 06-04-2018 0 3	0	3
How to convert an IP Range to an enumerated list of IP Addresses? I am receiving a field that contains IP Addresses that look like this: 192.168.1.1-192.168.1.4. In order to make us... by arappeport Engager in Splunk Search 06-04-2018 0 4	0	4
How to calculate the linear regression coefficients in SPlunk? I have calculated the ten different percentiles of a response time field and want to make a linear regression of the ... by dragut New Member in Splunk Search 06-04-2018 0 4	0	4
eval of environment variables I am trying to get the content of dashboard panel translaed according to the env:locale value. In order to do this, ... by poete Builder in Splunk Search 06-03-2018 0 1	0	1
Search query - where after stats count command I'm trying to count the value of "name" field and to show results only where the count is greater than 1. My query i... by shayhibah Path Finder in Splunk Search 06-03-2018 1 3	1	3
Use streamstats to calculate 7 days average but only display last 24 hours I am using streamstats to calculate the average and standard deviation for past 7 days data by setting the timewindow... by SRF1LO Engager in Splunk Search 06-03-2018 0 1	0	1