Splunk Search

Community Activity

How can you filter a transaction where at least one of the paired events matches the criteria? I have a transaction that pairs events based on three fields. Is it possible to then filter the results so that it o... by jkimmel6 Explorer in Splunk Search 06-02-2018 0 2	0	2
How to replace an alphanumeric string in a field? I have query to count the URIs but in some places there are dynamic values so I am trying to replace dynamic values w... by saibalabadra New Member in Splunk Search 06-02-2018 0 3	0	3
trying to return 0 with stats and group by in Search I am trying to run a search query where expected value is '0' when a process is not running. It won't populate '0' wh... by pratik420 New Member in Splunk Search 06-01-2018 0 4	0	4
Trying to extract from similar events in log file using regex I have two distinct events in an application log file: (see below). The events are multiline and seperated by a line... by jd0323fhl Explorer in Splunk Search 06-01-2018 0 1	0	1
Do we have any search query which tells dashboards not being used since more than 30 days? We are looking for some stats which tell dashboards name that are not being used since last 30 days for some clean up... by manishmittal12 Explorer in Splunk Search 06-01-2018 2 1	2	1
How to calculate the number of CPU cores for cluster, over time? This should be a simple query but I seem unable to get the correct results when I try and display over time. This se... by johnansett Communicator in Splunk Search 06-01-2018 0 4	0	4
calculate percentage of multiple columns and then create a chart I have a query (pasted below) that counts occurrence of different strings within the same field called Variable10. I ... by mmdacutanan Explorer in Splunk Search 06-01-2018 0 3	0	3
How to combine multiple fields filtering to create a new eval variable? Hi , i have the following fields (host id time) and 6 records host \| id **** *************** A \| 3 A ... by cheokiie Engager in Splunk Search 06-01-2018 0 2	0	2
auto increment on query Hello, I'am writing a query to retrieve comments of my clients This is my query \| eval q_commentaireSupplementaire=... by taha13 Explorer in Splunk Search 06-01-2018 0 6	0	6
Splunk case statement to count values based on field name Hi team, there are three fields in source "app1.csv" (CUST_ID,ACCT_ID,SUBSCRIP_ID). There is no other field in this t... by anantdeshpande Path Finder in Splunk Search 06-01-2018 0 3	0	3
In timechart query plot the difference of values from two polls each at 30 sec intervals Blockquote I have similar json input as below, every minute similar blocks of data is send to index. I am plotting ... by sawgata12345 Path Finder in Splunk Search 06-01-2018 0 2	0	2
How to get the average base on line number? Hi I have a table as below, each time run the query it may return different result run 1 day1 10 day2 20 day3 25 ru... by samlinsongguo Communicator in Splunk Search 05-31-2018 0 2	0	2
Regex help Hey Guys, I need help to write a regex with the name upload to pull the number 3712 from the below log where 'B Sent... by khajaforu New Member in Splunk Search 05-31-2018 0 1	0	1
How to merge two queries into one from two sources? Hi, I have two queries that I'm attempting (badly) to merge into one The first query is below and it works (final r... by dbcase Motivator in Splunk Search 05-31-2018 0 1	0	1
How can I bring up the top 10 errors in Pivot view? Hi, I'm trying to pull top 10 errors for last 7 days and I would like to show each error counts on each day. Pls see... by sarathipattam New Member in Splunk Search 05-31-2018 0 4	0	4
Why do these 2 searches return different results based on the dedup? Simple searches that return different restults based on where the dedup is. Seems like ti functuioning 2 different wa... by tkwaller_2 Communicator in Splunk Search 05-31-2018 0 5	0	5
How to correlate fields from two different searches? Thanks in advance. I have events from two different sources: The first source (let's call it Source A) has the fol... by SaamerS New Member in Splunk Search 05-31-2018 0 4	0	4
Lookup Definition using Match Type I am attempting to create a new "Week" field based on an external lookup. However, the date field in my sourcetype a... by jackreeves Explorer in Splunk Search 05-31-2018 0 1	0	1
How to compare 2 filename%y%m%d.csv from month appart? Hi fellows! I have a scheduled job that output a single host list (in a unique Table) every day. the filename is aut... by R1k New Member in Splunk Search 05-31-2018 0 1	0	1
How can I convert duration to seconds? "1h 2m 3s" to 3723 I have a a field that is called rawtime that has a bunch of durations. My end goal is to graph per hour the average d... by arianf Engager in Splunk Search 05-31-2018 1 4	1	4
Results for transactions with endswith not met index=winevents host=servernames* EventCode=1511 OR EventCode=4647 \| eval Sid=case(EventCode=1511,'Sid') \| lookup lda... by Kendo213 Communicator in Splunk Search 05-31-2018 0 0	0	0
How to change the name of field values at y-axis Hi, My idea is to shorten the value names at y-axis to a meaning full short names, so that it doesn't get truncated ... by Maniteja81 New Member in Splunk Search 05-31-2018 0 1	0	1
Average and Diff per host Given I have multiple hosts, I'd like the host total within a bucketed time span, average of the totals across all ho... by GadgetGeek Path Finder in Splunk Search 05-31-2018 0 4	0	4
Compare a field with lookup file I was trying to compare searched result with lookup file. Is there any to compare results with lookup file. \|mysearc... by praneshjan Explorer in Splunk Search 05-31-2018 0 2	0	2
First day of the month Hello , I have a job of this month,the problem is that in my histogram i always have thersday as first day by taha13 Explorer in Splunk Search 05-31-2018 0 7	0	7