Splunk Search

Community Activity

How to combine multiple fields filtering to create a new eval variable? Hi , i have the following fields (host id time) and 6 records host \| id **** *************** A \| 3 A ... by cheokiie Engager in Splunk Search 06-01-2018 0 2	0	2
auto increment on query Hello, I'am writing a query to retrieve comments of my clients This is my query \| eval q_commentaireSupplementaire=... by taha13 Explorer in Splunk Search 06-01-2018 0 6	0	6
Splunk case statement to count values based on field name Hi team, there are three fields in source "app1.csv" (CUST_ID,ACCT_ID,SUBSCRIP_ID). There is no other field in this t... by anantdeshpande Path Finder in Splunk Search 06-01-2018 0 3	0	3
In timechart query plot the difference of values from two polls each at 30 sec intervals Blockquote I have similar json input as below, every minute similar blocks of data is send to index. I am plotting ... by sawgata12345 Path Finder in Splunk Search 06-01-2018 0 2	0	2
How to get the average base on line number? Hi I have a table as below, each time run the query it may return different result run 1 day1 10 day2 20 day3 25 ru... by samlinsongguo Communicator in Splunk Search 05-31-2018 0 2	0	2
Regex help Hey Guys, I need help to write a regex with the name upload to pull the number 3712 from the below log where 'B Sent... by khajaforu New Member in Splunk Search 05-31-2018 0 1	0	1
How to merge two queries into one from two sources? Hi, I have two queries that I'm attempting (badly) to merge into one The first query is below and it works (final r... by dbcase Motivator in Splunk Search 05-31-2018 0 1	0	1
How can I bring up the top 10 errors in Pivot view? Hi, I'm trying to pull top 10 errors for last 7 days and I would like to show each error counts on each day. Pls see... by sarathipattam New Member in Splunk Search 05-31-2018 0 4	0	4
Why do these 2 searches return different results based on the dedup? Simple searches that return different restults based on where the dedup is. Seems like ti functuioning 2 different wa... by tkwaller_2 Communicator in Splunk Search 05-31-2018 0 5	0	5
How to correlate fields from two different searches? Thanks in advance. I have events from two different sources: The first source (let's call it Source A) has the fol... by SaamerS New Member in Splunk Search 05-31-2018 0 4	0	4
Lookup Definition using Match Type I am attempting to create a new "Week" field based on an external lookup. However, the date field in my sourcetype a... by jackreeves Explorer in Splunk Search 05-31-2018 0 1	0	1
How to compare 2 filename%y%m%d.csv from month appart? Hi fellows! I have a scheduled job that output a single host list (in a unique Table) every day. the filename is aut... by R1k New Member in Splunk Search 05-31-2018 0 1	0	1
How can I convert duration to seconds? "1h 2m 3s" to 3723 I have a a field that is called rawtime that has a bunch of durations. My end goal is to graph per hour the average d... by arianf Engager in Splunk Search 05-31-2018 1 4	1	4
Results for transactions with endswith not met index=winevents host=servernames* EventCode=1511 OR EventCode=4647 \| eval Sid=case(EventCode=1511,'Sid') \| lookup lda... by Kendo213 Communicator in Splunk Search 05-31-2018 0 0	0	0
How to change the name of field values at y-axis Hi, My idea is to shorten the value names at y-axis to a meaning full short names, so that it doesn't get truncated ... by Maniteja81 New Member in Splunk Search 05-31-2018 0 1	0	1
Average and Diff per host Given I have multiple hosts, I'd like the host total within a bucketed time span, average of the totals across all ho... by GadgetGeek Path Finder in Splunk Search 05-31-2018 0 4	0	4
Compare a field with lookup file I was trying to compare searched result with lookup file. Is there any to compare results with lookup file. \|mysearc... by praneshjan Explorer in Splunk Search 05-31-2018 0 2	0	2
First day of the month Hello , I have a job of this month,the problem is that in my histogram i always have thersday as first day by taha13 Explorer in Splunk Search 05-31-2018 0 7	0	7
Help Deploying URL Parser TA to Index and Search Head Cluster I've been trying to follow examples of other TAs that might use SCP v2 to add parameters I can't use because of chunk... by farleycolby New Member in Splunk Search 05-31-2018 0 0	0	0
How to override only specific fields using appendcols? Hi, Is there a way to only override specific fields only. When i use appendcols override=true, it is overriding all ... by Maniteja81 New Member in Splunk Search 05-30-2018 0 4	0	4
How does one use REGEX, FORMAT, or something else, at index time, to replace "-" with "_" i.e. application_special-source-type => application_special_source_type? Extracting "_" delimited fields from source file name (regex101.com) ([^\/]+)([^]+)([^]+)([^]+)([^]+)bro([^]+)([^]+)... by mdwecht Path Finder in Splunk Search 05-30-2018 0 3	0	3
Is there a way to apply lookup table in a real time search? Hi all, I just want to ask if there is a way that I can apply a lookup table in a real-time search? I have this colu... by jadengoho Builder in Splunk Search 05-30-2018 0 3	0	3
What is the most efficient way of comparing two indexes. I'm comparing in event1 from indexA is existing in indexB. Currently I am using join in comparing this two indexes bu... by michaelrosello Path Finder in Splunk Search 05-30-2018 0 1	0	1
prediction in splnuk hi all, i am splunk 5.0 and i tried the query below with predict function as given in the document source="hdfs://1... by splunkpoornima Communicator in Splunk Search 05-30-2018 0 16	0	16
10k row limit csv I have looked at various solutions such as editing the conf files for an app to increase the 10K limit on emailed sea... by splunkbacon Explorer in Splunk Search 05-30-2018 0 1	0	1