Splunk Search

Community Activity

How can I convert duration to seconds? "1h 2m 3s" to 3723 I have a a field that is called rawtime that has a bunch of durations. My end goal is to graph per hour the average d... by arianf Engager in Splunk Search 05-31-2018 1 4	1	4
Results for transactions with endswith not met index=winevents host=servernames* EventCode=1511 OR EventCode=4647 \| eval Sid=case(EventCode=1511,'Sid') \| lookup lda... by Kendo213 Communicator in Splunk Search 05-31-2018 0 0	0	0
How to change the name of field values at y-axis Hi, My idea is to shorten the value names at y-axis to a meaning full short names, so that it doesn't get truncated ... by Maniteja81 New Member in Splunk Search 05-31-2018 0 1	0	1
Average and Diff per host Given I have multiple hosts, I'd like the host total within a bucketed time span, average of the totals across all ho... by GadgetGeek Path Finder in Splunk Search 05-31-2018 0 4	0	4
Compare a field with lookup file I was trying to compare searched result with lookup file. Is there any to compare results with lookup file. \|mysearc... by praneshjan Explorer in Splunk Search 05-31-2018 0 2	0	2
First day of the month Hello , I have a job of this month,the problem is that in my histogram i always have thersday as first day by taha13 Explorer in Splunk Search 05-31-2018 0 7	0	7
Help Deploying URL Parser TA to Index and Search Head Cluster I've been trying to follow examples of other TAs that might use SCP v2 to add parameters I can't use because of chunk... by farleycolby New Member in Splunk Search 05-31-2018 0 0	0	0
How to override only specific fields using appendcols? Hi, Is there a way to only override specific fields only. When i use appendcols override=true, it is overriding all ... by Maniteja81 New Member in Splunk Search 05-30-2018 0 4	0	4
How does one use REGEX, FORMAT, or something else, at index time, to replace "-" with "_" i.e. application_special-source-type => application_special_source_type? Extracting "_" delimited fields from source file name (regex101.com) ([^\/]+)([^]+)([^]+)([^]+)([^]+)bro([^]+)([^]+)... by mdwecht Path Finder in Splunk Search 05-30-2018 0 3	0	3
Is there a way to apply lookup table in a real time search? Hi all, I just want to ask if there is a way that I can apply a lookup table in a real-time search? I have this colu... by jadengoho Builder in Splunk Search 05-30-2018 0 3	0	3
What is the most efficient way of comparing two indexes. I'm comparing in event1 from indexA is existing in indexB. Currently I am using join in comparing this two indexes bu... by michaelrosello Path Finder in Splunk Search 05-30-2018 0 1	0	1
prediction in splnuk hi all, i am splunk 5.0 and i tried the query below with predict function as given in the document source="hdfs://1... by splunkpoornima Communicator in Splunk Search 05-30-2018 0 16	0	16
10k row limit csv I have looked at various solutions such as editing the conf files for an app to increase the 10K limit on emailed sea... by splunkbacon Explorer in Splunk Search 05-30-2018 0 1	0	1
sort column based on dynamic parameters My table has variable columns size as Id, description, detail1, detail2, detail3, detail4, price1, price2, price3... by krishman23 Explorer in Splunk Search 05-30-2018 0 4	0	4
Parsing a JSON string in search object We changed how our data was getting into splunk instead of dealing with full JSON we're just importing the data strai... by bshega Explorer in Splunk Search 05-30-2018 1 4	1	4
How to change a search query in the Splunk Insights for Infrastructure? Currently I have incoming events (from logs). The predefined charts look like histogram of count of events for a spec... by kvaga Explorer in Splunk Search 05-30-2018 1 3	1	3
How to access a lookup table belonging to another app? I've read the documentation that if permissions are set to Global for a lookup that it can be accessed from within an... by brdr Contributor in Splunk Search 05-30-2018 1 5	1	5
Why do these searches yield such different results? index="xyz" "a.b.c.d"=xyz \| chart count by a.b Yields 232 results. In order to get field names that are more reasona... by csyvenky Path Finder in Splunk Search 05-30-2018 0 2	0	2
How to change table header alignments? The table header's alignments seem completely random. Some are aligned to the left and others are aligned to the righ... by kdimaria Communicator in Splunk Search 05-30-2018 0 2	0	2
Regular expression with lookup Blockquote I have to build a table that lists all the service names that are in particular format for e.g "ABC-*.-<... by stang1234 New Member in Splunk Search 05-30-2018 0 5	0	5
Can one Search Head Cluster search across multiple Indexer Clusters? Hi, I am wondering if one Search Head Cluster can search across multiple Indexer Clusters. I have found this doc htt... by earakam Path Finder in Splunk Search 05-30-2018 1 5	1	5
How to change the conditional by event name? I have this splunk query that returns two fields, "audit_event_name" (the name of the event) and "failureRate" (the r... by mauricio2354 Explorer in Splunk Search 05-30-2018 0 2	0	2
Milliseconds timestamp for syslog udp 514 is not working with no_appending_timestamp=false (default) May 25 15:21:44 192.168.1.1 2097826: T2-D1-BDS LC/0/0/CPU0:May 25 15:21:44.362 GMT: npu_driver[273]: %L2-PLIM_ETHER-2... by deodion Path Finder in Splunk Search 05-30-2018 1 1	1	1
Comparing field value results to values(alphanumeric) in lookup file I am trying to compare the field values of a lookup file(alphanumeric values) to the my search results. Please help m... by harishkothandar Engager in Splunk Search 05-30-2018 0 1	0	1
Average and Max of Timecharted output Hi All, I am trying to find out the average and maximum value from the timechart output but failed. Could you please... by siva_cg Path Finder in Splunk Search 05-30-2018 0 1	0	1