Splunk Search

Community Activity

	How to use "set diff" and "diff" commands to list out new values in a file comparing different days/weeks/months/years? I have data which add new files every day. I want to compare today's data with previous day/week/month/year data and ... by chandana204 Communicator in Splunk Search 05-23-2018 0 3	0	3
	How to calculate percentage based on 4 different searches Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time) by rajhemant26 New Member in Splunk Search 05-23-2018 0 2	0	2
	eventcount - spanning over week I'm attempting to write a search using eventcount command. I want to graph the number of events in my index/sourcetyp... by brdr Contributor in Splunk Search 05-23-2018 0 0	0	0
	Regex on input change In a dashboard, I have a dropdown input where the user can enter an IP address (customs value). I want to validate th... by oriolcamp New Member in Splunk Search 05-23-2018 0 1	0	1
	How to join using a wildcard? I have a lookup that contains host names with wildcards. I am trying to do a inputlookup to grab those host names wit... by kdimaria Communicator in Splunk Search 05-23-2018 0 6	0	6
	How to lump data into two groups by a field for a trendline? So I have some data which looks similar to this: time="timevalue", name="name", measurement="value" And I have 7 d... by splunk_question Explorer in Splunk Search 05-23-2018 0 5	0	5
	How can I compare two search results in one chart? I would like to compare the result count of two search queries in one column chart (one column for each query and day... by tiptobi Explorer in Splunk Search 05-23-2018 0 6	0	6
	How to generate several "chart / over / by" charts for each value X using trellis? Hello Splunk Community, I'm trying to build a dashboard that dynamically displays several bar charts based on each v... by alissonpdc New Member in Splunk Search 05-23-2018 0 0	0	0
	field extraction to value Some of my log lines include "20180228 034322 : [04936] License threshold of 100% reached. There are 202 of 202 licen... by browniefs100 New Member in Splunk Search 05-23-2018 0 11	0	11
	Event timestamp parsing incorrectly, pls help! Hi, While loading data, the timestamp that is being loaded is incorrect. For 2nd row in below records, the timestamp... by payalc New Member in Splunk Search 05-23-2018 0 0	0	0
	How to change a value at index time Hiya, simple question here. I want to change the way a value is represented to me after I index, see the following: ... by JPrictoe Loves-to-Learn in Splunk Search 05-22-2018 0 4	0	4
	User defined inputs for a field in splunk Hi, I have a situation, where user/admin need to verify if the event should be taken into consideration or not. In ... by Chandras11 Communicator in Splunk Search 05-22-2018 0 3	0	3
	How to sort the dashboard title on navigation dynamic list? Hi Guys, I added a dynamic list on an app but the dashboard titles are not in order. How can I make it alphabeticall... by auaave Communicator in Splunk Search 05-22-2018 0 2	0	2
	How to remove extra characters from an indexed event? Good afternoon Is there a way to remove extra characters (\xAF) from already indexed events such as this one: 20182... by Bellamar10 New Member in Splunk Search 05-22-2018 0 5	0	5
	how to feed search result into "custom search command" and get output from custom search command? Hi, I have written a custom search command to send whois queries for ip addresses that are resulted from search head... by muratogul New Member in Splunk Search 05-22-2018 0 5	0	5
	How to handle gracefully "No Results Found" Hello, I've the below query. I wanted to know when there're no errors, instead of showing "No Results Found", how can... by splunking1t New Member in Splunk Search 05-22-2018 0 3	0	3
	Finding difference and percentage from 2 events withe same fields but difference index I have this query that returns this: Sample event in index=idx_A: year=2018 month=04 day=10 hour=09 event_count=100... by liondancer Explorer in Splunk Search 05-22-2018 0 10	0	10
	need help with showing eval in stats so I have this query (host=pnr-proxy-prod* OR host=master.menlosecurity.com OR host=pnr-webui-prod) (source= s... by kiamco Path Finder in Splunk Search 05-22-2018 0 2	0	2
	Is the "type" field removed from Splunk metrics in 6.6? So we have this query: index=_internal type=Usage st!=splunk_metrics earliest=-1d@d latest=-0d@d \| bucket _time sp... by EricLloyd79 Builder in Splunk Search 05-22-2018 0 5	0	5
	How to create an alert if there are more than 5 login_id(s) associated to any unique sourceIP I have an app behind a WAF, and I am looking at the WAF logs to see how many unique login IDs are coming from a singl... by Log_wrangler Builder in Splunk Search 05-22-2018 0 2	0	2
	Lookup and powershell command hi i want to use the powershell code below in order to know if the computer ping or not PS C:> Test-Connection -Comp... by jip31 Motivator in Splunk Search 05-22-2018 0 1	0	1
	how can test my search query to make sure splunk is giving correct output I want to test the data retrieved by Splunk query. How can I validate the results. by anandbharti New Member in Splunk Search 05-22-2018 0 2	0	2
	How to find peak time and the low time of the requests with the span of every hour? Hi Team, I like to find the peak time of the success requests (http_status=200) and also the least time of the reques... by balamv Engager in Splunk Search 05-22-2018 0 3	0	3
	How to create a case statement with NOT LIKE option? \| eval usage=case(like(_raw,"%FirstClass%"),"A_Grade",like(_raw,"%SecondClass%"),"B_Grade",like(_raw,"%ThirdClass%"),... by zacksoft Contributor in Splunk Search 05-22-2018 0 7	0	7
	Multiple average time calculations in a single search for Trellis Display This is my log format. { servicename: ServiceOne end.timestamp: 20000 start.timestamp: 19920 } { s... by angersleek Path Finder in Splunk Search 05-22-2018 0 1	0	1