Splunk Search

Community Activity

update eval token with first row of a dashboard table I have two tables in a dashboard, The top one lists all the WAN links and the bottom one shows the detailed link util... by nabeel652 Builder in Splunk Search 05-10-2018 0 2	0	2
Is there a way to dedup then use a time picker? I am trying to create a report that would tell me if an item that should be available within a certain timeframe (i.e... by jeffsegal Explorer in Splunk Search 05-09-2018 0 7	0	7
Timechart using an epoch timestamp in the row instead of _time Hi, I'm using JSON extract on my rows. I want to use the value that is contained in "message.time" instead of _time... by andrewbeak Path Finder in Splunk Search 05-09-2018 0 11	0	11
splunk eval case statement compare the case-sensitive value or case-insensitive Hi Everyone, I have a very small conceptual doubt. Does the eval case do case insensitive compare or will it compare... by Chandras11 Communicator in Splunk Search 05-09-2018 0 5	0	5
Get 10 minutes before 1 minute If I search, I can see the count value of each field for one minute, and also want to know the sum count value 10 min... by mkoh New Member in Splunk Search 05-09-2018 0 4	0	4
How to calculate the size of the events per field? I have a query as follows index=abc sourcetype=def \| stats count by field_A \| eval mb=round(count/1024/1024,2) whi... by pavanae Builder in Splunk Search 05-09-2018 0 2	0	2
How to create a field with varying lengths of field values? I want to create a field which extract values, however I have some field values that I want to extract which contain ... by gilbxrtx_7 New Member in Splunk Search 05-09-2018 0 12	0	12
Why is the result number not matching? Hi - I have a query where it results in total number of results of number of people logged into an application and I... by rakeshyv0807 Explorer in Splunk Search 05-09-2018 0 8	0	8
How to search and trigger an alert if we are not getting a record for some hosts from a given host list? I have total 12 hosts which are coming through my sourcetype (input) and are below: UK1 App Server 1 UK1 App Server ... by sachinsingh2005 Explorer in Splunk Search 05-09-2018 0 9	0	9
Using conditional sum after case statement .....search \| eval Type=case(like(publishId,"%U"),"unsubscribed",like(publishId,"%S"),"subscribed") \| stats count by... by dwong2 New Member in Splunk Search 05-09-2018 0 4	0	4
timechart ratio by model Hi, below is my query index_ sourcetype=main \| stats count(eval(level="Error")) as ERRORS count(eval(level="Inform... by sarathipattam New Member in Splunk Search 05-09-2018 0 3	0	3
Is there any way that I can calculate the byte size for each field value based on count? I have a query as below field_A!="A" AND (field_B="abc" OR field_B="def" OR field_B="ghi" OR field_B="jkl" OR field... by pavanae Builder in Splunk Search 05-09-2018 0 1	0	1
How can I show the difference in a string field from one day to another? I have a powershell script that audits some files and creates an Windows application event log with the filepaths of ... by bscavotto New Member in Splunk Search 05-09-2018 0 5	0	5
Is it possible to search a word existing in all the searches of Splunk just like we do in other IDEs? I have multiple searches in splunk which use the same lookup table. Is it possible I can check among all the searches... by harry2007gsp Path Finder in Splunk Search 05-09-2018 0 3	0	3
Lookup - How to compare and remove events from the search? I need to remove a list of servers from my search. This list changes once a month so I thought of using a lookup tabl... by bruno_eduardo Path Finder in Splunk Search 05-09-2018 0 6	0	6
Events older then 30 days The following is a sample entry from a splunk index... lastOccurrence=2012-06-25 18:42:38.0\|firstOccurrence=2012-06-... by DTERM Contributor in Splunk Search 05-09-2018 0 7	0	7
What is the order that executes in query when I use both AND, OR in splunk query? I have two different queries like below Query 1 :- field_1!="A" AND field_2="B" OR field_1!="A" AND field_2="C" OR ... by pavanae Builder in Splunk Search 05-09-2018 0 2	0	2
How to extract the last underscore part of a field? I have a value a_b_c. How do I extract the last '_' item. So in this case it'd be 'c'. The number of of underscores i... by Splunkster45 Communicator in Splunk Search 05-09-2018 0 2	0	2
Can you cache report results and use them towards another search? I need to be able to compare report results over the period of a time. The report itself takes minutes to run for a 1... by cdion3537 New Member in Splunk Search 05-09-2018 0 1	0	1
search showing times when raw events were 0 Looking to do a search which shows start time and end time when _raw events were 0 over a say 24hr period. Trying to... by Skins Path Finder in Splunk Search 05-09-2018 0 5	0	5
Deployment architecture I have I want to send windows logs through heavy forwarder to indexer. on windows server, I install universal forwa... by rashid47010 Communicator in Splunk Search 05-09-2018 0 8	0	8
How can I look back 7 days from when an event occurred? Hey Guys, I have a daily report that is showing the # of orders planned and completed for the day. However, sometime... by auaave Communicator in Splunk Search 05-08-2018 0 3	0	3
How does Hunk search data from Hadoop? Can someone please explain in simple layman terms how Splunk SEARCHES Hadoop Data? I understand it doesn't store them... by Harishma Communicator in Splunk Search 05-08-2018 1 2	1	2
Converting smiv1 to smiv2 , cant find module Hi i am having difficulties on doing this one , can someone tell me what should i need to do to make it fix . As i c... by jadengoho Builder in Splunk Search 05-08-2018 0 0	0	0
How can I get the graph that only displays percentage when using timechart? I have a query below that is showing "PriceChangeCount", "Total" and "PriceChangeRate" in graph, How can I get the g... by Min1025 Explorer in Splunk Search 05-08-2018 0 2	0	2