Splunk Search

Community Activity

Want to split results based on a field value Hi all, We have a field which represets de Offices, and we would like to make 2 different line charts separating bet... by leandrot Explorer in Splunk Search 04-26-2018 0 1	0	1
How to find sum of particular fields by time? We are having search which contain two fields user id and time at which user logged in. We need to print below table... by pal_sumit1 Path Finder in Splunk Search 04-26-2018 0 3	0	3
Regex Help! Hi! First time I am attempting Regex commands and I have got pretty stuck so any help would be much appreciated. I ... by NShimmen New Member in Splunk Search 04-26-2018 0 4	0	4
Query with field from lookup table + concatenate + wildcards I have a lookup file titled airports.csv. In the file, i have several fields, but one is AirportCode. This field has ... by cruzcr Engager in Splunk Search 04-26-2018 0 10	0	10
How to convert function to return epoch time 3 hours later? Here is my date format I would like to convert to epoch for later processing. My date formate is: 3/5/2018 17:03 M... by brdr Contributor in Splunk Search 04-26-2018 0 6	0	6
How to compare two fields in a event and list out the field when one of the fields does not exist? Hello, I have a multiple events in a log file which contains field A and field B but not in all the events, I need t... by bollam Path Finder in Splunk Search 04-26-2018 0 2	0	2
why 2 searches dont return same results This search: index=dev_tsv source="activity" "Organization Name"="NA" "Added a comment" \| rename Action as N... by tkwaller_2 Communicator in Splunk Search 04-26-2018 0 5	0	5
Splunk Trigger alert no transaction inside log file from the directory? I have two directory having two log files Directory: /logs/Test1/ /logs/Test2/ The directory have two log files: ... by karthi2809 Builder in Splunk Search 04-26-2018 0 2	0	2
Is it possible to ignore the last result? good afternoon I have the following query \| dbxquery connection = connection query = "....." \| chart eval (round ... by efaundez Path Finder in Splunk Search 04-26-2018 0 6	0	6
eval IP function - help Hello, I have a search woring which returns single IP addresses as source for certain events. As part of this I want... by griggsy New Member in Splunk Search 04-26-2018 0 1	0	1
Transpose Multiple Column Headers HI, I wonder whether someone can help me please. I'm running the query below which works fine, but I'm having some d... by IRHM73 Motivator in Splunk Search 04-26-2018 1 2	1	2
How to get sum of a column Hello, I am new in Splunk and trying to figure out sum of a column. i run following sql query on database: SELECT c... by singh321 New Member in Splunk Search 04-25-2018 0 14	0	14
how to get events for exact matched string only in the field value I am searching : index=web account_domain="INCCORP" bur getting result which have account_doamain with "INCCORP","... by Meharkant123 New Member in Splunk Search 04-25-2018 0 3	0	3
how to exclucde number of values from search sourcetype="source_traffic" \| stats values(dest_port) by dst_ip Hi I am lookin for result of IP which have more than... by Meharkant123 New Member in Splunk Search 04-25-2018 0 2	0	2
How to create a table for pfsense firewall logs using rex command? I was trying to create a table for pfsense firewall logs using rex command. But it is not creating a table, instead s... by jawadak New Member in Splunk Search 04-25-2018 0 3	0	3
How to use where command to keep only specific rows? My query so far looks like this: sourcetype="type1" OR sourcetype="type2" \|chart count(sales1) over sales2 by source... by summitsplunk Communicator in Splunk Search 04-25-2018 0 1	0	1
How to add a column to the results table based on an existing field? Hello: I am trying to add a column to the results table, the reason for this is so that I can then use that value fo... by ivtashev New Member in Splunk Search 04-25-2018 0 1	0	1
How to extract values from a field instead of _raw? Hi I am getting below log and want to extract the data/values from the field using props.conf / transforms.conf. F... by soumyacharya91 Path Finder in Splunk Search 04-25-2018 0 7	0	7
Calculation using the number of events returned to determine average I have data similiar to this: Account Count TotalSessions abc 4 12 xyz ... by dwong2 New Member in Splunk Search 04-25-2018 0 3	0	3
Using a lookup file to run queries I'm trying to create a search based on error strings in a lookup file and i'd like the output to include stats based... by gferreira New Member in Splunk Search 04-25-2018 0 2	0	2
Why am I seeing different results with dashboard/query results using "index in ( A B C )" vs. "index=A"? Okay, I have an issue between the results from "index in ( index1 index2 )" and "index=index1 OR index=index2". What... by scknogas Path Finder in Splunk Search 04-25-2018 0 6	0	6
How to create a single value element for the dashboard? I have following stats. I want to create a single value element which will show the revenue of 2014 and increase/decr... by leanpro Engager in Splunk Search 04-25-2018 0 2	0	2
Timechart Volume per hour same day over several weeks...Seeking alternative way. This is a working search that charts Volume per hour for the same day (Current day) over multiple weeks. The search t... by nqjpm Path Finder in Splunk Search 04-25-2018 0 7	0	7
Splunk Search For Exact Word Hi When I execute a search for "foo", I only want events that have the word foo and not events that have words like ... by sajbutler Path Finder in Splunk Search 04-25-2018 1 4	1	4
Why is Hunk 6.1.1 ignoring 'earliest' and 'latest' in search? I have a vix defined with the following parameters: [mydata] vix.provider = myprovider vix.input.1.path = /user/hunk... by shaskell_splunk Splunk Employee in Splunk Search 04-25-2018 2 6	2	6