Hey Fellow Splunkers I would like to total multiple values for the same fields. field="Fruits" Within this field, I have multiple values: Values: -Oranges = 10 -Apples = 3 -Grapes = 90 -Pears = 4 index="random" host="xxxxxx" Fruits=*"Apple" |stats count(Fruits) I would like to count each value within the field and output the content in a table with its corresponding total. Thank You, ... View more

I have a field [B] that consists of some numbers and strings. 10 gb 20 gb 30 gb I would like to implement a eval statement that would convert the numerical values into MB. B=*"GB"| eval GB=*/1024 | table GB I'm not sure what is incorrect about this statement? ... View more

Good Morning, Fellow Splunkers I have a field extraction that outputs four possible values [Example]: Field Extraction: [Direction] [North] [South] [East] [West] I would like to count each of event within a period of time. I'm thinking: index=xxxx host=xxxx Direction="*"| Stat Count ("North" "South" "East" "West") ... View more

Hey, Fellow Splunkers I have multiple duplicated events, all data on the event is identical to the exception of the time. I'm attempting to filter based on Alert ID; however, both events have the same alert id, but different times and Duration: for example: Oct 31 00:16:50 alert: 123 Duration 200 Oct 31 00:18:50 alert: 123 Duration 300 Does Splunk have a compare operator to SORT the differences between the time or Duration which will help me eliminate the duplicates? The only concept the Duration could be random. Thank You, ... View more

Good Morning, Fellow Splunkers I'm interested in counting events per hour for a 24 hr period. I would also like to have a sum total count for the end of the period. So within that hour how many alerts have been generated? Time Alert 1h.............3 2h.............3 3h.............2 4h.............2 5h.............9 . . . . 24h............(19) Sum My search Query: index=* host=* myalert=* |timechart span=1h count by host ... View more

Good Morning, Splunkers I currently have multiple panels within ONE Main Panel: I would like to have that one main panel emailed reoccurring. Would that be possible? Thank You, ... View more

Good Morning, I'm having issues with a Dashboard I created. I made some changes to the XML code, but unfortunately, the XML is not valid. I saved the results in the Dashboard, but now I'm unable to revisit the Dashboard. I believe it's attempting to load the incorrect XML script. Would there be away to edit the XML prior to loading? ... View more

Good Morning, Fellow Splunkers I have a few questions pertaining implementation of drop down menu to help manage multiple panels within Dashboard? I don't have admin access to install any variations of scripts. Would it be possible to create a drop down menu from the dashboard options? If so what would be the process? ... View more

Hey, Splunkers I would like to change the colors to my dashboard, unfortunately I don't have admin access to add a CSS file to the directory. I would like to know if it's possible to edit via XML option? and if so how would I go about and make those changes? Thank You, T ... View more

Hey Fellow Splunkers I'm interested in changing the colors and layout of my dashboard, the only place I see where those changes can be made is in "Edit" then "Edit Source"? Thank You, Anthony, S. ... View more

Hey, Fellow Splunkers I'm fairly new to Splunk, I was wandering what exactly is the props.conf?, Where is it located?, and Why is it important? My thoughts of the props.conf is similar to a router configuration? I'm wandering are my thoughts correct in respect to the props.conf? Thank You, ... View more

Hey Fellow Splunkers I'm looking to possibly create a regular expression that can be used to extract a field. The data associated with the field that I'm attempting to extract is a complex string with numerical values including quotes example: EXAMPLE DATA: Aug 10 10:10:40 HOST SUPERTROOPERS: 10-08-2016 10:55:15 WARNING 555 ERRORS "THE ERROR IS 1 MORE THAN EXPECTED" WARNING 344 Errors "THE ERROR IS 1 MORE THAN EXPECTED" WARNING 210 Errors "THE ERROR IS 5 LESS THAN EXPECTED" WARNING 122 Errors " SOME ADDITIONAL 1 TEXT" The Regular Expression I generated: rex field=ERROR ^(?:[^ \n]* ){5}(?P<ERROR>\s+"+*+") the last part of the regular expression s+"*") is complex, I'm wandering how can i say all words, spaces, and numbers within " " to be associated with my field Errors. I think this is saying new field name ERROR new line, non capture, except new line, and any value, 5 characters for in ERROR space than then this part would be to include everything within quotes? My Goal is to simply create the field Error = quotes, words, spaces, numbers, and some more quotes.? ... View more

Hey Fellow Splunkers I have an issue when searching for similar events that are only unique by one character. Example: (L= lbs G=Grams) Vegetables=5.1Lbs Vegetables=2.1Gbs Giving this example, If I search for Vegetable="*" , it will populate both: Vegetables=5.1Lbs Vegetables=2.1Gbs How can I search Vegetables="" and have it only populate: Vegetables=2.1Gbs Vegetables=9.2Gbs Vegetables=4.3Gbs Vegetables=3.5Gbs Vegetables=2.8Gbs Basically, i would like the emphasis of the search solely specifically with Vegetables, but only populate the events with "Gbs", not "Lbs"? ... View more