Stack Overflow
Stack Overflow

Questions tagged [splunk-formula]

109 questions
5
votes
2 answers

Splunk how to combine two queries and get one answer

I am very new to Splunk and basically been dropped in the deep end!! also very new to language so any help and tips on the below would be great. The out come i am trying to get is to join the queries and get Username, ID and the amount of…
James
  • 51
  • 1
  • 1
  • 3
4
votes
1 answer

Splunk base search on dashboard and post processing the results

I have a dashboard that is using a base search, along with 4 other panels that reference this and format the results differently depending on the chart I want to use. When I run the base query by itself, it returns the data as expected. Base…
SBB
  • 8,560
  • 30
  • 108
  • 223
2
votes
1 answer

Splunk join two query to based on result of first query

In Splunk query I have two query like below Query 1- index=mysearchstring1 Result - employid =123 Query 2- index=mysearchstring2 Here I want to use employid=123 in my query 2 to lookup and return final result. Is it possible in Splunk?
Java hunger
  • 77
  • 5
2
votes
1 answer

How to format splunk graphs to show multiple lines (one line for each method)?

I am new to splunk reports, I am trying to achieve the following: I want to generate splunk logs report (graphical) for API performances with execution time on x-axis and method names on y-axis. I am trying to run following…
avani kothari
  • 729
  • 5
  • 16
2
votes
1 answer

Query to extract data

Here is a snippet of the logs: 127.0.0.1 - - [01/Dec/2020:00:00:11 -0500] "GET / url:"api/orderLaptop for customer id 123" 127.0.0.1 - - [01/Nov/2020:00:00:24 -0500] "GET / url:"api/orderLaptop for customer id 124" 127.0.0.1 - -…
user3376592
  • 191
  • 1
  • 13
2
votes
2 answers

SPLUNK enterprise i am trying to calculate results where if > 4% of failure is anomaly?

SPLUNK enterprise i am trying to calculate results where > 4% of failure is anomaly. is formula correct? to set anomaly ?(failcount and total count fields are numeric) | inputlookup sample.csv | eval isananomaly = if('Failcount' / 'Totalcount' *…
parth
  • 29
  • 4
2
votes
2 answers

Splunk Rex: Extracting fields of a string to a value

I'm a newbie to SPlunk trying to do some dashboards and need help in extracting fields of a particular variable Here in my case i want to extract only KB_List":"KB000119050,KB000119026,KB000119036" values to a column Expected…
Rczone
  • 493
  • 1
  • 5
  • 18
1
vote
1 answer

splunk map pass multiple values

I want to create an alert based on the following search: search string "a.string" extract field xx, yy then search "another.string" AND xx then extract field zz |table xx, yy, zz Here is what I came up with (removed other fixed strings in the rex…
John
  • 119
  • 5
1
vote
1 answer

Splunk - Add numeric columns and display only that result

This is my Splunk query: | stats count by Successful_Unsuccessful This is what the result looks like: What I want to do is total all the numeric values in the count column and display it as a Single Value Visualization in a dashboard panel I…
ashu mallik
  • 49
  • 1
  • 6
1
vote
1 answer

Extracting fields from logs using rex

I am trying to extract few fields from an event log using rex command and display the fields in a tabular format. This is my log: LOG_LEVEL="INFO" MESSAGE="Type_of_Call = Sample Call LOB = F Date/Time_Stamp = 2022-10-10T21:10:53.900129 Policy_Number…
ashu mallik
  • 49
  • 1
  • 6
1
vote
1 answer

Show the sum of an event per day by user in Splunk

I want to be able to show the sum of an event (let's say clicks) per day but broken down by user type. The results I'm looking for will look like this: User Role 01/01 01/02 01/03 ... Guest 500 450 348 55 Admin 220 200 150 75 Here is…
gregwhitworth
  • 2,136
  • 4
  • 22
  • 33
1
vote
1 answer

How do I check if Splunk has received logs from hundreds of different sources/hosts/devices?

I am relatively new to a company that has used Splunk Professional Services to spin up a Splunk Cloud environment. The company IT has onboarded a lot of AWS, Azure, on-prem and network devices so far. I’m trying to verify that they are in fact…
Jon_Snow1
  • 11
  • 2
1
vote
0 answers

Conditional statement on delta if there's a series of negative numbers

csv image here, last column is deltaSuppose there's monthly raindrop data by state, how would I pick out 3 or 4 month of continuous decrease in a row (if 0 or positive ignore the state) output should be NY and HI only. rows are as follows: state …
Lexie
  • 11
  • 2
1
vote
1 answer

Splunk search by given timestamp not the time of ingestion to splunk

Is it possible to connect the timestamp given in the Data set to the Splunk date picker.
Enoy Lu
  • 13
  • 4
1
vote
0 answers

Splunk event increasing logic witch each SPL query

I am getting data in Splunk from Snowflake using Splunk DB Connect. This is just simple orders data. At Splunk search & reporting I am running the following query on my table to get visualization. source="big_data_table_inner_join" "UNITS_SOLD" |…
Faisal Ghufran
  • 25
  • 4
1
2 3 4 5 6 7 8