Highest Voted 'splunk-query' Questions

1

vote

1 answer

Splunk percentage value for each category

I have 2 columns service and status. How do I calculate percentage availability for each service. total count for that service -> ts 5xx status for that service -> er_s availability = ((ts - er_s) / ts) * 100 I am able to get as a whole or…

splunk splunk-query splunk-calculation

asked May 10 '22 at 09:51

theGamblerRises

686
1
11
27

1

vote

1 answer

How to evaluate a Splunk field which represents the length of another field?

I've loaded the following example file containing lines of JSON into Splunk: {"duration":2134,"input":["foo","bar"],"level":"info","msg":"Processed…

splunk splunk-query

asked Apr 07 '22 at 15:30

Kurt Peek

52,165
91
301
526

1

vote

1 answer

Splunk search by given timestamp not the time of ingestion to splunk

Is it possible to connect the timestamp given in the Data set to the Splunk date picker.

splunk splunk-query splunk-formula splunk-calculation splunk-dashboard

asked Apr 04 '22 at 08:48

Enoy Lu

13
4

1

vote

1 answer

Splunk query group by multiple fields

I have following splunk fields Date,Group,State State can have following values InProgress|Declined|Submitted I like to get following result Date. Group. TotalInProgress. TotalDeclined TotalSubmitted.…

splunk splunk-query

asked Mar 08 '22 at 01:55

LEo

11
1
3

1

vote

0 answers

How to use user input token in Checkbox value in Splunk Dashboard?

I am on Splunk 8.1 trying to create a dynamic dashboard. I am trying to create a multisearch query, the searches for which will be based on the checkboxes that the user clicks. Time …

splunk splunk-query splunk-dashboard

asked Feb 21 '22 at 07:43

Suraj

468
1
4
14

1

vote

1 answer

how to write splunk query to create a dashboard

I have a Splunk log which contains a message at different time stamp with some case number "message":"Welcome home user case num 1ABCD-201901-765-2 UserId - 1203 XV - 543 UserAd - 76542 Elect - 5789875 Later Code - QWERZX" In below log few log…

splunk splunk-query splunk-calculation splunk-dashboard

asked Feb 05 '22 at 08:10

Learners

121
11

1

vote

1 answer

Divide the count of two search texts

When I search "SearchText1" then lets say there are 20 records. When I search "SearchText2" then there are 10 results Then I need to display a single value "2" in the dashboard How do I formulate the Splunk query? I tried below query where the…

splunk splunk-query

asked Jan 22 '22 at 12:00

firstpostcommenter

2,328
4
30
59

1

vote

1 answer

Display result count of multiple search query in Splunk table

I want to display a table in my dashboard with 3 columns called Search_Text, Count, Count_Percentage How do I formulate the Splunk query so that I can display 2 search query and their result count and percentage in Table format. Example, Heading …

splunk splunk-query

asked Jan 21 '22 at 15:56

firstpostcommenter

2,328
4
30
59

1

vote

1 answer

Write splunk query to fetch the number of working days greater than zero

I am trying to write a splunk query where I need to fetch the user details with the number of working days if it is greater than zero. For example I have the below data I, [2022-01-04T01:32:10.165065 #21461] INFO -- : fetched user details for…

splunk splunk-query

asked Jan 04 '22 at 07:41

Aniket Tiwari

3,561
4
21
61

1

vote

1 answer

Splunk - Create customized query for Splunk dashboard based on Input selection

I'm creating a Dashboard in Splunk. It has one dropdown menu to select App-name(App1 or App2), another drop-down to select log_type (Detailed and App_specific), and a Search panel to show output of search query. For instance, If user selects App1…

splunk splunk-query splunk-dashboard

asked Nov 15 '21 at 21:55

user2769790

123
1
17

1

vote

1 answer

Splunk : Spath searching the JSON array

I have below two JSON events where under "appliedConditionalAccessPolicies", in one event policy1 has results =failure and policy2 has results=notApplied. In the other event the values are reversed. Now I'm trying to get the event where the policy1…

splunk splunk-query

asked Nov 11 '21 at 02:04

Ashish Gupta

14,869
20
75
134

1

vote

1 answer

Splunk : Extracting the elements from JSON structure as separate fields

In Splunk, I'm trying to extract the key value pairs inside that "tags" element of the JSON structure so each one of the become a separate column so I can search through them. for example : | spath data | rename data.tags.EmailAddress AS Email This…

splunk splunk-query

asked Oct 26 '21 at 19:18

Ashish Gupta

14,869
20
75
134

1

vote

1 answer

Splunk strptime returning NaN

I have a eval on a dashboard that used to work but it stopped and I havent been able to figure out why. On the dashboard im taking the _time and turning it into a human readable string using strftime(_time, "%m/%d/%Y %H:%M:%S %Z") and that works…

dashboard splunk splunk-query

asked Oct 21 '21 at 18:03

trever

961
2
9
28

1

vote

1 answer

Splunk queries: unsuccessful logins or logins with accounts locked, logins with OCONUS IP

I am using Splunk (7.3.3) and I am having tremendous difficulties trying to create a dashboard that can show (or 'report') the following information: unsuccessful admin logins unsuccessful admin logins after duty hours (WINDOWS, ALL HOURS RIGHT…

splunk splunk-query

asked Oct 19 '21 at 09:57

weteamsteve

189
3
20

1

vote

1 answer

Count and sum in splunk

I have this sets of data: name fruit location mary apple east ben pear east peter pear east ben apple north ben mango north peter mango north mary orange north alice pear north janet pear north janet…

splunk splunk-query

asked Sep 28 '21 at 09:55

LindaMage

17
2
6

Questions tagged [splunk-query]