Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to create a dashboard with one search that can produce results for both today and yesterday?

Hello, I want to create a dashboard with 2 searches. Search A should show a search result from today. Search B sh...

by New Member in

Streamstats and resetting a running total

I'm using streamstats to calculate the running total for a value ... | streamstats sum(amount) as cumulativeAmount...

by Path Finder in

How do I use the built-in maps in Splunk to plot the different countries in my search results and display the counts on each country?

index=gasf uri_path="*.aspx" (( eventtype="Hub" ) AND eventtype=*) | iplocation clientip | timechart span=1hr c by...

by Explorer in

How can I determine the regex used for an extraction in a specific event?

Hello all, One problem that I frequently have is that I need to know what extraction was used for a specific even...

by Path Finder in

How to place the results of multiple unrelated searches into a table?

Dear All, I have multiple searches with its results. Now I want to put values in a single table and that to be in ...

by Explorer in

How to search the Percentage and Count of Total by each range of a rangemap?

I've looked at several posts involving "Percent of Total" and have tried the suggestions, but still can't get exactly...

by Engager in

How to find the average count of a field per hour per day?

Trying to find the average PlanSize per hour per day. source="*\\myfile.*" Action="OpenPlan" | transaction Guid st...

by Contributor in

Why are we seeing a "Server Error" message after each search, login attempt, etc. on our search head and indexer?

We have 1 indexer and 1 search head in our Splunk environment. Since this morning, after every search is run, a 'Serv...

by Path Finder in

Eval difference between two fields for each entry

So I'm trying to display what the timespan is from start to finish of a bucket and add it as a new field to the table...

by Contributor in

How to chang the color of iframe chart ?

Hi Splunkers! Is there a way to chang the color of iframe chart ? i only find it can work on dashboard ty:)

by New Member in

How to find 10 most active folders by their action of uploading documents

Hey guys, So I am trying to create a search that fetches the top 10 most active OOIDs (Organization ID Folder) by ...

by Communicator in

How to get complex transactions over two fields

My transactions consist of two fields named JOBID and SUBJOBID. A typical search result contains events like JOBID...

by Explorer in

How to get the duration in seconds from a multiline event?

I am trying to find the best way to get the duration (in seconds) on a multiline event, possibly having it captured d...

by Path Finder in

Parsing XML data from fields

Hello, after researching a lot of information I still can not recorgnise how to solve this problem. I have an xml fil...

by Explorer in

How do I write the regex to properly extract all attack names from my sample Fortigate logs?

Hi, I need to extract attack names from Fortigate logs. All attack logs are the same, but only a few are correctly...

by Explorer in

How can I search for logs from the last 24 hours in Splunk?

Hi, I am trying to display logs for last 24 hrs on Splunk. My search is: index=peppol sourcetype=peppol-outboun...

by Communicator in

How to refer to a lookup CSV file I just uploaded in a search?

Hi Everyone, I have uploaded a CSV file to the lookup table. Only one column of data is in the list. for e.g. I pu...

by Explorer in

Why do the earliest and latest timechart functions produce unexpected results?

In the process of trying to verify some summary index data I've noticed that timechart does not seem to return expect...

by Path Finder in

How to calculate age of a file in Splunk in a search?

Hi, Could somebody tell me a simple way to calculate age of a file in Splunk via search? Thanks Sunny

by Communicator in

Rex Question

rex "(?i)(?P<testERROR>(\:[^\:]*){2})$" output :test string 123:test test test123 I have to keep the the 2n...

by Contributor in

Splunk Search

Discussions

How to create a dashboard with one search that can produce results for both today and yesterday?

Streamstats and resetting a running total

How do I use the built-in maps in Splunk to plot the different countries in my search results and display the counts on each country?

How can I determine the regex used for an extraction in a specific event?

How to place the results of multiple unrelated searches into a table?

How to search the Percentage and Count of Total by each range of a rangemap?

How to find the average count of a field per hour per day?

Why are we seeing a "Server Error" message after each search, login attempt, etc. on our search head and indexer?

Eval difference between two fields for each entry

How to chang the color of iframe chart ?

How to find 10 most active folders by their action of uploading documents

How to get complex transactions over two fields

How to get the duration in seconds from a multiline event?

Parsing XML data from fields

How do I write the regex to properly extract all attack names from my sample Fortigate logs?

How can I search for logs from the last 24 hours in Splunk?

How to refer to a lookup CSV file I just uploaded in a search?

Why do the earliest and latest timechart functions produce unexpected results?

How to calculate age of a file in Splunk in a search?

Rex Question

Import a matrix

human readable message from template using json fi...

Read regex based data from a log file using splunk...

Configure HTTP Event collector to log client sourc...

Why isn't transaction working for me?