Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Calculate duration between events.

Hi, I have a log file with many events like below 2015-01-16 10:19:12 [APP1;STORE] Activated configuration 'Pro...

by Explorer in

Remove columns that meet a criteria

I have a query that digs through Windows perf data: index=perfjava host=blah ((sourcetype="Perfmon:CPULoad" AND in...

by Explorer in

Displaying on the map using longitude and latitude ?

Hi All, I am very new to Splunk. My task is to display the location on the map using IP address. I am able to succe...

by Explorer in

Extracting data from host field into a new field

I am trying to extract data from the host field as the name of the host gives information about the location and wher...

by New Member in

Stats Count(Eval) doesn't return expected result

I have this test search (I know the result is not all that useful, just playing with eval and trying to figure out wh...

by Engager in

Conditional Macros

Hi, I want to dynamically include macros in search depending on the eval statements. I want to acheive something l...

by Builder in

Calculate avg excluding the min and max times

Hello, I am looking for a way to calculate the avg excluding the occurrence with the timemin and timemax Here is the ...

by New Member in

RPM detection

How to detect if new rpm installed in Centos OS using Splunk. OR How should I monitor rpm -qa in Splunk.

by Explorer in

How to sort the results of a timechart top 5 clients list by client percentage?

I have the following query to generate a list of the top 5 clients by volume percentage: index=volume_hourly_summa...

by Path Finder in

extract the duration of the records

Hello, I would like to ask if I want to extract the duration of the action by each of MCN (earliest begin.action and ...

by Explorer in

Where and how to exclude one of two unique values in a timechart's by clause

I am trying to build a timechart in 24-hr increments which shows a count of hosts by version of a software package. H...

by Path Finder in

In a log with multiple date fields in different formats, how to create a custom histogram with the date of my choice?

Hi, I have an unstructured log like below. In the histogram, the events are getting confused and I suspect it's becau...

by Contributor in

How to create a report that sorts all hosts based on how much a value increases from one time period to the next?

Hi, I am new to splunk, and am trying to generate a search that calculates the change in paging space usage over a...

by Engager in

How to combine transaction search results of one sourcetype with data from another to show chain of events?

I'm working on creating a dashboard that is supposed to show a flow of events in Splunk for VPN logins and Citrix Ses...

by Motivator in

calculate percentage

Hi, I have extracted from my logs the fields in the following format : Field 1 : Possible values true and false...

by Explorer in

Search for event field that can 'potentially' contain NULL values

I have a dashboard that has input field tokens to populate a search string. These input fields default to * when no v...

by Path Finder in

Time range of timechart changed after upgrade to version 5.0.1

Hello, I have noticed a different behaviour in Splunk 5.0.1 when comparing with Splunk 4.3.x with the timechart se...

by Communicator in

How to extract tracktrace field from one search to use in another search?

I have a dashboard/form which takes two field inputs to perform a search and find an appropriate tracktrace. index=my...

by Path Finder in

how best to use inputlookup command in subsearch

Hi, I've been trying to work round an issue with a reverse lookup and think it's time to ask a question to the Spl...

by Engager in

how to add a sum in a top search?

Hello. I have this search: * app="youtube" | top limit=20 srcip by app showperc=f countfield=total of this l...

by Explorer in

Splunk Search

Discussions

Calculate duration between events.

Remove columns that meet a criteria

Displaying on the map using longitude and latitude ?

Extracting data from host field into a new field

Stats Count(Eval) doesn't return expected result

Conditional Macros

Calculate avg excluding the min and max times

RPM detection

How to sort the results of a timechart top 5 clients list by client percentage?

extract the duration of the records

Where and how to exclude one of two unique values in a timechart's by clause

In a log with multiple date fields in different formats, how to create a custom histogram with the date of my choice?

How to create a report that sorts all hosts based on how much a value increases from one time period to the next?

How to combine transaction search results of one sourcetype with data from another to show chain of events?

calculate percentage

Search for event field that can 'potentially' contain NULL values

Time range of timechart changed after upgrade to version 5.0.1

How to extract tracktrace field from one search to use in another search?

how best to use inputlookup command in subsearch

how to add a sum in a top search?

ldapfilter does not return all attributes

Observing 30 mins dip in my Splunk Graph

When there is no result filed is displays as &quot...

SPLUNK ITSI (Cloud)

Alternative to mcatalog values(_value) for Metrics