Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to write a search to convert some table rows as columns?

I need to convert the following source data as a specified output. Source Data Hostname Event_time ...

by New Member in

How to edit props.conf to specify a different regex for each of three sourcetypes?

Hello, I'm trying to parse three different log files with different regex. I have three different sourcetypes...

by Explorer in

How to calculate the durations between 1 start event and multiple end events?

Hello all, How do I get the time between one start event and multiple end events? Let me explain: I have one s...

by Explorer in

Since we're using the batch stanza on our forwarders, how can we manually find duplicate indexed logs?

We're using 'batch' stanza on our Splunk forwarders so they delete the log files once they've been indexed. Obviously...

by Path Finder in

Can we save the extracted fields from one Splunk instance and import them to another Splunk instance?

Can we save the extracted fields from one Splunk instance and import the same to another Splunk instance ? Please ...

by Explorer in

What's a faster search than a Nested IF statement?

I wrote this search to look at a user agent string (RTG_Browser) and identify the operating system. I plan on writing...

by SplunkTrust in

How to obtain a sum of averages

I have a data set that looks similar to the sample lines below and I'm having a difficult time finding a good way to ...

by Explorer in

Table - Row Colouring - (Splunk 6.x examples app)

I was just trying to use the same example javascript and css with different search query, but i'm not able to get the...

by Motivator in

I created a lookup and mapped to the logs, but how do I get the count of another field from a different log into my table?

index=main sourcetype=mysourcetype| stats count by X | lookup data.csv cad as X |table name, count, login | where nam...

by New Member in

Filter Based on click

We have a query which is using join condition to filter data and we have a graph resulting into three columns Fail|Su...

by Communicator in

How to set a fixed height for all tables or charts in a panel?

Hi I have the following panel that has to two different charts/visualizations. The table changes its height depend...

by Builder in

How to write regex or MV command to extract multiple values?

Hi, I have a list of Locate ID's (below) that are contained within a single event in Splunk. I am trying to create...

by Path Finder in

TLD Extraction for Report

I'm looking at creating a report that extracts suspicious TLDS over a period of time such as, as past six hours, or p...

by Explorer in

How to search for newly created OOID's and parse it with my previous search

Hey guys, So I am trying to combine an old search with a new search of mine. I basically wanted to continually fet...

by Communicator in

create table/chart like excel pivot

I need to make a chart of nested columns like we can do in excel pivot. Sample data and required view is given in ...

by Communicator in

How can I do a subsearch in group by?

Hey folks, I am really new to Splunk and this has bothered me for several days. I have following data by a query: ...

by New Member in

Splunk break a saved search report if a field value contains a colon. Do I need to escape the colon and how?

Splunk breaks saved search report if the field value contains a colon. My source record is below. [2015-07-29 12:4...

by New Member in

How to table list of values from lookup NOT found in Splunk?

I have a lookup that lists x number of values. I would like to be able to discover how many of those aren't actually ...

by SplunkTrust in

How do I automate the indexing and field extraction process?

Good morning, For the past few days, I have been putting log files through an indexer and extracted some fields ma...

by Explorer in

Sort field based on sorted field

Hello, I'm trying to get out a table that sorts connections by network type, and then for each connection displays th...

by Communicator in

Splunk Search

Discussions

How to write a search to convert some table rows as columns?

How to edit props.conf to specify a different regex for each of three sourcetypes?

How to calculate the durations between 1 start event and multiple end events?

Since we're using the batch stanza on our forwarders, how can we manually find duplicate indexed logs?

Can we save the extracted fields from one Splunk instance and import them to another Splunk instance?

What's a faster search than a Nested IF statement?

How to obtain a sum of averages

Table - Row Colouring - (Splunk 6.x examples app)

I created a lookup and mapped to the logs, but how do I get the count of another field from a different log into my table?

Filter Based on click

How to set a fixed height for all tables or charts in a panel?

How to write regex or MV command to extract multiple values?

TLD Extraction for Report

How to search for newly created OOID's and parse it with my previous search

create table/chart like excel pivot

How can I do a subsearch in group by?

Splunk break a saved search report if a field value contains a colon. Do I need to escape the colon and how?

How to table list of values from lookup NOT found in Splunk?

How do I automate the indexing and field extraction process?

Sort field based on sorted field

Splunk is not able to idetnify transforms.conf loo...

Tstats with Sparkline limiting values

Query Duo security for disabled, non-authenicated ...

Changes to user or group privileges

Outlier detection