Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How do I use a regular expression to extract all 22 entries of a Message field in a multiline JSON data?

How do I use a regular expression to extract all 22 entries of Message field with left boundry = "Messages": [ ri...

by Path Finder in

append search to different sources

Hi, I want to combine to searches: index=bla | stats count(al_responsecode) as "Total per responseCode al" by a...

by Path Finder in

Trying to get a range of dates right based on a last Saturday of the month

hi there, the 1st and 3rd statement is wrong and the 2nd might be correct. Here is what I am trying to do: Current...

by Communicator in

How to write a search to find out the average dashboard runtime?

hi there, i would like to write a search to find out dashboard runtime. index=_internal source=*splunkd_ui_acc...

by Explorer in

I need a single value after dividing 2 results which we obtain as a result of stats dc. As of now, I see 3 values.

The query I use is- sourcetype=iis URL_root=abc "https://www.abc.com"|stats dc(SessionId) as TotalVisits, dc(useri...

by Path Finder in

How to plot a bar graph based on date in a csv file?

Hi All, I am new to the Splunk world and pls help me to explore. I have a product.csv files which contains 6 field...

by Explorer in

Is my (big) csv lookup file indexed in memory by Splunk?

Hi, I have a quite big csv file (~20Mb) and I changed the max_memtable_bytes to 100Mb in my limits.conf file. My sear...

by Communicator in

Split multiline value field into separate lines

I have a field which have multilines, how to split this field delimited by timestamp into separate lines 2017/02/0...

by Contributor in

How do I get the mid point of the specified time range?

I have a query where I need to break up the provided time range into 2 period so I can see the delta between the peri...

by Explorer in

Are there any examples of an actual use case of dispatch.data_format for fields earliest time and latest time?

Hi, I am looking for any sample code in any language/script that shows an actual use case of dispatch.data_format ...

by New Member in

Get Distinct Count of Success & Total based on UserID

I'm trying to make one search that will accomplish the following: Total Login Attempts: DC(USERID) WHERE ACTIVITY ...

by Engager in

How to get List of realtime searches and the macro/savedSearch that runs on it

I am new to splunk... How to get List of realtime searches and the macro/savedSearch that runs on it? Is there any sp...

by Builder in

How to group events by a common directory prefix

I want to group events describing backup job status with other events describing the volumes being backed up. The dat...

by Explorer in

How to remove all numbers at the beginning of all values for a field?

Hi I have a search with a field called "Apps". I would like to be able to remove the leading numeric values. I wo...

by Engager in

Optomise large search string

We are using Splunk to alert when we see specific events in our logs. There are hundreds of different log events we m...

by Communicator in

Extract the 2nd event time in a transaction

When using transaction, SPLUNK always use _time of the 1st event I need to extract the time of the second event in a...

by Engager in

CIDR in a lookup table - no access to transforms.conf?

I know it's possible to put CIDR ip ranges in a lookup table. However, my question is, what if I do not have access t...

by Explorer in

How to build a timechart that shows overall (n+1) capacity and per site visibility?

I'm attempting to develop a chart for one of my engineering teams that shows peak utilization across multiple sites o...

by Communicator in

Why would a bucket/bin be set to a one day span on the License Master?

Looking at the Daily License Usage panel on the "Previous 30 Days" tab under Licensing, I see that the base search is...

by Contributor in

export results to csv

What's the easiest way to export Splunk search results to a CSV file that I can open in Excel?

by Contributor in

Splunk Search

Discussions

How do I use a regular expression to extract all 22 entries of a Message field in a multiline JSON data?

append search to different sources

Trying to get a range of dates right based on a last Saturday of the month

How to write a search to find out the average dashboard runtime?

I need a single value after dividing 2 results which we obtain as a result of stats dc. As of now, I see 3 values.

How to plot a bar graph based on date in a csv file?

Is my (big) csv lookup file indexed in memory by Splunk?

Split multiline value field into separate lines

How do I get the mid point of the specified time range?

Are there any examples of an actual use case of dispatch.data_format for fields earliest time and latest time?

Get Distinct Count of Success & Total based on UserID

How to get List of realtime searches and the macro/savedSearch that runs on it

How to group events by a common directory prefix

How to remove all numbers at the beginning of all values for a field?

Optomise large search string

Extract the 2nd event time in a transaction

CIDR in a lookup table - no access to transforms.conf?

How to build a timechart that shows overall (n+1) capacity and per site visibility?

Why would a bucket/bin be set to a one day span on the License Master?

export results to csv

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >

stats, eventstats,streamstats which one return max...

contains on lookup table

Splunk Error Message related to datamodel search

Null value for Country when using iplocation

Splunk for analyzing Logs - looking for Big time g...

Splunk Search

Discussions

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20. Learn More or Register Now >

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >