Splunk Search

Ask a Question

Discussions

Thread Info

Another regex

Hi, I have this data 10.210.192.15 - - [02/Oct/2017:19:59:59 -0400] "GET /rest/icontrol/sites/278318/eventsByDa...

by Motivator in

How can I extract fields as an array?

Dear friends, I have one event in my log file that my user want to extract fields as an array. The event is: Re...

by Path Finder in

Historic average of last 30 days

I have a type of event that happens about 20 times a day. Each event carry a numeric value. Meaning is found in the s...

by New Member in

Need help on predict command usage in graph

I have a trend graph that shows some data then its predicting out that data a couple days forward. However, The predi...

by Communicator in

Comparing results from three separate events

Forgive my ignorance if this has been answered elsewhere, I did my best to search for an answer but have not found it...

by Engager in

How do I get the outer values in a transaction that has repeated startswith endswith parameters?

Hi there, I've been trying to solve an issue I have when using transactions. Here's an example of the logs I am wo...

by Explorer in

comparing min, max and avg of a field by host and application

Hi All, I have been working on a search query but couldn't able to get desired results. I'm looking for a sea...

by Path Finder in

Can we use same property names (say "[setnull]","[setparsing]") defining the event data filtering criteria , in two different apps (having different filtering criteria) residing on same server ?

I have two clustered environments consisting of 3 SH,3 Indexers and 1 HWF each running on Splunk 6.4.1.I need to filt...

by Path Finder in

How to collect performance statistics about search-time field extractions?

I'm trying to collect performance information about search-time field extractions happening on different search-peers...

by New Member in

Splunk CLI remote search parse _raw into fields

I am using a locally installed Splunk instance to perform a remote search using the CLI. splunk search "index=sand...

by Engager in

How to get a calculated column in a table

Hi Splunk Experts, I need to create a report to display the table record count difference between two databases durin...

by Explorer in

how to transpose 2 column

......||addcoltotals | table * | reverse | head 1 1_Ausgust_R, 2_Ausgust_R ,1_Ausgust_L,2_Ausgust_L 26 30 15 27 w...

by New Member in

How to combine multiple separate fields into one for graphing purposes

2017-09-12 12:31:11.817 INFO [RunMaster] stats: jif: 1, fif: 9, fim: 192, f2c: 183 paper: pc: 9129, uwr: n/a, rwr: n...

by New Member in

Drilldown: Use starttime of bar in timechart as `earliest` field in subsequent search

After spending hours unsuccessfully searching the splunk answers for a solution I would like to phrase my question: ...

by Path Finder in

JOIN should return multiple rows. How make final results show that data?

My driver file has one row per key. The subsearch file can contain multiple rows for each key. I need my result set r...

by New Member in

How to compute the value of 2 different complex queries

Ok, so I want to see the ratio between "interview.completed" and "interview.started", but filtering each event by uni...

by New Member in

Can I filter a table based on cluster number or subsearch dynamically?

I have a table of data that is clustered via KMeans, I am trying to filter down to only display the other items in a ...

by Explorer in

Return information when there are no expected results.

This search checks to make sure a certain process ended on time. I expect to have results for the 6 cases in the wher...

by Path Finder in

Help with forming a table with sourcename next to the first column for each row?

Hi, I'm searching multiple sources in a single index and getting the results as a table. I want to display the sou...

by New Member in

Need help with regex in props.conf

Hi all, Here is how my raw logs look. I need help with props.conf so that I can index by the second time field in...

by Path Finder in

SSL error on non-SSL forwarder connection

We're trying to add a new Forwarder (6.6.1) to our indexer (non-SSL connection), we're able to connect to the forward...

by Path Finder in

Not extracting all Full GC events

Could not be able to pull all the Full GC events. Is there any tweak requires in the regex? | makeresults | eval ...

by Path Finder in

Help with stats table output

I have a dataset that can be represented as below: Region=A State=1 City=a Product=Apple Region=A State=1 City=b P...

by Path Finder in

How do I set conditions for calculating the duration of an event such that the end time is based on the way a user ends their session?

Hi all, I am trying to extract usage duration patterns for our web app, from login to either logout, or when the u...

by Explorer in

How to rex out and substitute it with *

I would like to substitute below kind of email address with * Original :- john.trava@gmail.com Expected:- Jo*.*...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Another regex

How can I extract fields as an array?

Historic average of last 30 days

Need help on predict command usage in graph

Comparing results from three separate events

How do I get the outer values in a transaction that has repeated startswith endswith parameters?

comparing min, max and avg of a field by host and application

Can we use same property names (say "[setnull]","[setparsing]") defining the event data filtering criteria , in two different apps (having different filtering criteria) residing on same server ?

How to collect performance statistics about search-time field extractions?

Splunk CLI remote search parse _raw into fields

How to get a calculated column in a table

how to transpose 2 column

How to combine multiple separate fields into one for graphing purposes

Drilldown: Use starttime of bar in timechart as `earliest` field in subsequent search

JOIN should return multiple rows. How make final results show that data?

How to compute the value of 2 different complex queries

Can I filter a table based on cluster number or subsearch dynamically?

Return information when there are no expected results.

Help with forming a table with sourcename next to the first column for each row?

Need help with regex in props.conf

SSL error on non-SSL forwarder connection

Not extracting all Full GC events

Help with stats table output

How do I set conditions for calculating the duration of an event such that the end time is based on the way a user ends their session?

How to rex out and substitute it with *

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions