Splunk Search

Discussions

Thread Info

Calculating percentiles and including "missing" data

I have a set of events that look something like the following: Machine: A, File: Foo, SizeMB: 10 Machine: A, File...

by Path Finder in

Predict values by end of current month

Hi, I am trying to predict earnings by end of month (our KPI) based on historical data. I tried this event=Payment | ...

by Path Finder in

if count of rows equal to 3 show only head 1 else show all rows

How to write a simple query at the end of my search query to populate table of my dashboard saying : If count of rows...

by Communicator in

Sum if formula for daily, hourly, and monthly rates

I have some financial data in three separate fields for daily, hourly & monthly rates. The monthly field always take...

by Explorer in

[Search] Avg failed logins by user per day

sourcetype=linux_secure |rex "\w{3}\s\d{1,2}\s\d{2}:\d{2}:\d{2}\s\S+\s(?<session>gdm-\w+)\S:\s"| search session=gdm-p...

by Builder in

Using the results from one search as a field to use in another search

Hello all, I am trying to combine two different searches to correlate with one another. The first search is: ...

by Path Finder in

sort first 5 rows alphabetically then get total count then next 6 rows alphabetically and get the total

i have 11 rows as output of my search query.Which looks like below Example field1 field2 co 10 im 10 ae 10 be 10 iapp...

by Communicator in

Regex crash course?

Can anyone recommend a good regex crash course article so I can learn how to write my (simple) whitelists and blackli...

by Path Finder in

Creating a SubHeading in Splunk

Hi, How do I go about creating a subheading in splunk. My table is in the following format: Date1 ...

by Path Finder in

Search query to get amount of compressed data hitting in the Indexer.

Hello, Is there any serach query that return amount of compressed data hitting to the indexer before it get uncomp...

by Motivator in

Help! How to create a drilldown table.

Hi All, Could you help me on creating a drilldown table that will list all the ticket number based on the value of...

by Engager in

How to send events in JSON format to NullQueue?

Hello, We are puling JSON data from cloud, can I trim out the events with EventId=5156 and 5158 from the events wi...

by Builder in

Issue when joining results of large tstats queries over time.

Hello everyone, I am currently struggling with Splunk limitations when it comes to joining two queries handling ve...

by New Member in

Is there any command to check app deployed status on the deployer? (like we can use "show cluster-bundle-status")

When we try to deploy an app from deployer, the only one message after we "apply shcluster-bundle" is Bundle has bee...

by New Member in

Multi-Site Cluster: What would I configure for replication and search factor with 1 peer at each site?

Hi all, Am planning a multi-site (2 datacenters) installation of Splunk Enterprise v6.1.3. It will include Enterpr...

by Communicator in

Manipulating eval and stats to get desired results

Hi guys, I'm trying to search our Qualys vulnerability data to the average cvss score for all vulnerabilities wit...

by Communicator in

Automatic lookup and metrics index

Hello, I configured an automatic lookup table to be active on a metrics index via Splunk Web (I do not have access...

by Explorer in

Can multiple IF statements be used

I am creating a report off of logs files. In this report I am looking to list out the number of times particular acti...

by New Member in

Field-extraction on a JSON message with multiple delimiters?

I have this: {"date": null, "facility": -1, "host": null, "level": -1, "message": "2017-11-13T03:45:00+0000 monSta...

by Explorer in

How do you use a AND statement in a IF statement?

I am looking through log files and building a report that will give a list of usage based off those logs. Currently I...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Calculating percentiles and including "missing" data

Predict values by end of current month

if count of rows equal to 3 show only head 1 else show all rows

Sum if formula for daily, hourly, and monthly rates

[Search] Avg failed logins by user per day

Using the results from one search as a field to use in another search

sort first 5 rows alphabetically then get total count then next 6 rows alphabetically and get the total

Regex crash course?

Creating a SubHeading in Splunk

Search query to get amount of compressed data hitting in the Indexer.

Help! How to create a drilldown table.

How to send events in JSON format to NullQueue?

Issue when joining results of large tstats queries over time.

Is there any command to check app deployed status on the deployer? (like we can use "show cluster-bundle-status")

Multi-Site Cluster: What would I configure for replication and search factor with 1 peer at each site?

Manipulating eval and stats to get desired results

Automatic lookup and metrics index

Can multiple IF statements be used

Field-extraction on a JSON message with multiple delimiters?

How do you use a AND statement in a IF statement?

Tech Talk | One Log to Rule Them All

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

How to search multiple strings from lookup and pro...

Help on tstats search?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?

How to configure alert when a service is in failed...