Splunk Search

Discussions

Thread Info

Calculating data with multiple transactions per order

Hi, I have the following data with the following columns, OrderNo, Transaction Start, Transaction Stop. I wrote a sea...

by Path Finder in

Merging search results into lookup file

I am having lookup file with list of Jobs to be monitored. I want to create a table with the jobs name from lookup fi...

by Contributor in

Use inputlookup to find servers not reporting

Here's the scenario: server102 has not reported data in the last 15 minutes. I want to use my inputlookup in conjunct...

by Explorer in

Nedd regex help to use part of a filepath as source type

I have a source of /var/log/opscode/desired_sourcetype/current. I need to get the part of the filename that is called...

by Builder in

How to correct timestamp parsing and field extraction of XML log?

Hi, novice splunker here. I'm having an issue in getting all the timestamps correctly parsed from the DATE and TIM...

by Explorer in

How to search a area based on a given lat/lon

Hi, I have a requirement - the user will enter a lat,lon in the filter and expects Splunk to search the "nearby 10...

by Communicator in

Change the evaluation direction of streamstats?

The streamstats last function is very close to a very important tool in my workflow; however, I would like it to eval...

by Explorer in

Splunk 6.5.0: How to access the first row from the search result in a dashboard?

Recently upgraded to Splunk 6.5.0. I am trying to access the first row from the search result in a dashboard. In vers...

by Explorer in

How to get a count of stats list that contains a specific data?

Hi all, How to get a count of stats list that contains a specific data? Data is populated using stats and list() c...

by Path Finder in

How to show non number values on y axis on a chart

I have the following search and I would like to present instead of the 40 dummy values, the actual name of the field ...

by Contributor in

Comparing the firewall ip to the inputlook which contains the blacklisted ip and need to display the count and source

Hi, I have a blacklisted inputlookup csv which contains 20000 blacklisted ip. I need to compare the inputlookup wi...

by Path Finder in

How to create a search to compare a lookup CSV file of blacklisted IPs with firewall logs?

Hi All, I have a blacklisted IP CSV file (Placed in lookup folder of search(app)). I need to compare with firewall...

by Path Finder in

How to edit my transaction search so that it will only return grouped results?

This seems like it would be easy to figure out through search but I'm coming across a dead end. I have a transaction ...

by Builder in

Top10 in percent with lookup

This is my first attempt to create a "bigger" splunk search. I tried it the last two weeks but am stuck now. Hopefull...

by Engager in

How do I pull only specific status entries from a sourcetype at a given time?

I have one source-type with column names srno for a ticket. Scenario: Ticket status gets updated per it's life cyc...

by Engager in

How to search files compressed using Snappy from virtual indexes?

Hi all, I have a few files (containing syslog events) in my Hadoop HDFS compressed using Snappy, and I configured ...

by New Member in

How to optimize my lookup search with large amounts of data?

I'm currently collecting IoCs in terms of IPs and Domain names and want to run searches towards my historical log-dat...

by New Member in

How can I calculate the term frequency for all the words in a field's values?

I am trying to calculate some term frequency on the field. The field is defined as follow. rex field=_raw "Notes : (...

by Explorer in

Updating LookUp Table Data Externally - 'Auto-magically'

I am wanting to create a process that will make it really simple and easy for my users to update their lookup table f...

by Contributor in

Is it possible to use fillnull for fieldnames with a specific pattern?

Hi, is it possible to use fillnull for fields with a specific pattern? Wildcards are not working, but I want to av...

by Motivator in

Regex extraction advice for phone numbers - Replace for multivalued fields

Hello, I am trying to extract and normalize some phone numbers that are appearing in inconsistent ways. Below I at...

by Path Finder in

Creating Server update from events and csv lookup

I am hitting a mental block in creating this query and wish to monitor our server performance so we have visibility o...

by Engager in

How to calculate min/max/avg/stdev by each line

The date are all number field, such as cluster, field_1, field_2, field_3, field_4, field_5 1 3 56 6 767 8 1 56 6 543...

by Path Finder in

How to calculate percent increase of crime by month over 6 years?

Hello, I'm new to Splunk and would appreciate any help. I am trying to figure out what month had the largest percent...

by Engager in

set earliest and latest time stamp

How to set earliest to 26th of previous month and latest to 25th of current month? if hard corded then 26th of Feb to...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Calculating data with multiple transactions per order

Merging search results into lookup file

Use inputlookup to find servers not reporting

Nedd regex help to use part of a filepath as source type

How to correct timestamp parsing and field extraction of XML log?

How to search a area based on a given lat/lon

Change the evaluation direction of streamstats?

Splunk 6.5.0: How to access the first row from the search result in a dashboard?

How to get a count of stats list that contains a specific data?

How to show non number values on y axis on a chart

Comparing the firewall ip to the inputlook which contains the blacklisted ip and need to display the count and source

How to create a search to compare a lookup CSV file of blacklisted IPs with firewall logs?

How to edit my transaction search so that it will only return grouped results?

Top10 in percent with lookup

How do I pull only specific status entries from a sourcetype at a given time?

How to search files compressed using Snappy from virtual indexes?

How to optimize my lookup search with large amounts of data?

How can I calculate the term frequency for all the words in a field's values?

Updating LookUp Table Data Externally - 'Auto-magically'

Is it possible to use fillnull for fieldnames with a specific pattern?

Regex extraction advice for phone numbers - Replace for multivalued fields

Creating Server update from events and csv lookup

How to calculate min/max/avg/stdev by each line

How to calculate percent increase of crime by month over 6 years?

set earliest and latest time stamp

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions