Splunk Search

Discussions

Thread Info

How to edit my search to display daily license usage and total license usage on a chart, with current license volume as a chart overlay?

Hi I'm struggling to find out how to add an overlay or something that will display the daily license usage for spe...

by Path Finder in

How can I use a temporary table in Splunk?

How can i use Common Table Expressions? i need to store my result in temporary table and use that result later on in ...

by Explorer in

How to edit my search to count the number of requests per IP per 30 minutes?

I need to get the count of requests per IP per 30 minutes. The stats column headers should be clientip and all the 3...

by New Member in

How to edit my search to filter out results where the HTTP Referrer contains a Blank or a Dash?

I have a search as follows: (Referrer!="*bing*" AND Referrer!="*google*") Note: Referrer is the http_referrer ...

by Explorer in

How to edit my search to plot time ranges for hosts based on start/stop events?

I'm trying to create a search that'll visualize when a network scan is being run against a particular target. To do t...

by Path Finder in

How to create dynamic columns based on calculated data?

I have transaction records that are pretty clear. OperationType=singon Client=abc IsSuccess=1 OperationType=change...

by Path Finder in

Why is search syntax highlighting not working in Splunk 6.5.2?

Our search heads syntax highlighting does not function for any of search commands. This is with search_syntax_highlig...

by Splunk Employee in

Is there a way to search for a list of strings, and for each match, put that string as the value of the same field?

Is there a way to search for a list of strings, and for each match, put that string as the value of the same field? ...

by New Member in

How to generate a search to find increment user ID attempts?

I have a set of Apache access_logs where a URL is something similar to: http://mydomain.com/user.php?userid=123 I'...

by Path Finder in

Why is searchWhenChanged="true" in simple XML not working in Splunk 6.1.3?

If you have input type text and searchWhenChanged="true" then i would think that once a user types and hits enter, th...

by Path Finder in

How to create cumulative chart separated by a field

I need to create a chart, looking like the example I added. the chart needs to show the cumulative number of tasks op...

by Contributor in

What's the best search method to remove web crawlers or bots from download logs?

A few years ago, I was given a search string to filter web crawlers/bots from showing up in our download reports. I'm...

by Communicator in

Is there a way to perform a real time search with a static start time?

Is there a way to do a real time search with a static start time? For example... Select start time of march 19 @ 9...

by Path Finder in

Is there a way to run a query only if two other search jobs finish first on the same dashboard?

Hello. I have two queries that will run and write to two files. Then my third query will read from the two files. ...

by Explorer in

Why is my TIME_FORMAT regular expression in props.conf not working for an index time extraction?

HI I am using following regular expression for the index time extraction in the props.conf. For some reason, it is no...

by Explorer in

How can I get query only the last ten files from each device regardless of time range?

I am looking at 10,000 devices and want to look at the last ten files each one has produced. Some will create 100 fil...

by New Member in

Is there any regular expression character limit on Splunk?

Is there any regex limit on Splunk? Where can I configure its limit? I have very specific regex formula and it con...

by Path Finder in

How to use rex and ltrim to extract this field in my data?

Hi, I have a field EMP, I need to remove the 0000 present before the field, is this do able? like, I'm using Rex a...

by Builder in

How to extract the field using Regex?

HI, How to extract the field "AppGUID-{9BE518E6-ECC6-35A9-88E4-87755C07200F}" from the below field ComputerName...

by Builder in

How to show AP and switch usage (Mb/s) over a 24hr period from Meraki syslogs?

I'm a total newb to both Meraki and Splunk...not sure if this is a Meraki or a Splunk question... I've been sifting t...

by New Member in

How to edit my search so the alert triggers when the count=0?

I'm looking for a query which write count=0 in the stats result when there are no events for that app and host. M...

by Explorer in

How to use if condition along with count in a where condition?

Hi All, I need help with Splunk to find the count of the events. The base criteria was I will set of events from lo...

by New Member in

How can I convert "2016-12-17T00:30:00.000+0000" to epoch time?

How can i convert 2000-12-17T00:30:00.000+0000 to epoch time? I tried using 1.) eval _time= strptime(_time,"%Y-%m...

by New Member in

How to extract a string that starts with certain words or letters?

I'd like to use rex to extract the event string that starts with certain words or letters, possibly ends with certain...

by New Member in

Tracking down Regex Errors

I have what I think should be a simple question.... how can I find in Splunk why a regex extraction failed? I bring i...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to edit my search to display daily license usage and total license usage on a chart, with current license volume as a chart overlay?

How can I use a temporary table in Splunk?

How to edit my search to count the number of requests per IP per 30 minutes?

How to edit my search to filter out results where the HTTP Referrer contains a Blank or a Dash?

How to edit my search to plot time ranges for hosts based on start/stop events?

How to create dynamic columns based on calculated data?

Why is search syntax highlighting not working in Splunk 6.5.2?

Is there a way to search for a list of strings, and for each match, put that string as the value of the same field?

How to generate a search to find increment user ID attempts?

Why is searchWhenChanged="true" in simple XML not working in Splunk 6.1.3?

How to create cumulative chart separated by a field

What's the best search method to remove web crawlers or bots from download logs?

Is there a way to perform a real time search with a static start time?

Is there a way to run a query only if two other search jobs finish first on the same dashboard?

Why is my TIME_FORMAT regular expression in props.conf not working for an index time extraction?

How can I get query only the last ten files from each device regardless of time range?

Is there any regular expression character limit on Splunk?

How to use rex and ltrim to extract this field in my data?

How to extract the field using Regex?

How to show AP and switch usage (Mb/s) over a 24hr period from Meraki syslogs?

How to edit my search so the alert triggers when the count=0?

How to use if condition along with count in a where condition?

How can I convert "2016-12-17T00:30:00.000+0000" to epoch time?

How to extract a string that starts with certain words or letters?

Tracking down Regex Errors

SplunkTrust Application Period is Officially OPEN!

Splunk Answers Content Calendar, June Edition II

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Search for triggered save searches and their actio...

Splunk Search

Are you a member of the Splunk Community?

Discussions