Splunk Search

Discussions

Thread Info

How can I filter the top / head values by a summed field (e.g. day)?

I have a search that returns the number of 'views' of a product by day using a 'search xyz |bucket time span=1d |stat...

by Path Finder in

Add a field that includes the length of the field values

I am using eval foo = mvcount(split(field,"")) to count the number of characters in a field at search time. Is there ...

by Communicator in

Regex for extracting ip port and interface

In my log data I get lines that look like this: dst=10.0.59.59:80:X1 dst=255.255.255.255:67:X0 dst=10.0.59.59:9060:X1...

by Communicator in

How to find the last regex match for a multi-valued field in a transaction

We're finding that when large files are downloaded from the Internet, the application whitelisting client reports a "...

by Builder in

Not displaying key with no value

I am writing to ask a question, which is probably an easy one. I am curious, how would you search for all occurances ...

by Engager in

How to list all the events from a transaction in a tabular format with specific fields

Hi, we want to output only certain fields from a transaction in a tabular format. For example, we want only uri, s...

by Contributor in

Set field records & IF Statements

When I search my results I want it to update the field accordingly. For example in my case when i search my Audit ...

by New Member in

Custom Condition in Alert Assistance

Hi, every night my server team brings down specific groups of servers and performs maintenance on them. Sometime late...

by Explorer in

simple correlation

Hi, Basically, I'm trying to correlate 2 datasources with 2 fields. For example, I have datasource1 and datasource2 t...

by Explorer in

Find earliest events by category

I'd like to select the earliest events broken down by category. i.e. I would like to see something like this: e...

by Path Finder in

How to correlate two different sourcetypes.

I have two sourcetypes src_type_data and src_type_scale. src_type_data contains two fields -----------------...

by Path Finder in

search lookup table for value

so I can grep the look-up table to find an entry I can see the contents of the look-up table by doing this | input...

by Motivator in

Ratio between two distinct counts on timechart

Hey, was here yesterday, made minor improvements... I have a set of data where each message sent corresponds to an...

by Explorer in

Avg Counts in the Last Month

hey all, im working on a network overview dashboard. what i currently have is a saved search showing the last 7 days ...

by Path Finder in

Search Very Large Data set

I need to search my firewall logs for the past year and find unique source names I can do this search index=firewa...

by Motivator in

Join time selector based on event of main search

Is it possible to do a search with a join and the events from the join search be relative to the time of the events o...

by Communicator in

Sort the legend's display from chart

Hi everyone! I would like to display several areas (stacked) or columns in a specific order. Here is my charting c...

by Explorer in

Newbie to Splunk - Feild Extraction

I'm new to the Splunk Search and trying to learn it. I am not from Scripting BG so need help here. I have extraction ...

by New Member in

Search performance and optimization

when I search with below query sourcetype=my_log UUID="3fc5e6c2-57b4-4e59-a3c0-8115f5ec74a1" search result wi...

by Builder in

How to calculate rate of change over time for an variable

I have an input value that changes steadily (at constant rate, either increasing or decreasing), and Splunk is captur...

by Explorer in

Splunk Search

Discussions

How can I filter the top / head values by a summed field (e.g. day)?

Add a field that includes the length of the field values

Regex for extracting ip port and interface

How to find the last regex match for a multi-valued field in a transaction

Not displaying key with no value

How to list all the events from a transaction in a tabular format with specific fields

Set field records & IF Statements

Custom Condition in Alert Assistance

simple correlation

Find earliest events by category

How to correlate two different sourcetypes.

search lookup table for value

Ratio between two distinct counts on timechart

Avg Counts in the Last Month

Search Very Large Data set

Join time selector based on event of main search

Sort the legend's display from chart

Newbie to Splunk - Feild Extraction

Search performance and optimization

How to calculate rate of change over time for an variable

how to calculate Uptime

Changing the background of Single Value Viz. with ...

How to color code a field value based on the newly...

How to get n-1, n-2, n-3 ... records where n is t...

Regex in Playbook