Splunk Search

Ask a Question

Discussions

Thread Info

Could not use strptime to parse timestamp

Hi all, I'm adding detail files from FreeRadius, which looks like following: Wed May 2 10:28:04 2012 NAS-IP-Add...

by Communicator in

How to a create a table search for my data?

i have fields key and value field "key" contains values sessionID txnID eventSeverity msgT...

by Communicator in

How to generate a search to find persistent connections between client workstations to the internet?

I have squid proxy log that I want to mine for persistent connections from my client workstations to the internet (ie...

by Explorer in

How to use eval to sum a large set of fields with field name matching a pattern?

I have several fields like this: types.events.1 types.events.2 types.events.3 etc I can use eval to sum them li...

by Path Finder in

How can you restrict a role or user from creating field extractions?

How do you restrict a role from creating field extractions? There's event actions drop down for search results where ...

by Path Finder in

use a subsearch to define earliest and latest for main search

I want to use a sub search to find events, then use the time as a boundary for the main search. In my case, I search ...

by Splunk Employee in

Unable to get graph from csv data input.

I must have this data to be converted to graph. I have attached the csv. Is it possible? When I try this it gives be ...

by New Member in

Give complete log output on search

When I do a search, the search results only show the lines of the logs that are matching my query. Is it possible to ...

by New Member in

How do I include time range fields, Cron Schedule, and Alert Condition in my search to validate my Splunk Alert?

Hello Everyone , We need to validate our teams Splunk Alerts are correct. And that the Alert conditions threshol...

by Explorer in

Is it possible to group events by date range within 1 second?

Sorry if this was a question asked before but i couldn't seem to find it. I am trying to do a group by on _time so th...

by Engager in

How to edit my search to convert a string to date format?

hello! i have this date: 20150225123000998 I want this format date : 25/02/2015 12:30:00 998 (not important) ...

by New Member in

How to use the time input field to calculate time as seconds?

Hi, In my form, I have labeled my time input as field3 such as: input type="time" token="field3" searchWhe...

by New Member in

How to remove values of 0 from my search results?

I have a search that calculates a time duration for windows events logon and logout. ....| eval duration=tostrin...

by Contributor in

How do i get Unique events for my search keyword

I am getting so many results for a single search keyword.how do i make a unique single result for that search keyword...

by Motivator in

Identify searches that take long time in a SH Cluster.

Is there a way to find out which query i staking long time and consuming more CPU and memeory utilisation via a splun...

by Contributor in

index=_audit contents?

Could someone please tell me what these following fields in the audit index refer to? OR please guide me to the right...

by Communicator in

How to find an active user session on different machines at the same time?

Hello Splunkers. Using the wineventlog I can tell when a user logged on and off based on EventCodes 4624 and 4634 ...

by Communicator in

Null Search Swapper

Hello, When using the "Null Search Swapper" functionality with code like the one we can find in the "Splunk 6.x Da...

by Engager in

How can I report on only current data in a file being refreshed every minute?

A file is being referenced, that is updated every minute. I would like to report on data that only exists in that fil...

by Path Finder in

Is there a way to copy a field and not rename it?

I need to display _time field1 field1 where field 1 and field 1 are the same, however if you try to do this it wont d...

by Influencer in

how much data coming to an index

hi, Is there any way we couldn't find out how much data coming to an particular index ?

by Path Finder in

Keeping long events together

I've got a log of rails requests which are mostly parsed correctly. Almost every request seems to be a single event w...

by New Member in

streamstats event question

Hi I amb calculating the averge between two consecutive events using streamstats, the question is that I have to do i...

by Path Finder in

Any regex masters out there?

Working on a regex for a script log. Need to pull out user: User accounts for \\ ---------------------------------...

by Builder in

Can I count multi-value fields?

My event(NOT table): _time,id,eth_src,eth_dst 090000,1,u,v 090001,1,w,x 090002,1,y,z 090003,2,u,v 090004,2,w,x 090...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Could not use strptime to parse timestamp

How to a create a table search for my data?

How to generate a search to find persistent connections between client workstations to the internet?

How to use eval to sum a large set of fields with field name matching a pattern?

How can you restrict a role or user from creating field extractions?

use a subsearch to define earliest and latest for main search

Unable to get graph from csv data input.

Give complete log output on search

How do I include time range fields, Cron Schedule, and Alert Condition in my search to validate my Splunk Alert?

Is it possible to group events by date range within 1 second?

How to edit my search to convert a string to date format?

How to use the time input field to calculate time as seconds?

How to remove values of 0 from my search results?

How do i get Unique events for my search keyword

Identify searches that take long time in a SH Cluster.

index=_audit contents?

How to find an active user session on different machines at the same time?

Null Search Swapper

How can I report on only current data in a file being refreshed every minute?

Is there a way to copy a field and not rename it?

how much data coming to an index

Keeping long events together

streamstats event question

Any regex masters out there?

Can I count multi-value fields?

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Wrapping Up Cybersecurity Awareness Month

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions