Splunk Search

Discussions

Thread Info

How many people login with the same IP in the same hour using stats?

Hi, I have a problem with "stats count by" command. I have login, ip and hour. I want to know how many people have...

by Engager in

Adding a column to a daily stats chart that adds up multiple fields

I have a simple stats chart that shows a daily total with 6 fields. I would like to add a column that adds 3 of those...

by Path Finder in

How to search and table IP addresses to see which ones are active?

Hello, I am trying to do a complex search for almost 500 IP addresses to see which ones are active. My query looks li...

by Explorer in

Problem with fields extractions using configuration files

Hello, I'm creating an add-on that sets a data source and fields extractions. First, I modify inputs.conf to set ...

by Explorer in

Use field result from one search to perform another search?

So I've searched the Splunk answers over and over, and read up on subsearches, but I must not be getting something qu...

by Path Finder in

Timechart count with split-by not adding up

I have 191 events logged for a specific day. When I do a timechart span=1d count I get count of 191...

by Explorer in

Share a search for multiple widgets in a Dashboard

Hi. I want to create a Dashboard containing several widgets that mainly, are views of the same set of information ...

by Engager in

avg value of a field based on the range of another field

Logs : Size ExecValue 3 400 4 200 13 150 2 300 Output: Size avg(ExecValue) ...

by Engager in

Lookup limits

We have a CSV table from where we perform lookups. The CSV file has nearly 50000 rows. When I run the lookup query, r...

by Communicator in

Chart element majorTickVisibility value has no effect

Trying to customize line's chart 'extras' display and cannot get rid off major/minor ticks. Documentation states t...

by Path Finder in

Delta of overflowing counter for Bandwidth measurement

Hey there, today seems for me like the morning of many questions. So I have an other problem: I want to measu...

by Path Finder in

Multiple values into seperate timewrap charts

I'd like to pass multiple performance counters into the timewrap app so that it produces multiple graphs for analysis...

by Explorer in

Give result of different field if first field matches

I have a search that I want to do. If the search comes back true, then I want to take the srcIP and search in a diffe...

by Explorer in

how to use a field as timestamp for a timechart

Hello I have events similar to: 2014-07-16 9:40:20 msg="hello" time="2014-07-16 9:40:20" 2014-07-16 10:45:20 ms...

by Path Finder in

Is it possible to use saved searches to exclude results in another search?

Is it possible to use saved searches to exclude results in another search? Something like : Error NOT IN saved...

by Engager in

Why isn't syslog data being indexed by Splunk configured to listen through UDP port?

Hello, I've written a script in python that forwards Syslog to a remote server. For testing, it's just my second l...

by Explorer in

Date / time format (regex help)

Hello, My log files looks like this : "1","I","R","140406 233102","E","0","1341874",[...] I want Splunk to ...

by Explorer in

Adding a title to a chart in the 6.1.2 search module

Just upgraded from 5.0.2 to 6.1.2. Wow, what a difference. There no longer seems to be a way to add a title to a ...

by Contributor in

Query help with search using sum(count) and 2 subsearches using count

I have a query that combines 1 search and 2 sub-searches. The main search is a summary index and sum(count) in the ti...

by Contributor in

Percentage of total user count by time

I am trying to display the time chart of percentage of users who get the error. tag=SomeTagHere | eventstats dc(us...

by Path Finder in

Splunk Search

Discussions

How many people login with the same IP in the same hour using stats?

Adding a column to a daily stats chart that adds up multiple fields

How to search and table IP addresses to see which ones are active?

Problem with fields extractions using configuration files

Use field result from one search to perform another search?

Timechart count with split-by not adding up

Share a search for multiple widgets in a Dashboard

avg value of a field based on the range of another field

Lookup limits

Chart element majorTickVisibility value has no effect

Delta of overflowing counter for Bandwidth measurement

Multiple values into seperate timewrap charts

Give result of different field if first field matches

how to use a field as timestamp for a timechart

Is it possible to use saved searches to exclude results in another search?

Why isn't syslog data being indexed by Splunk configured to listen through UDP port?

Date / time format (regex help)

Adding a title to a chart in the 6.1.2 search module

Query help with search using sum(count) and 2 subsearches using count

Percentage of total user count by time

Delemma when searching Apps a particular TA i...

Map, Join or ... ??

Add a link to another dashboard in the NEW dashboa...

Create a Timechart to compare values from computa...

Add field to an Automatic Lookup