Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How can i display all the values for my Field ?

Hi.. I have created a Field "Questions" in my Splunk Query.When i am using like this.. *myseach | top Questions...

by Motivator in

How to generate a table that will validate when there is at least one event per day over a time span

I want a table that is formatted like... Monday, yes Tuesday, no Where the yes/no column is based on if that pa...

by Explorer in

How to edit my search to measure appendcols results by minutes or greater?

Hi all, Looking to measure cache hit rate percentage of a source/sources, listing time, source, cache hit, total h...

by Engager in

What is the best way to produce a frequency table for user access over extended time?

I have been asked to determine the logon frequency for a certain group of users (about 50) over a two month time span...

by Builder in

How to generate a malware search to find users with packets sent out every 1, 3, or 5 minutes for the last 24 hours?

I'd like to find users with activity in every 1/3/5 minute bucket in the last 24 hours as the indication of possible ...

by New Member in

How to perform search over the values of each field that are returned by first query in the second query ?

HI All, I have two index 1. index=index_app_csv 2. index=index_app_json My requirement is to retrieve the value...

by Explorer in

How do I skip a word extracted by the regular expression generated using the Field Extractor?

I'm so desperate! how do I skip a value from the regular expressions? For example in these lines. I don't want to ...

by Path Finder in

Search query to retrive host upon selection

Hi, I have 2 versions with multiple hosts containing dev and stg environment version1 is 7.2 with host1, host2,......

by Path Finder in

How to find HTTP error code count with percentage for individual application based on time

Hi, i am trying to find each application individual http error codes total count with percentage here is the query...

by Communicator in

How to configure setting the host field during index time?

we're trying to set the host fields by extracting the name from the events, but it doesn't seem to work and would app...

by Contributor in

How to edit my search to create a table with multiple lines per single event

Hi, having JSON formatted events there are parts of the event with the same key like: events: [ [-] ...

by Explorer in

calculate hours difference between times

I want to calculate the hours difference between two times, I am using the below search command but its not working, ...

by New Member in

How to get an output for two different searches using join?

Hi , Search 1: index="sftp" USER=gradydftsftpdata | table USER, SESSION_ID,USER_IP,date_hour | dedup SESSION_ID...

by New Member in

How to edit my search to display my results in a trendline?

I'm trying to graph this same type of trendline (2nd Screenshot) in Splunk with daily results from 12pm-12pm. I'm usi...

by Explorer in

dynamic earliest time SPLUNK Query

We have to implement following scenerio in splunk. We are indexing a log "extractA" with _time as settlement day w...

by New Member in

how to search for index time extracted fields added to metadata

I need only fields that are extracted during index_time which are added to _meta. How to search for them so that sear...

by Contributor in

I have duplicate entries in a CSV file. How to write a search that extracts the FIRST entry?

Hi, I have a CSV file that looks like this Date,Version 01-24-2017 12:09:26,7_3_10_000500_3851898 01-25-2017 12...

by Motivator in

Stats not returning zero counts

index=xxx |bucket _time span=3m |stats count by _time host IP We are using the above stats command to get count inste...

by Contributor in

Splunk query to filter results

I have some code deployed on 1 out of my 6 servers. I need a splunk query that pulls data from the other 5 hosts. Som...

by Explorer in

How to combine the results of searches from two CSV files?

Hi All, I am new to Splunk world, Please help me to explore. I have two CSV files let's say table_1.csv with f...

by Explorer in

Splunk Search

Discussions

How can i display all the values for my Field ?

How to generate a table that will validate when there is at least one event per day over a time span

How to edit my search to measure appendcols results by minutes or greater?

What is the best way to produce a frequency table for user access over extended time?

How to generate a malware search to find users with packets sent out every 1, 3, or 5 minutes for the last 24 hours?

How to perform search over the values of each field that are returned by first query in the second query ?

How do I skip a word extracted by the regular expression generated using the Field Extractor?

Search query to retrive host upon selection

How to find HTTP error code count with percentage for individual application based on time

How to configure setting the host field during index time?

How to edit my search to create a table with multiple lines per single event

calculate hours difference between times

How to get an output for two different searches using join?

How to edit my search to display my results in a trendline?

dynamic earliest time SPLUNK Query

how to search for index time extracted fields added to metadata

I have duplicate entries in a CSV file. How to write a search that extracts the FIRST entry?

Stats not returning zero counts

Splunk query to filter results

How to combine the results of searches from two CSV files?

Count multiple fields in histogram

How to achieve readable date format for scatter pl...

How to change the date format of the Date Picker i...

Maximun disk usage quota- Why are alerts not sendi...

SC4S: version 2 filter events not working