Splunk Search

Discussions

Thread Info

How to remove a carriage return from a field

I have outputted events in csv format, and have a field which has carriage returns in it. How can use regex to remove...

by Explorer in

CSV lookups failing

Hi, We have a CSV file containing names and ids. Same name can be present for multiple ids. Name Id A 1 B ...

by Influencer in

If SPLUNK provides UNIQUE ID to every event indexed?

Hi Splunk base users, Do you think it will be a good idea if splunk provides a UNIQUE id to find an event like a p...

by Contributor in

Time over Time comparison

Is there a way to search over a set of data from lets say a month ago and then lay it on top of the same set of data ...

by Communicator in

getting a mean of all search time and sum of a single time

Hey all, So the following seems to be a problem correctly piping stats stuff. Right now mean and sum will always b...

by Contributor in

Calculated fields in an eval statement

Good Morning! I am trying to build calculated fields that will create a wireless roamer cost report. The report is ba...

by New Member in

X-axis of chart skips over values.

Hi, after a search I have a table like this: row VAL count 1 0 169 2 1 3 3 4 4 4 9 1 5 10 1...

by Engager in

Getting average times for user defined categories

stats count as #PlanOpen, count(eval(NumRows < 50)) as SmallPlans , count(eval(NumRows>=50 AND NumRows <200)) as Me...

by Contributor in

Help on Transaction command!!

Hi All, I want count of word "ERROR" in the group of events for which i have used transaction command! my search q...

by Path Finder in

transaction question

I use the code below, and it works.. sourcetype="splunkpagerequest" | transaction session_id maxspan=3s and I w...

by Explorer in

timechart problem..

When I put "sourcetype="splunkmemberinfo2" | timechart count" on SEARCH, the result shows monthly result. (Log is ...

by Explorer in

Killing a search

I got this message after running a few searches: "The maximum number of historical concurrent system-wide searches ha...

by New Member in

user defined search time in a dashboard

I'm busy designing dashboards. I really like the ability to specify the time window which appears in the search app. ...

by Communicator in

Count of a large number of events by punct by minute

So the intent is to have a field that returns the time stamp of a large number of similar events (same punct field) i...

by Contributor in

Appendcols Invalid Timestamp of Subsearch

Hello, i have two searches: Search 1: something | timechart max(xyz) Search 2: something | timechart count by ...

by Communicator in

Where is XML

I have a view I want to edit for customization. The URL is below, but I cannot find the xml on the server. localho...

by Path Finder in

Calculating with the result of stats count.

Hi Base, I tried to calculate a ratio of the occurrence of a value in a field. F.e. the field is Rvals and the val...

by Path Finder in

How to display message related to particular fields?

page="MIR" postid="2824567904373133_10151428930538134" message="Foot stools from MI..." time="2013-01-21" likes="188"...

by New Member in

Regex to ignore [\r][\n]

Hi there, I have been trying to remove the below line which is a big part of one of the logs. Been trying with man...

by Path Finder in

Timechartの結果に閾値を設定したい

*nixを使用していると、vmstatの結果を収集できます。この結果から、例えばloadavgが継続的に2以上の時にアラートを出すということをしてみたいのですが、可能なんでしょうか？ sourcetype="vmstat...

by New Member in

Splunk Search

Discussions

How to remove a carriage return from a field

CSV lookups failing

If SPLUNK provides UNIQUE ID to every event indexed?

Time over Time comparison

getting a mean of all search time and sum of a single time

Calculated fields in an eval statement

X-axis of chart skips over values.

Getting average times for user defined categories

Help on Transaction command!!

transaction question

timechart problem..

Killing a search

user defined search time in a dashboard

Count of a large number of events by punct by minute

Appendcols Invalid Timestamp of Subsearch

Where is XML

Calculating with the result of stats count.

How to display message related to particular fields?

Regex to ignore [\r][\n]

Timechartの結果に閾値を設定したい

Update CSV values without ovewriting old ones

Running a custom command via cli

Excluding Events Based Off CSV Lookup

splunk predict period limit 2000 ??

Splunk Add-on for microsoft cloud services not get...