Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
karthi2809

How to generate a search that will calculate response time based on my event?

I have to take response time from given 12/07/2016 07:36:49 :: :: 090A24936 Req. : 07:36:49:450 --- 090A24936 Reply ...
by karthi2809 Builder in Splunk Search 12-07-2016
0 1
0
1
rwiley

How to create a field from value of an existing field?

i have this search index=cmedia sourcetype="adspecificsnmp" | rex field=_raw mode=sed "s/=,/=NA,/g" | rex field=...
by rwiley Explorer in Splunk Search 12-07-2016
0 5
0
5
sgundeti

Are there any limitations using on using the _raw field in an eval case statement?

Hi, I was trying to construct an eval case statement using default _raw field and observed strange results. Here is ...
by sgundeti Path Finder in Splunk Search 12-07-2016
0 3
0
3
sumitkathpal

How to edit my tstats search with inputlookup to return additional columns from a CSV file?

Hi All, Need your help to refine this search. Currently in the search, we are using the tstats command along with i...
by sumitkathpal Explorer in Splunk Search 12-07-2016
0 2
0
2
sarfarajsayyad

How do I extract these fields and corresponding values parsing while JSON data?

I have a following JSON input. { "StartTime": { "@item": "1", "#text": "2016/11/21 09:35:25" ...
by sarfarajsayyad New Member in Splunk Search 12-07-2016
0 6
0
6
sankarms

How to edit my regular expression to grab the first line in a log?

I have a log file like this: Type: something/something; something The next line I want to write a Splunk search to...
by sankarms Explorer in Splunk Search 12-06-2016
0 4
0
4
lksridhar

How to write a search to extract String and Total fields to include in my table of results?

Hello Everyone, I am new to Splunk and trying to write the search below to display the below data in my dashboard, b...
by lksridhar Explorer in Splunk Search 12-06-2016
0 9
0
9
karthikmalla

How to edit my search inside an IF Condition?

Hello, I am having trouble writing a search string within a IF condition. My example Search String is: index=* sourc...
by karthikmalla Explorer in Splunk Search 12-06-2016
0 1
0
1
hjwang

compute the ratio of some specific fields in total event

Hello,i would like to compute the ratio of some specific fields in total event, for example, in IPS attack event log,...
by hjwang Contributor in Splunk Search 12-06-2016
0 3
0
3
splunker1981

What is the best way to streamline a search with a date variable that is based on x numbers of months back?

Hello experts, I've been banging me head trying to figure out how to best approach this, keep in mind that I'm relat...
by splunker1981 Path Finder in Splunk Search 12-06-2016
0 6
0
6
ajdyer2000

Replacing carriage return with special character

Hi, Results of a search returns computer name and IPaddress separated by a carriage return ComputerName [carriage ...
by ajdyer2000 Path Finder in Splunk Search 12-06-2016
0 6
0
6
dpanych

How can I build a Dashboard/Search to use optional Text inputs?

I am trying to build a dashboard with multiple Text inputs that are optional. Say I have 4 Text input boxes: UserID, ...
by dpanych Communicator in Splunk Search 12-06-2016
0 4
0
4
benchdba

How to edit my search to find the sum for the latest events with subsearch?

Hi, I am very new to Splunk and have a question about subsearch. I have some events with the following fields and da...
by benchdba New Member in Splunk Search 12-06-2016
0 3
0
3
twinspop

What's the best way to get unique counts from long term data?

We have a few busy indexes that can only retain about 20 days worth of logs. The corner-office-types want unique user...
by twinspop Influencer in Splunk Search 12-06-2016
0 3
0
3
tmaltizo

Forescout: How to gather a list of non-compliant hosts over a span of 30, 60, or 90 days?

We're currently running the following search and it's returning every instance of when a host was non-compliant. In...
by tmaltizo Path Finder in Splunk Search 12-06-2016
0 4
0
4
rsingh

Being new to Splunk, do my inputs.conf and outputs.conf look correct on my local PC?

deploymentclient.conf [target-broker:deploymentServer] targetUri = splunk.domain.com:8089 outputs.conf [tcpout] ...
by rsingh Explorer in Splunk Search 12-06-2016
0 1
0
1
kmattern

How to edit my search to populate select fields in a lookup table?

I have a lookup table that contains a list of about 50 computers. The columns are ComputerName, SoftwareVersion, cs_u...
by kmattern Builder in Splunk Search 12-06-2016
0 5
0
5
722624

How to display a table of sales orders, and another table below with details of the sales orders in the same dashboard?

I have to show results like below in a dashboard. For example: 1) first table shows all the sales orders, as of now ...
by 722624 Path Finder in Splunk Search 12-06-2016
0 2
0
2
cj039165

How do I get my searches to run against the logs of each server, not across all servers?

Hello We are trying to use the search below to calculate response times. The search is looking for a thread ID in t...
by cj039165 New Member in Splunk Search 12-06-2016
0 2
0
2
rkdasari

every event has a hostname and respective time stamp. I want that hostname its time to be displayed and download that as a csv

Like this many events are there. I just need host and TIme to be dowloaded as a report . please help me TIme 12/6/16...
by rkdasari New Member in Splunk Search 12-06-2016
0 2
0
2
TheJagoff

How to edit an inputlookup search that returns more results than expected?

Hello (again), I have a lookup table that has 17 fields in it and 200 total records, but of interest to me is a tabl...
by TheJagoff Communicator in Splunk Search 12-06-2016
0 2
0
2
saura1312

How edit my search to exclude holidays (with the help of lookup)?

eval dates=mvrange(strptime(insrt_date,"%Y-%m-%d"),strptime(updt_date,"%Y-%m-%d"),86400) | convert ctime(dates) time...
by saura1312 Engager in Splunk Search 12-06-2016
0 7
0
7
matutter4

Is it safe to make a folder in $SPLUNK_HOME/var/run/dispatch?

I'm writing a custom search command filter that's designed to use pythons tempfile.gettempdir. I see that Splunk uses...
by matutter4 Explorer in Splunk Search 12-06-2016
0 2
0
2
email2vamsi

How to edit my search to fetch and compare the top/first row from two source types?

I would like to fetch the latest record (only the first row) from two source types and check if both the fields are z...
by email2vamsi Explorer in Splunk Search 12-06-2016
0 7
0
7
email2vamsi

Is there a way to read values from more than one lookup table at the same time?

I want to display the result in a graph based on the results of the following two join searches. I can store these v...
by email2vamsi Explorer in Splunk Search 12-05-2016
0 7
0
7
Top Labels
Get Updates on the Splunk Community!

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...
Top Solution Authors
View All