Splunk Search

Ask a Question

Discussions

Thread Info

How to write a serach to list hosts sending data being indexed in Splunk for a specific sourcetype?

Hello, I'm trying to build a search that lists the hosts daily that are, filtering for a specific SourceType, send...

by Explorer in

How to write a search to create a summary index with a count of "0" when there are no events matching "myerror"?

I have a search to create a summary index which runs every 15 minutes: index=foo "myerror" | bin span=15m _time |...

by SplunkTrust in

Is there a way to calculate the percentile of a value within a range of values?

One of the most useful functions in Excel is percentilerank, which calculates the percentile of a value within a rang...

by Path Finder in

How to edit my search to track the amount of data being ingested to a specific index, measured in MB/per minute?

I'm trying to write a search to track the amount of data being ingested to a specific index, measured in MB/per minut...

by Path Finder in

How to write a search to identify the total amount of data is being indexed by MB per minute?

I need to identify the total amount of data is being indexed by my indexer cluster, by MB per minute. I think the bes...

by Path Finder in

How to derive earliest and latest from a list of events that overlap in timespans

I need to roll up several events with overlapping start and stop times. I need the total time of the events without d...

by Path Finder in

How to generate a single search that uses inputlookup and join on multiple fields?

I have a list of hosts that submit logs periodically. I need Splunk to generate an alert if the last time it received...

by Explorer in

How can I hide rows with duplicate values in an xyseries table?

I have a large table generated by xyseries where most rows have data values that are identical (across the row). I wa...

by Explorer in

Splunk Input step in Pentaho PDI is unable to run query on Splunk with error "SSL peer shut down incorrectly"

Hi All, I am trying to use Splunk Input step in Pentaho PDI. I am getting the following Exception. Any idea what i...

by Explorer in

Why am I unable to search my JSON log file without using spath, even after configuring my props.conf?

Hi Folks, I have the following log file information. With my props.conf, it consumes it and visually shows fine, b...

by Explorer in

How to troubleshoot why my forwarders have stopped forwarding most data at a certain time?

Splunk 6.4.1 We have run into an issue on Tuesday where data for over 99 clients have just stopped presenting in t...

by Communicator in

Search that alerts if one event exists and another does not

I have two types of events in the same index: 2016-10-27 00:43:49.722 event=file_change 2016-10-27 00:43:54.000 ev...

by Path Finder in

How to extract timestamp (year, month, date) from a filename?

I have a file name that contains such timestamp: "filenameexample_161128_kadjfkj.txt" year(16) month(11) date(28) ...

by Path Finder in

How to create a search to find accelerated searches, their users, and their access count?

We have a rather larger Splunk installation and user base. While checking our system for optimizations, we found that...

by Contributor in

What is anomalies and how can I calculate for a specific field?

For the below search My search | timechart span=1h limit=0 count by student Is it possible to list out the anom...

by Builder in

How to compute the mean activity volume per field in Splunk?

How to Compute the mean activity volume per user in each hour yesterday, and find the ones more than n standard devia...

by Builder in

counting using group by multivalue fields that might contain empty or inconsistent fields?

So i have scenario where i have to group by a table (Make, model, horsepower year) like the one below, Make ...

by Path Finder in

searching for linux audit events?

I am trying to generate some reports for linux audit events. From what I understand linux can generate multiple li...

by Contributor in

How do I configure timezone settings in Splunk so users in different timezones receive the same results?

I have a Splunk user in a Romanian timezone their search returns the events, let's say from midnight this day + one d...

by Engager in

How to search for and chart multiple values for different sourcetypes?

I'm not sure if this is a multisearch or a join or something else, but I want to chart multiple values for different ...

by Contributor in

How to calculate Anomalies for a particular field?

Considering a field "user_name". What could be the search to find the anomalies per hour for each user_name in a day?

by Builder in

How to adjust the time in a timechart?

I have a timechart which displays the results for the past 7 days. But now i don't want the Splunk to display the res...

by Builder in

Why do these sub-searches error when part of a dashboard or report?

We have separate indexes for 3 different applications and there are multiple instances of each application. I run the...

by Motivator in

How to compare values in field1 to a list of values in field2, and return all values where field2 is greater than field1?

Here is my situation. I have written a search to get a list of values per user and I did an average of the values as ...

by Path Finder in

How to write a search to return events from two event types with a common field?

Hi. I have a search question, and I believe the answer involves using transactions. I have defined two eventtypes...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to write a serach to list hosts sending data being indexed in Splunk for a specific sourcetype?

How to write a search to create a summary index with a count of "0" when there are no events matching "myerror"?

Is there a way to calculate the percentile of a value within a range of values?

How to edit my search to track the amount of data being ingested to a specific index, measured in MB/per minute?

How to write a search to identify the total amount of data is being indexed by MB per minute?

How to derive earliest and latest from a list of events that overlap in timespans

How to generate a single search that uses inputlookup and join on multiple fields?

How can I hide rows with duplicate values in an xyseries table?

Splunk Input step in Pentaho PDI is unable to run query on Splunk with error "SSL peer shut down incorrectly"

Why am I unable to search my JSON log file without using spath, even after configuring my props.conf?

How to troubleshoot why my forwarders have stopped forwarding most data at a certain time?

Search that alerts if one event exists and another does not

How to extract timestamp (year, month, date) from a filename?

How to create a search to find accelerated searches, their users, and their access count?

What is anomalies and how can I calculate for a specific field?

How to compute the mean activity volume per field in Splunk?

counting using group by multivalue fields that might contain empty or inconsistent fields?

searching for linux audit events?

How do I configure timezone settings in Splunk so users in different timezones receive the same results?

How to search for and chart multiple values for different sourcetypes?

How to calculate Anomalies for a particular field?

How to adjust the time in a timechart?

Why do these sub-searches error when part of a dashboard or report?

How to compare values in field1 to a list of values in field2, and return all values where field2 is greater than field1?

How to write a search to return events from two event types with a common field?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions