Splunk Search

Discussions

Thread Info

get events before 1m and after 1m of the specified time period

Hi , I have search that is working fine and displaying the results that i need but i need events that are occuring...

by Path Finder in

How do I develop a rex command that extracts non-contiguous characters into one capturing group?

I need some assistance coding a rex statement to extract data from events generated by a Powershell script. Sample da...

by Explorer in

Is there a way to customize the SPL safeguards feature released in 6.4?

All, Below is a link to the new SPL Safeguards feature that came out it 6.4. It is set up to warn users about dang...

by Explorer in

How to modify my transaction search to extract a sequence of six events when startswith and endswith have a matching value?

Hi, I am trying to extract sequence of events from logs by using transaction command. I am looking for sequence of si...

by Explorer in

Does count(foo) always count from a field?

When you use count/dc/estdc in a search, does it always count from a field? For example, is: count(foo) counting the ...

by Communicator in

How can I compare a list of users to another set?

All, Say I query Splunk and get a list of 1000 users today. And tomomorrow I do the same thing and get 1002 users...

by Builder in

How to use JSON subfields with the eval command?

My log entries consist of a single json object, like so: { Severity: "INFO", Message: { StatusCode: 200, Route: "/...

by Engager in

How to develop a table that displays top 10 counts, unique distinct counts, and total counts?

I have the following query to display top 10 counts, for example: sourcetype=IIS | top 10 URL This returns the...

by Explorer in

How to get search errors and warnings through java sdk

My search results are incomplete due to some of the indexes are down am using these search results using java sdk, is...

by New Member in

How to develop a search to find free disk space using Splunk for Windows server?

We have added the below code in out inputs.conf file for 50+ servers I am not sure on how to check the free space via...

by Path Finder in

Is this statement on Splunk search types correct?

I have found this entry in one of the blogs (non-Splunk). Do you think this statement is correct? The following ar...

by Explorer in

>1 Lookups in a search for a timechart Returns a SIngleRow only.

I have a need to pull a couple of totals from a lookup table within a search statement. I have a "nat_total" and a...

by Explorer in

Is there an option to stop a search job after a certain time through Splunk REST API?

I have a Splunk search which takes long time to execute. I want to stop the Splunk job if it doesn't complete in a mi...

by Engager in

Why is my search resulting in error "Streamed search execute failed because: JournalSliceDirectory: Cannot seek to 0"?

While running the search index=networking | timechart count on Splunk v. 6.3.3, we are getting the following error: ...

by Builder in

How do I create a chart with the x-axis as processing time for transactions and the y-axis as number of events?

Location Processing Time (minutes) ----------- --------------------------- Central ...

by Explorer in

regex over multiline event

Hello, given the events i have to import in Splunk, i would like to extract the fields. My problem occurs with the...

by Explorer in

how to search only for current date?

hi, i need to know what i should insert into latest_time and earliest_time to specify search only for current day

by Contributor in

Clarification regarding pivot command

Hey all, I've just encountered the pivot command for the first time and after reading through the Splunk page on i...

by Communicator in

Delta between two Date data fields

I am working on metrics for management and was wondering if it was able to compute the delta between two date data fi...

by Explorer in

Is conditional background coloring possible in Splunk charts?

Hi Team, Can any one help me to know if conditional coloring is possible in Splunk Charts as shown in the below im...

by Communicator in

Need Regex help in parsing specific fields

String is ----------------- OfferRedeemedRequest [partnerID=1234, partnerName=MCenter, messagePriority=9, userID=2a28...

by Explorer in

How to modify my search to sort date values in order to populate a check box form?

Hello, Splunk rookie here, I have a field in my data set that shows a date (ie. 06/26/2016) which I have used to ...

by New Member in

How to edit my filtering search using a select drop-down value to improve performance?

Dear All, I have a small performance problem and I'd like to know if someone can help me. I have a basic dashboard...

by Engager in

How to incorporate metadata command in my lookup table to be able to view time offline?

I have a few searches I have added a lookup table to. All of them work, but one. The one below uses metadata and I'm ...

by Path Finder in

Calculate percentage of multiple values, different events

I am trying to display the percentage of Total Modems against Total Modems on Card 0. The XML I am given unfortuna...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

get events before 1m and after 1m of the specified time period

How do I develop a rex command that extracts non-contiguous characters into one capturing group?

Is there a way to customize the SPL safeguards feature released in 6.4?

How to modify my transaction search to extract a sequence of six events when startswith and endswith have a matching value?

Does count(foo) always count from a field?

How can I compare a list of users to another set?

How to use JSON subfields with the eval command?

How to develop a table that displays top 10 counts, unique distinct counts, and total counts?

How to get search errors and warnings through java sdk

How to develop a search to find free disk space using Splunk for Windows server?

Is this statement on Splunk search types correct?

>1 Lookups in a search for a timechart Returns a SIngleRow only.

Is there an option to stop a search job after a certain time through Splunk REST API?

Why is my search resulting in error "Streamed search execute failed because: JournalSliceDirectory: Cannot seek to 0"?

How do I create a chart with the x-axis as processing time for transactions and the y-axis as number of events?

regex over multiline event

how to search only for current date?

Clarification regarding pivot command

Delta between two Date data fields

Is conditional background coloring possible in Splunk charts?

Need Regex help in parsing specific fields

How to modify my search to sort date values in order to populate a check box form?

How to edit my filtering search using a select drop-down value to improve performance?

How to incorporate metadata command in my lookup table to be able to view time offline?

Calculate percentage of multiple values, different events

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

Video | Tom’s Smartness Journey Continues

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...