Splunk Search

Discussions

Thread Info

Can Splunk be used to search and index web pages

Would like to index web page contents in Splunk. Is this possible?

by New Member in

How to select only specific events from the search to do stats on?

Need a way to select only specific events from the list of events, so here the example I have a query on iis logs whi...

by New Member in

Why is my search not populating the visualization tab with data?

When I run this search, everything runs fine, but I don't understand why my visualization tab does not populate. Does...

by Engager in

How to create a chart with static values from log file?

Hi I have extracted 2 fields from log file & now I have to show a chart based on these 2 values. How can I do that...

by New Member in

Why am I getting this error in the search.log when extracting Hive data in Splunk?

I am getting the below error in the search.log when I am extracting hive data in Splunk. I am using thrift metastore ...

by Path Finder in

How to write a search to only list servers that are sending logs to Splunk with two types of error messages?

Hi, I have server message logs sending to Splunk. Eg 1000 servers sending logs at a time. Wanted to find a way to ...

by New Member in

How do I extract this value from my sample data?

How to extract fdd1895d-63e9-4be2-b78b-ec784b00754f from below: 2016-04-28 15:12:56,939 GMT [transaction_id=201604...

by New Member in

How to extract a value of a field, when the field contains quotes(") Inside?

I have an index with multiple fields, however one of my field could contain multiple quotes. Id="0001", Message="...

by New Member in

need to extract two values from two lines and display as table

I am trying to get two files milli seconds from one line and merchant id from another line from the same tomcat tread...

by Engager in

How do I use a large input in a query?

I am try to write some query[ies] so that I find user who had done action A AFTER they did action B . the time span i...

by Path Finder in

How does Splunk create the date_month field?

Since day 23 so far, Splunk is not creating the date_month. It has not changed the date model is the same, as I verif...

by Path Finder in

How to search for a threshold of failed logins followed by a successful login from a user?

I found another thread where the user was trying something similar, with this string: index= | transaction src_ip...

by Explorer in

How i can calculate average of each event type

index="sc-general" info AND(heartbeat OR Successfully) NOT(created) | rex ":\s+(?\w+)" | eval entry_type=if(entry_typ...

by New Member in

How to use a wildcard in a where clause?

I am using the search below to shunt "ORA-00001" from a set of log files. This search works fine for just one log fil...

by Explorer in

Why are we seeing duplicate events found in an index after update to Splunk 6.3.x?

We use several scheduled reports to ensure that we do not have any duplicate events in our indexes. Our searches look...

by Path Finder in

How do I sort bars in descending order based on count in my timechart?

Hello fellow splunkers, I'm currently charting around with webserver access logs. My current search string lo...

by SplunkTrust in

How to use eventstats to get the max value after using timechart?

Hi All, I am trying to gather transaction per second on my 4 servers for each day over a week. I would like to sam...

by Path Finder in

Is there a Splunk search command opposite of Transpose, similar to tools like "crosstab" or "crosstable"?

I have a data set that looks like this: Name, Month, Year, Data1, Data2, Data3, Data4, Data[x] Steve, 2,2015, 1,1,...

by Explorer in

How to convert m/s to km/h?

Hey guys, I'm having this syntax here and the incoming data is m/s and i need to convert it to km/h. How can i do it?...

by Explorer in

How to write a search to filter hosts by lookup table and show their metadata?

I have a task to list out some hosts that do not receive logs in Splunk for X hours. Initially it works fine if I def...

by Explorer in

Splunk Search

Discussions

Can Splunk be used to search and index web pages

How to select only specific events from the search to do stats on?

Why is my search not populating the visualization tab with data?

How to create a chart with static values from log file?

Why am I getting this error in the search.log when extracting Hive data in Splunk?

How to write a search to only list servers that are sending logs to Splunk with two types of error messages?

How do I extract this value from my sample data?

How to extract a value of a field, when the field contains quotes(") Inside?

need to extract two values from two lines and display as table

How do I use a large input in a query?

How does Splunk create the date_month field?

How to search for a threshold of failed logins followed by a successful login from a user?

How i can calculate average of each event type

How to use a wildcard in a where clause?

Why are we seeing duplicate events found in an index after update to Splunk 6.3.x?

How do I sort bars in descending order based on count in my timechart?

How to use eventstats to get the max value after using timechart?

Is there a Splunk search command opposite of Transpose, similar to tools like "crosstab" or "crosstable"?

How to convert m/s to km/h?

How to write a search to filter hosts by lookup table and show their metadata?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>

How can I pair search results from two different q...

Parsing Results with spaces

Why does my set union command result in two datase...

Search types and bloom filters

Improve Speed of Correlation Search

Splunk Search

Discussions

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>