Splunk Search

Discussions

Thread Info

How can we show or display application response time based on session id?

hi, we running load test on 6 of the micro services and each has different API. we are indexing those logs into Splun...

by Communicator in

How to remove numbers from events at search time?

Hi, i have endpoints which are extracted from the log message and some end points are with numbers at the end. can we...

by Communicator in

timechart span=60m snaps to hour whereas I want it to snap to minute

I'm trying to get hourly averages and compare the last to the previous one. ...some search | timechart span=60m ...

by Builder in

How to edit my regular expression for a multivalue field extraction with new lines?

Hello, I need REGEX help. I've wasted almost all day trying to do this and only came up with this which is very sl...

by Path Finder in

How to edit my search to create an overlay on a time chart with two CSV files using the date as the common field?

Hi, I have two CSV files File 1=bbOrCellOffline . index=betadb Contents look like this 1004876,1004574,T...

by Motivator in

issue querying events in quotes

Seeing issue with tabling results inside quotes and wondering if this is know issue with work around? query: index...

by Path Finder in

How do write a search to list all indexes associated with a sourcetype?

I have no trouble listing all the sourcetypes associated with an index, but I need to go the other way - What are all...

by New Member in

How to edit my transforms.conf xml field extraction?

Hi, I am not finding any previous posts that answer my question so here it is. I have a security appliance that se...

by Contributor in

How to use a conditional variable in a stats count command?

Given the following search logic index=* (Action=Search OR Action=CreateOrder OR Action=FindItinerary OR Action=Co...

by Builder in

How to chart and compare memory usage of my JSON data?

I've got an interesting JSON: {"timeStamp":"2017-01-26 23:59","name":"myVM1","counter":"mem.usage.average","descri...

by Builder in

Why am I unable to search data from firewall hosts unless I select "All Time" time range?

Splunk Version: 6.4.0 Splunk Build: f2c836328108 We collect data from Cisco Asa firewalls (5). We are able to sea...

by New Member in

How to write a search to find new hosts that are sending logs to Splunk?

Dear Experts, We are looking for a search where we can find new hosts that are sending logs to Splunk. I am stuck ...

by Explorer in

How to create an alert if only the row count of my table output is less than 10 rows?

Hi team, The below query returns 12 rows index=test_core sourcetype=test_app marker=123 |dedup host, instance_...

by Explorer in

Why is my eval search returning empty field results?

Hello, I have searched some of the previous questions, but none seem to pertain to my problem. I am running the be...

by Explorer in

How do I extract last two fields of a string separated by a delimiter?

Hi- I have some strings separated by "." delimiter. For example, a.b.c.d x.y.z p.q.r.s.t.u I want to be able to e...

by Engager in

convert mktime() Vs eval strptime() Which is faster and better

Hi, We can use convert mktime() or eval strptime() to convert time into epoch time format. I am more interested in...

by Influencer in

How to edit my search to find orphaned transactions older than 1 minute?

Hello. I have a search that looks for orphaned transactions, as follows: [...main search...] | transaction request...

by New Member in

Splunk Javascript SDK: Is it possible to include column headings as a row in the chart array?

Hi all, I'm currently working with the Splunk SDK for JavaScript and I am having some difficulties formatting the ...

by Path Finder in

What is a good approach to extract fields from a single event that captures a structured data table?

We have events coming in from stdout, such as the top command, where a single event captures a multi-line structured ...

by Communicator in

How to update a lookup table for specific rows?

I need to keep the name of all systems that have been detected for phishing in order to use it in another search, so ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can we show or display application response time based on session id?

How to remove numbers from events at search time?

timechart span=60m snaps to hour whereas I want it to snap to minute

How to edit my regular expression for a multivalue field extraction with new lines?

How to edit my search to create an overlay on a time chart with two CSV files using the date as the common field?

issue querying events in quotes

How do write a search to list all indexes associated with a sourcetype?

How to edit my transforms.conf xml field extraction?

How to use a conditional variable in a stats count command?

How to chart and compare memory usage of my JSON data?

Why am I unable to search data from firewall hosts unless I select "All Time" time range?

How to write a search to find new hosts that are sending logs to Splunk?

How to create an alert if only the row count of my table output is less than 10 rows?

Why is my eval search returning empty field results?

How do I extract last two fields of a string separated by a delimiter?

convert mktime() Vs eval strptime() Which is faster and better

How to edit my search to find orphaned transactions older than 1 minute?

Splunk Javascript SDK: Is it possible to include column headings as a row in the chart array?

What is a good approach to extract fields from a single event that captures a structured data table?

How to update a lookup table for specific rows?

New Splunk Observability innovations: Deeper visibility and smarter alerting to ...

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Instrumenting Java Websocket Messaging

how to extract usernames from windows event log 46...

Windows Event Log of Account Creation Search?

How to convert large bytes to human readable units...

How to convert a large number to string with expre...

Need help on Dashboard related issue?