Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Search Strategies for Complex Data Sets

Hello All, I've searched Answers here and I have not really found an answer to my problem, my apologies if I misse...

by Explorer in

timecharting max of sum

I generate a log file with one line per server with the time of the run as the splunk date.. something like 2013-0...

by Path Finder in

Creating an Automatic Lookup that applies to all hosts/sources/sourcetypes.

I have a lookup table that I generate as a CSV dump of one of our databases. The database contains a list of all our ...

by Communicator in

Regex to start with specific characters

Hi, i would like to get all the requests that start with / and there will be few alpha numeric characters and then en...

by Contributor in

Create folders in "Searches & Reports" drop down menu

Does any one know how to create folders in "Searches & Reports" drop down menu to organize the searches?

by Explorer in

are postprocess searches counted against the search quota for a given role?

seems that the quota for searches includes postprocess searches, can someone confirm this? If, so can I get a link to...

by Path Finder in

Filter search results based on return value of subsearch

Hello Splunk Community, I am attempting to restrict search results based on the return value of a subsearch. My en...

by Explorer in

statistic by week days

How do I get an average count of operations during current minute using last 3 weeks, for example? I need to know how...

by Communicator in

Creating A Graph from summed HTML responses

Hi, I have a log with entries returning something such as [2013-05-29 12:29:08:893 GBT] RESULTS 200=19 400=0 401=1...

by Path Finder in

Is it possible to strip text out of a field for better reporting

I am looking to strip out some text from a field in my log file and have no knowledge of regex to do it. What I would...

by Engager in

XML Specific colors for each column inside the column chart

Hi, How can I put specific colors for a column chart I tried this {"Existing":0xFF0000,"Not E...

by Explorer in

What causes timechart to start drawing with recent data but change time periods, lopping off recent results?

I'm looking for unique local/foreign pairs in netstat output to track the number of tcp connections in TIME_WAIT on a...

by Splunk Employee in

Correlate extracted banned IP field with corresponding SSH log events

Hello Splunk Community, I am new to Splunk so please bear with me. My end goal is to construct a dashboard summary...

by Explorer in

How to find "non" unique users.

<--- NOOB Ok...so here is my quandry... I have a query (see below) that returns a list of users, ips and client in...

by Engager in

Lookup Table

I am attempting to use an external lookup table against some twitter data. My Transforms.conf file reads: [HLookup...

by Explorer in

How to count equal sources

Hello, I want to count the denials from the same source ip. How can I do this? The Log looks like this: May 28 07:...

by New Member in

Splunk aggregate transaction.

My current situation is the following: There are 26 messages that can be sent between three parties. There are 3 p...

by Explorer in

Question on Search

Hi, We have devices which maintains session information of various users. These devices have a max capacity of ses...

by Influencer in

Using stats result of a field in one sourcetype to compute a values for a field in another sourcetype.

There are two sourcetypes, The first sourcetype has a field called hours_travelled. Now I have to compute mean(hours_...

by Communicator in

perl script

Hello all, I need to create multiple eval fields like this old question: create-multiple-eval-fields-with-wilcards...

by Explorer in

Splunk Search

Discussions

Search Strategies for Complex Data Sets

timecharting max of sum

Creating an Automatic Lookup that applies to all hosts/sources/sourcetypes.

Regex to start with specific characters

Create folders in "Searches & Reports" drop down menu

are postprocess searches counted against the search quota for a given role?

Filter search results based on return value of subsearch

statistic by week days

Creating A Graph from summed HTML responses

Is it possible to strip text out of a field for better reporting

XML Specific colors for each column inside the column chart

What causes timechart to start drawing with recent data but change time periods, lopping off recent results?

Correlate extracted banned IP field with corresponding SSH log events

How to find "non" unique users.

Lookup Table

How to count equal sources

Splunk aggregate transaction.

Question on Search

Using stats result of a field in one sourcetype to compute a values for a field in another sourcetype.

perl script

Trimming last 8-9 chars from string

Print string arrays in json in tabular format

Help in setting up token based on User Value

chart by 2 fields

Add field to timechart