Splunk Search

Discussions

Thread Info

how to write the regular expression for my statement?

Hi folks, could you please anyone help me to write the regex for below statement and need extract the external val...

by Explorer in

How to generate a search to display the count of a field based on filepath extensions?

I have a search with multiple extensions in a field which, i want to group details based on the extensions in filepat...

by Explorer in

Does Splunk have any plans to roll out voice search?

by Path Finder in

Why are saved searches running on indexers?

Hi, when i run ps aux | grep "scheduler" on indexer i see some searches running .. I am wondering how come saved s...

by Path Finder in

strptime() format based on multiple fields

I Have two fields one with Date in YYYYMMDD and TIME in HHMMSS format. the hour field sometime has values like 3000 w...

by New Member in

No results found, I want to show other message but I want stats count by field

I am trying to compare the count based on ServiceMethod [field], but when there are no results found, that particular...

by New Member in

How to edit my search to extract a single record from an inputlookup file?

I have an inputlookup file that shows temperature records and is formatted as follows rec-date,average-low,average...

by Splunk Employee in

How to add a static column to a table with dynamically search result

I have a search successfully generate a dynamic table BUT I couldn't add a static column called baseline: I tried ...

by New Member in

How can I convert my time format to epoch time?

Format i have in Splunk:- Duration as 9h:42m:32s I tried to use below search but it didn't worked. eval "Durati...

by Explorer in

How to use Windows event logs to alert for the failed attempts less than 5 occurring for every hour?

Slow and Low attack? How to use Windows event logs to alert for the failed attempts less than 5 occurring for every h...

by Builder in

line chart cumulative counters by host

Problem: Creating a line chart from cumulative counter (i.e. snmp ifOutOctets or Windows TCP counters) for multiple h...

by Champion in

How to edit my search to find the status of tickets for my groups?

Hello, i have a data from ticketing system where events looks (more or less for the simplicity) like this: date...

by Explorer in

How to calculate transaction per second for my search?

for the search index=* some_events | stats count how to calculate the transaction per second for this search ...

by New Member in

How to display bucket/histogram data with zero count?

I'm trying to run a bucket/histogram of data but I want to display buckets that have zero count. By default, bucket s...

by Path Finder in

How to extract field for irrelevant data log to indexed?

Event Flow (THREAD-XXXX) YYYY-MM-DD 15:53:38.486 - Server_Name flow step millis 32 ('XXXXXXXXXXXXXXXXXXXXXXXXXXXXX...

by New Member in

How do I find Active Directory usernames logging in to ADFS from the Outlook App for iOS or Android?

We'd like to identify all of the users that have set up the Outlook app for iOS or Android. All of the authentication...

by Explorer in

How to generate a regular expression that extracts a field in my event data?

I need to do a field extraction for everything after the ) to the end of the first line. I've tried about every regex...

by Path Finder in

How to create a bar chart that compares values over two time periods?

I've created a search that displays the top 10 blocked destination ports over the last 4 hours. I've also managed to ...

by New Member in

How do I correct error "Error in 'rest' command: Invalid argument: '/services/server/info' "?

I've recently installed splunk 6.5.1 on windows 2008 R2. I've also enabled 'Health Check' in Monitoring Console, but ...

by Explorer in

How can I get the 10 oldest events of a search first and quickly?

All, Any idea how I get the 10 oldest events from the search below? I need it to validate that we have 90 days of...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

how to write the regular expression for my statement?

How to generate a search to display the count of a field based on filepath extensions?

Does Splunk have any plans to roll out voice search?

Why are saved searches running on indexers?

strptime() format based on multiple fields

No results found, I want to show other message but I want stats count by field

How to edit my search to extract a single record from an inputlookup file?

How to add a static column to a table with dynamically search result

How can I convert my time format to epoch time?

How to use Windows event logs to alert for the failed attempts less than 5 occurring for every hour?

line chart cumulative counters by host

How to edit my search to find the status of tickets for my groups?

How to calculate transaction per second for my search?

How to display bucket/histogram data with zero count?

How to extract field for irrelevant data log to indexed?

How do I find Active Directory usernames logging in to ADFS from the Outlook App for iOS or Android?

How to generate a regular expression that extracts a field in my event data?

How to create a bar chart that compares values over two time periods?

How do I correct error "Error in 'rest' command: Invalid argument: '/services/server/info' "?

How can I get the 10 oldest events of a search first and quickly?

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Need to add date range to dashboard panel title s...

Will Splunk searches using lookup get affected if ...

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?