Splunk Search

Discussions

Thread Info

How to search the percentage of values in a field?

I'm trying build a bar chart from an asset list that shows by bunit what percentage of a field called last has a valu...

by Splunk Employee in

How to edit my search to return a 0 instead of "No results" if there are no events found so that we can accurately average the output?

I have the following search which gives me the number of transactions per instance and also gives me the average over...

by Explorer in

How do I edit my search to monitor license usage status for the current day?

Before I start, I found https://answers.splunk.com/answers/187080/how-to-create-a-search-to-predict-license-violatio....

by Explorer in

How to extract the IP and customer_name field from my sample data?

Hello, I am trying to extract the IP address that is noted after START: and the customer name. A customer could h...

by Explorer in

timechart: average out value over missing time

I have bills that come in at irregular periods. Here is an example for 1 type: {name:building1Water, startDate:201...

by Builder in

How do I edit my search to find the first Value1 and first Value2 from my sample event, then calculate the difference?

Hi, I need to get the first Message REQ and first Message RES from the below event and should show my below expect...

by Explorer in

How to extract date and time from xml source file?

Hi everyone, Can you help me how to extract Date and Time from below XMLsample? Here is example of a log: ...

by Explorer in

Regex broken by addition of linebreaker

Anyone run across anything like this? Adding a linebreak breaking existing regex... To address some issues around...

by Builder in

How to write a case statement for this condition?

My values are like: Miscellanious (Field name ) Off-line|Idle|In Service| NCR Custom Edition v3.13 build578907| In...

by Explorer in

How to write the regex to extract added, removed, and changed files/directories and list them?

How can i extract the added, removed, and changed file/directory and list them to a field respectively using regular ...

by New Member in

rex extraction for field value with space

hi, would someone be so kind and help me to build a rex expression? i want to extract all "Audit ID" from this sample...

by Path Finder in

Get hour count average over days

I got data of each transaction with a customer_id in it If I want to know the daily average of count per hour, wha...

by Engager in

Is it possible to have a KV Store time-based lookup?

Hi, I have a kvstore defined based on a collection collections.conf [app2] transforms.conf [business_...

by Path Finder in

How to extract fields from multiple file source names?

Hi everybody, I'm trying to extract fields from multiple source names. It worked for one filename, but I have a lo...

by Contributor in

How do I only extract one instance of a certain field that appears in multiple logs of different formats?

If I have log files with multiple logs in them of different formats, and I only want to receive one instance of the L...

by New Member in

unable to see all the events in visualisation

Hi We are running this search [host=uswebserver12 |timechart span=5m avg(PercentProcessorTime) as CPU_Usage] and ...

by Path Finder in

How to a DNS lookup on the top 20 IP results returned from a search?

Hi All, I have a search that gives me the top 20 IP's visiting my website. I also, have a working dnslookup versi...

by Engager in

How to edit my search to pair values using "stats values()"?

Hello, I'm trying to pair values using stats values(), and I'm having some trouble. I'm searching for blocked u...

by Path Finder in

How to edit my search to find late projects (where the due date is yesterday or earlier)?

Hello! I'm trying to do a search for our projects (we use Microsoft Project Online and have Splunk pull the data f...

by Explorer in

Searching the fish bucket

Indexing server.log and boot.log files using the following stanzas for both: [monitor:///opt/directory/logs/servernam...

by New Member in

renaming field names from string+number to only the number

Hi all. I have a dataset with fields like: Field_1 Field_2 Field_3 Field_4 Field_5 Name Address I need to remo...

by Builder in

How do I extract these lines from my sample multiline event without patterns into a single field?

Hi, I'm trying to extract some lines from a multiline event, for example: 2016-05-17T19:40:37,022 INFO [000000...

by New Member in

Find a time average?

I am trying to determine the mean or average time when a event occurs. I would like to find an average of the last...

by Path Finder in

How can I set a specific drilldown on a line chart based on the value of a field?

My issue is that I have a line chart that shows the CPU usage from both linux and windows servers. If the user clicks...

by Explorer in

How to return results from Search1 which are not present in Search2?

I have two searches that will return common fields Event & UUID. I have to get the results from the first search whic...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to search the percentage of values in a field?

How to edit my search to return a 0 instead of "No results" if there are no events found so that we can accurately average the output?

How do I edit my search to monitor license usage status for the current day?

How to extract the IP and customer_name field from my sample data?

timechart: average out value over missing time

How do I edit my search to find the first Value1 and first Value2 from my sample event, then calculate the difference?

How to extract date and time from xml source file?

Regex broken by addition of linebreaker

How to write a case statement for this condition?

How to write the regex to extract added, removed, and changed files/directories and list them?

rex extraction for field value with space

Get hour count average over days

Is it possible to have a KV Store time-based lookup?

How to extract fields from multiple file source names?

How do I only extract one instance of a certain field that appears in multiple logs of different formats?

unable to see all the events in visualisation

How to a DNS lookup on the top 20 IP results returned from a search?

How to edit my search to pair values using "stats values()"?

How to edit my search to find late projects (where the due date is yesterday or earlier)?

Searching the fish bucket

renaming field names from string+number to only the number

How do I extract these lines from my sample multiline event without patterns into a single field?

Find a time average?

How can I set a specific drilldown on a line chart based on the value of a field?

How to return results from Search1 which are not present in Search2?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6