Splunk Search

Discussions

Thread Info

Is there a way to show the number of events per distinct count of servers over time?

For my data set, I am looking to see the sum of the number of events per distinct count of servers. Reasoning, I am l...

by Explorer in

reputation for posting question

how can I get/increase my reputation points to post the question

by Communicator in

Which versions of Splunk are within scope of the vulnerability CVE-2016-2107 (OpenSSL)?

Is the openssl vulnerability exploitable on all versions or certain older versions?

by New Member in

"Error in 'map' command: Unable to find saved search 'search='"

Currently, I have a form with a search that populates a two column table, and am using one of the columns as a key to...

by Explorer in

How to I exclude a field value that contains numbers?

I have a situation where we break out user classes by adding numeric characters at the end of their username. As an e...

by Explorer in

Why do I see log entries monitoring splunkd.log via search that do not appear in splunkd.log?

I was under the impression that if I did index=_internal source="/opt/splunk/var/log/splunk/splunkd.log" realtime tha...

by Motivator in

How to join this search with our existing search?

Hi, Need help on a Splunk subsearch. Below is our Splunk basic search which gives us few fields if it satisfies...

by Path Finder in

Set a field with a constant value

In props.conf, I would like to create a field abc by saying: abc = "xyz". Is there any way to say this so that ...

by Path Finder in

Can the transaction command be used to search the duration a user has been logged in to a PC?

I want to see the duration that a user has been logged in to the PC for. Would the transaction command work the best ...

by Contributor in

User data collapsed with activity information collected in separate statements

My app writes two log statements, audit and activity statement, for each invocation as below: audit: type:audit | ...

by Explorer in

Sum Duration

query: index=ctap source="/charter/apps/gwtrbl/logs/troubleshooting*.log" host=sc58laopp0* End of Branch Execution : ...

by Path Finder in

In a Distributed Search environment, how do I restrict what indexes (or sources) the Search head sees on the Search Peer?

I have a main centralized splunk index server with logs for 50+ hosts. I have a secondary Splunk instance for a small...

by Explorer in

Programatically setting severity within a search

I am writing a search that will track when the firewall sees outbound traffic over non-standard ports. I have a requi...

by Engager in

How to lookup list of keywords with raw logs which are available in Splunk?

Hi, I have a list of executables uploaded as a lookup in Splunk and have proxy logs to compare against it. I need ...

by New Member in

Where can I get the XSD that defines the structure of the XML search output from the REST API?

Hi, I have a customer who uses Splunk via the REST API and runs a search to put into another system. Their output ...

by Champion in

How do I take the entire contents of a table and make it one giant event?

All, So I have a lookup, of say 10,000 items. I'd like to merge it all as one giant event for a specifical visual...

by Builder in

What is the difference between fieldformat and eval operation time conversion?

I am able to see that the following search returns the same result for fieldformat as well as eval time conversion op...

by Communicator in

Transaction duration in Splunk

Hi All, Transaction duration based on thread name. I wrote the below search: index="p" sourcetype="x" | transac...

by Explorer in

Creating Bar Chart for SSH logs

Hi Team, We are trying to create a bar chart from secure log. The ultimate goal is to plot the accounts (top 10) u...

by Explorer in

How can I get a count of words in an event?

All, Weird search. How can I get a count of words in an event? e.g. _raw = "Hello world. Hello state. Hello F...

by Builder in

How to edit my search to chart a trend line over time?

I am trying to use the below search and plot a graph for the TPS field. So, if I draw a chart with the TPS values ...

by New Member in

How to find where an extracted field was created that appears in searches?

Trying to find where a field was created that appears in a search against our BlueCoat proxy logs. The field is s...

by Contributor in

How to extract a substring based on its position within a field?

I have a field that is of the form /Code153:4:Item1,Item2,Item3,Item4/Code211:2:Item5,Item6 where I need to extract a...

by Explorer in

How to Group Events at Index Time?

I want to tie together 2 events at index time the same way I would tie them together at search time using the transac...

by SplunkTrust in

Search for items not matching values from a lookup

I have this search which basically displays if there is a hash (sha256) value in the sourcetype= software field =sha2...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is there a way to show the number of events per distinct count of servers over time?

reputation for posting question

Which versions of Splunk are within scope of the vulnerability CVE-2016-2107 (OpenSSL)?

"Error in 'map' command: Unable to find saved search 'search='"

How to I exclude a field value that contains numbers?

Why do I see log entries monitoring splunkd.log via search that do not appear in splunkd.log?

How to join this search with our existing search?

Set a field with a constant value

Can the transaction command be used to search the duration a user has been logged in to a PC?

User data collapsed with activity information collected in separate statements

Sum Duration

In a Distributed Search environment, how do I restrict what indexes (or sources) the Search head sees on the Search Peer?

Programatically setting severity within a search

How to lookup list of keywords with raw logs which are available in Splunk?

Where can I get the XSD that defines the structure of the XML search output from the REST API?

How do I take the entire contents of a table and make it one giant event?

What is the difference between fieldformat and eval operation time conversion?

Transaction duration in Splunk

Creating Bar Chart for SSH logs

How can I get a count of words in an event?

How to edit my search to chart a trend line over time?

How to find where an extracted field was created that appears in searches?

How to extract a substring based on its position within a field?

How to Group Events at Index Time?

Search for items not matching values from a lookup

Splunk App for Anomaly Detection End of Life Announcement

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Answers Content Calendar May 2025!

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions