Splunk Search

Discussions

Thread Info

Real time select today's data

Hi I wonder if i could do this. I am able to select real time for last one hour ,24 hours etc and i want to sel...

by Communicator in

How to get the TPS of all events in a 24 hours by host .

We are trying to get TPS for 3 diff hosts and ,need to be able to see the peak transactions for a given period. initi...

by Path Finder in

Why is manual field extraction not working for some fields in some events?

I have manually set up a search time field extraction with regular expression in the props.conf. It happens so that o...

by Splunk Employee in

How to send email to multi users one by one

I run a query and get the table like this, user user_email content Jack jack@abc.com abcmdsfsadfsadfsadfsdf Mike...

by New Member in

CSV vs KV store lookup. How large is large?

Documentation comparing CSV and KV store notes that for large lookups, KV Store is preferred over CSV. http://dev.sp...

by Builder in

Monitoring a Large Wifi Environment

I'm looking at monitoring potentially a large wifi network consisting of multiple access points and looking for any i...

by Builder in

How to edit my real time alert to trigger when average CPU and memory usage exceeds 70% in a 2 minute span?

I want an alert thrown whenever a two minute interval shows the average CPU and average Memory usage both exceeding 7...

by Explorer in

How to group my data so that any values with the same time will be merged into 1 row?

Hi , I'm very new here with Splunk searches I'm trying to do a group by on my dataset so that any rows with the sa...

by Engager in

Need search help

Hello I have a search that timecharts useragent count by useragent. Simply index=apache useragent=* | timechart co...

by Builder in

How to create a regular expression on a multivalue field

I have a multivalue (MV) field "filetypes" with values such as: test/Makefile.am,test/och_test.cc,test/fully1.py,2...

by Path Finder in

Hosts that have sent events over the last eight weeks (by week) but taking into account owner vacation

I have a low volume index where hosts send one event every 24 hours. I need to determine if each host in today's sear...

by Path Finder in

Peak hours of the week by total daily percentage

Hi, I need to display the peak times of day that events are occurring. Essentially, I want to find out the peak ti...

by Path Finder in

How to convert this string into a usable time format?

Hi and thanks in advance, I am trying to convert the following time example field: 2017-03-02T09:41:38.405Z ...

by Path Finder in

Tried DELIMS, REPORT but cannot get neither working

sample data : Number: 152119522 Date : 12/01/2015 12:00:00 AM, Execution Time: 1945 Area Code: 21 Area Name: readi...

by Builder in

Display Field Even No Values

Hi i encounter an issues when i try to display field in table form without any values my data look like table below: ...

by Engager in

MVZIP With the same field on the same Line

Hello All, I have a set of data that looks like the excerpt below: [44] 2017-12-22 to 2017-12-29: 2017-1...

by Path Finder in

How to display a gauge chart when null values are received?

Hi guys i have a gauge chart which normally will display values. however i encounter issues when there is no value, h...

by Engager in

need some help creating tokens

I have a scheduled alert that I need to send to different recipients with different messages depending on the search ...

by Contributor in

Is "strftime() %X" defined by the Splunk server's operating system or the locale the browser?

From Splunk docs for %X: The time in the format for the current locale. For US English the format for 9:30 AM is 9:30...

by Contributor in

How to extract "myuserid" from my _raw event?

i want to retrieve myuserid from the below _raw event. please help me with rex in search. <name>userid</name>\n <...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Real time select today's data

How to get the TPS of all events in a 24 hours by host .

Why is manual field extraction not working for some fields in some events?

How to send email to multi users one by one

CSV vs KV store lookup. How large is large?

Monitoring a Large Wifi Environment

How to edit my real time alert to trigger when average CPU and memory usage exceeds 70% in a 2 minute span?

How to group my data so that any values with the same time will be merged into 1 row?

Need search help

How to create a regular expression on a multivalue field

Hosts that have sent events over the last eight weeks (by week) but taking into account owner vacation

Peak hours of the week by total daily percentage

How to convert this string into a usable time format?

Tried DELIMS, REPORT but cannot get neither working

Display Field Even No Values

MVZIP With the same field on the same Line

How to display a gauge chart when null values are received?

need some help creating tokens

Is "strftime() %X" defined by the Splunk server's operating system or the locale the browser?

How to extract "myuserid" from my _raw event?

Splunk APM & RUM | Upcoming Planned Maintenance

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

multi-level nested JSON to table?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?

How to configure alert when a service is in failed...

how to identify '\n' in Splunk rex