Splunk Search

Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
rsingh_splunk

How to get the top 10 URL's visited by count and then sort those 10 URL's by sum(bandwidth) in ascending order.

So basically what i need is 3 columns which contains the top 10 visited URL's with count sorted by highest bandwidt...
by rsingh_splunk Splunk Employee Splunk Employee in Splunk Search 07-20-2016
0 6
0
6
jsb22

Specific Hour Search

Anyone know splunk's built-in time variables? For example, I'm trying to create a search based on events occuring aft...
by jsb22 Path Finder in Splunk Search 07-20-2016
1 10
1
10
kuali_brandon

How to join normalized data into a single timechart?

We have normalized data where multiple rows represent a single point in time, but attributes within the row represent...
by kuali_brandon New Member in Splunk Search 07-20-2016
0 1
0
1
zsizemore

Trying to index a csv lookup table

I have a .csv file that is just over 2GB, I noticed that the lookup table could only handle 500MB or less, so I reduc...
by zsizemore Path Finder in Splunk Search 07-20-2016
1 11
1
11
test365498

How to search the daily average of the top 95% of events and the percentage change?

Hello! I have two separate searches that I would like to combine into one, someone able to assist, please? I am try...
by test365498 Path Finder in Splunk Search 07-20-2016
0 11
0
11
luongg

How do I remove certain IP addresses with only 3 octets in the Search app?

I have a file that contains a list of IP addresses (Some that are full IPv4 and some that only have an IP with the fi...
by luongg Explorer in Splunk Search 07-20-2016
0 3
0
3
janderson19

How to create an alert to trigger when a user visits 5 blocked websites in 1 minute?

Hello, I'm trying to create an alert that will go out every time a single user visits 5 blocked websites in 1 minute...
by janderson19 Path Finder in Splunk Search 07-20-2016
0 2
0
2
JDukeSplunk

How do I edit the regex for my Windows Security 4656 blacklist?

I am beaten.. I cannot get this blacklist regex to work. We have a Windows host producing a ton of 4656 errors all fo...
by JDukeSplunk Builder in Splunk Search 07-20-2016
0 2
0
2
wolfreb

Timechart by Two Fields

This is probably the simplest thing, but I can't find the answer: I am searching for all events with either eventCod...
by wolfreb Explorer in Splunk Search 07-20-2016
0 2
0
2
ycalpu

How to schedule an export of triggered events to output a csv file to the splunk server

I want to be able to have a automate export of the csv file that will have the data of what alerts have been triggere...
by ycalpu New Member in Splunk Search 07-20-2016
0 1
0
1
htkwan

Why am I seeing "Unknown search command "gauge"" for a dashboard panel as a power user in Splunk 6.3.2?

Hello, When I run as a power user, I found that one of the dashboards returns an error: "unknown search command, gau...
by htkwan Path Finder in Splunk Search 07-20-2016
0 2
0
2
aferone

Disk Space Pie Charts from "df" Script in UNIX App

I'd like to set up pie charts for disk space from data coming from the "df" scripts from the UNIX app. In looking th...
by aferone Builder in Splunk Search 07-20-2016
0 17
0
17
mansel_scheffel

Static and Dynamic Table with drilldowns

Hi there, I need to create a table with static headings as well as static body entries, however these body entries w...
by mansel_scheffel Explorer in Splunk Search 07-20-2016
0 4
0
4
ctaf

How to find the time period of successive table lines?

Hello, I have a base search which output me something like this: _time src_host src_ip 06/19...
by ctaf Contributor in Splunk Search 07-20-2016
0 10
0
10
RICKZHANG

How to edit my search to display the current count and the count from 5 minutes ago in one line?

Hi Now I need to show the current count and the count five minutes ago in one row. The current count search is: in...
by RICKZHANG Engager in Splunk Search 07-20-2016
0 1
0
1
Frederik

I have installed the Splunk forwarder, but why am I unable to search the event logs from all machines?

Sorry but this is probably a stupid question. I have set up Splunk to be able to have centralized collection of all t...
by Frederik New Member in Splunk Search 07-20-2016
0 4
0
4
ZacEsa

How do I show other fields after top?

I'm not able to show other fields after top, below is my search string. index=* type=event subtype=system logid=0100...
by ZacEsa Communicator in Splunk Search 07-20-2016
1 18
1
18
mdufrasne

How to search for events that do not contain a field, where that field has a period in its name?

I have JSON records. Some contain the field logdata.message, others contain the field logdata.exception.Message. I wi...
by mdufrasne Explorer in Splunk Search 07-20-2016
1 5
1
5
mikelanghorst

Users are constantly being prompted to "take the tour" when logging into Splunk 6.4.1

After I upgraded my Splunk environment to 6.4.1, my users are reporting that they are repeatedly prompted as a new us...
by mikelanghorst Motivator in Splunk Search 07-20-2016
0 2
0
2
abhijit_mhatre

Why are we getting different events for the same sourcetype when searching for the same time period?

There are sourcetypes which are returning different number of events for the same time period. Example: sourcetype...
by abhijit_mhatre Path Finder in Splunk Search 07-20-2016
0 4
0
4
splunker9999

How to write the regex to extract this field?

Hi , Can someone please suggest the regex for this field extraction? We need to extract de from below context with ...
by splunker9999 Path Finder in Splunk Search 07-20-2016
0 5
0
5
rajeev_ku

List of important conf files and their purpose

Hi, Does anyone have list of the list of important configuration files and their role/usage/purpose in Splunk. Like ...
by rajeev_ku Path Finder in Splunk Search 07-19-2016
0 3
0
3
splunker9999

How to create a Splunk alert to trigger when Tomcat is down?

Hi, We have scenario to create an alert for tomcat to trigger an alert when tomcat is down. Based on our tomcat log...
by splunker9999 Path Finder in Splunk Search 07-19-2016
0 3
0
3
chrisduimstra

How to edit my regex to extract the type and message fields for the exception information from WinEventLog:Application?

I am trying to extract the type and message field for the exception information in the application logs. I have abstr...
by chrisduimstra Path Finder in Splunk Search 07-19-2016
0 2
0
2
mprreddy51

How to edit my transaction search to calculate duration?

Hi Folks, How to calculate the time below scenario(same accno). Using transaction. 20160719T181321.405 GMT MESSAGE=...
by mprreddy51 Explorer in Splunk Search 07-19-2016
0 5
0
5
Claim a $25 Cisco Store Gift Card
Help us improve the Splunk Community and complete our survey today!
Top Labels
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...