Splunk Search

Discussions

Thread Info

Sorting Field name that is dynamically named in a particular order

My search compares between the past two month (i.e. now we are in March, my search compares between January & Februar...

by Path Finder in

Percentage Timechart

Hello I'm trying to add a percentage for each day. Here is what I have: index=tt OrderIntegration.asmx "PlaceOr...

by Builder in

How to use field value count to filter the search result?

I want to generate a search which generates results based on the threshold of field value count. I.E.,, My base se...

by Contributor in

How to get correct host information from a Universal Forwarder to intermediary heavy forwarder to Splunk Cloud

We have a setup where we have a syslog-ng server that forwards all events using a UF to a HF and then to the cloud. T...

by Engager in

understanding the transforms.conf

hi, Can someone please explain me the below transforms.conf . I read the documentation ,but it's not clear to me . ...

by Path Finder in

How to write a query to have count of time where time is greater than 20s hits of one field "Time " against total time hits "Time" ,to create alert .

here is a search i'm using for one alert. sourcetype=xx source="*yy" method=* timeDiff| eval Time=ltrim(rtr...

by Path Finder in

How to trim values from results

Hi, We are looking to have my file name more readable and that being said FIlename looks like below and need to trim ...

by Path Finder in

How to generate a search to find unique IPs hitting a specific URL in Specific Time Range?

Hello - I'm trying to write a search string that finds unique IPs hitting a specific URL in 30 minute bursts. For exa...

by Communicator in

How to extract source and destination IP fields?

I am trying to configure various search fields for a firewall log from the field extractor but Splunk is pulling up s...

by Engager in

Display only differences in values, between 2 events

Hello, I'm looking events that track changes to a configuration. The first event is the "before" state the newest eve...

by Explorer in

How to edit my search to limit results to a specific user?

Hi i'm working w/ the below search and getting good results for all currently logged in user accounts but would anyon...

by Explorer in

How to include only certain fields in an email sent from an alert

I have an alert that looks for a pattern in an event that is an xml: ie. ":2017-03-01 06:02:16,194 INFO 7010 Syste...

by Path Finder in

How to generate a search that determines inactivity of firewall rules?

I'm having issues creating a search that determines inactivity of firewall rules. I'd like to determine if a firewall...

by Explorer in

Unknown error for peer xxx. Search Results might be incomplete

Splunk 6.4.2のSearch head 2台、Indexer 12台の分散環境を使っていますが、時間がかかるサーチを実行するとUI上に以下のエラーが表示されることがありますが、エラーが表示される原因および解決方法を教えてくだ...

by Contributor in

Why does appendcols cause a search to produce different results?

Hello all, I have an index of events, each of which has an enter and exit timestamp where _time is associated to t...

by Motivator in

How can I merge 2 tabled rows and add field values from columns as new fields?

I am looking to combine columns/values from row 2 to row 1 as additional columns. I am not sure which commands should...

by New Member in

Why am I receiving "Search process did not exit cleanly, exit_code=255, description="exited with code 255"" error with my current search?

Hi Folks, While executing the below command on Search and Reporting app, we are getting below error. could you ple...

by Explorer in

Searching Splunk logs and looking for occurrences of values fed from a CSV file

Hi, All, Here's what I have: I have a csv file (1 column, 1000 values) which I've uploaded to the lookup dir: "/op...

by New Member in

mainframe log parsing help - crazy log format

Greetings I have been staring at the below for sometime and I have no idea where to start to get this log to parse...

by Communicator in

Group by two or many fields fields

Hi This is my data : I want to group result by two fields like that : I follow the instructions on t...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Sorting Field name that is dynamically named in a particular order

Percentage Timechart

How to use field value count to filter the search result?

How to get correct host information from a Universal Forwarder to intermediary heavy forwarder to Splunk Cloud

understanding the transforms.conf

How to write a query to have count of time where time is greater than 20s hits of one field "Time " against total time hits "Time" ,to create alert .

How to trim values from results

How to generate a search to find unique IPs hitting a specific URL in Specific Time Range?

How to extract source and destination IP fields?

Display only differences in values, between 2 events

How to edit my search to limit results to a specific user?

How to include only certain fields in an email sent from an alert

How to generate a search that determines inactivity of firewall rules?

Unknown error for peer xxx. Search Results might be incomplete

Why does appendcols cause a search to produce different results?

How can I merge 2 tabled rows and add field values from columns as new fields?

Why am I receiving "Search process did not exit cleanly, exit_code=255, description="exited with code 255"" error with my current search?

Searching Splunk logs and looking for occurrences of values fed from a CSV file

mainframe log parsing help - crazy log format

Group by two or many fields fields

SplunkTrust | Where Are They Now - Michael Uschmann

Admin Your Splunk Cloud, Your Way

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

How to calculate subnet from list of IP addresses?

How to configure alert when a service is in failed...

how to identify '\n' in Splunk rex

How to combine results of inputlookup and a search...

Running queries not working at all