Splunk Search

Ask a Question

Discussions

Thread Info

How to search and alert on unbalanced load across hosts for a target sourcetype?

Hello I am trying to set up a Splunk search which will alert on unbalanced load across hosts for a target sourcety...

by Explorer in

(Field) Extracting lines from a single file based on the leading word

Hi, I have a device generating CDR's. Within this CDR file there are multiple type of CDR's. Each type start with:...

by Engager in

How can I detect and alert on significant changes in a field value over time?

I want to create an alert that will trigger when the count of a certian type of event changes significantly from what...

by Builder in

What is interval -1 in inputs.conf

Input.conf for Template for Citrix XenApp contains interval values of -1. What does the value -1 indicate ?

by Engager in

How to edit my search to return a list within a list?

Hey guys, So what i am trying to do is put a list inside of a list to get an output such as the one below Comap...

by Path Finder in

Replace where values may not exist; makemv, multiply across mvarrays, and then sum the products

So this is going to be a little...odd. I realize I'm asking a very circumstance-specific and idiosyncratic question; ...

by New Member in

Need help getting right timestamp from CSV

I have a CSV file I'm trying to index, but the wrong timestamp field is getting selected. UTC,LOCAL,HOSTNAME,SEVER...

by SplunkTrust in

How to edit my regex to remove all text before an optional character?

I'm attempting to us rex or a similar function that will be able to help me remove the domain identifier from a usern...

by Contributor in

How do you divide a count of events in timechart?

We would like to count the number of error events in 15 minute intervals and show that number as the number of errors...

by Path Finder in

How do I add a field to my chart?

I am working on a graph in order to identify the most pinging customer accounts (traffic optimization, security). I w...

by Explorer in

How to convert this string to a date?

I'm trying to convert a string to a date. The string looks like 2016-05-20T05:16:02.007+02:00

by Path Finder in

How can I compare two multivalue fields from two different sets of events?

I have events (call them "approvedset" events) generated on a regular interval which each containing a field called l...

by New Member in

How to create a timechart on a dashboard to visualize events using two fields from my data?

Hi I need help in creating a timechart for visualization of events with multiple fields of interest in a dashboar...

by Explorer in

Besides a series of regex's, is there an automated way to change duration format into plain english?

To make a "plain english" dashboard panel, I currently use the following search to change a duration value (SecondsSi...

by Path Finder in

How to edit my search to calculate percentage of a multivalued field for total by Country?

I'm trying to craft a search that will show the percentage of quarantined messages by country, but I'm struggling a l...

by Influencer in

windows app task category incorrect

Hello, We have the Splunk windows app setup to monitor the system eventlogs on our citrix server and it appears to...

by Splunk Employee in

How to make a search case-sensitive?

How can I make a search case-sensitive? That is to say, I search for the general term "FOO" and want to only match "F...

by SplunkTrust in

How can I edit my search to chart relationships between values for a certain field in my data?

I have a simple search parsing project activity logs to pull a list of projects and people working on those projects:...

by Path Finder in

How to extract a numeric value from my field and create an average?

I have created a field extraction for the data I am looking for. The field looks as follows: messages_read total/i...

by New Member in

How to trigger an alert if there is no event2 within 30 minutes of event1?

Hi all, I have to trigger an alert for event=1, if there is no event=2 within 30min of event=1. Search I'm using: ...

by Builder in

My search works when I run it manually, but why does it not produce results when I use it to populate a table?

index=main source=locations sourcetype=location_information | search * AND address=$token1$ OR...

by Communicator in

How to edit my search to alert when a certain field value occurs more than 10 times in an hour and display results in a table?

Hi all, I'm trying to trigger an alert when an ID occurs more than 10 times in an hour and alert should be in a t...

by Builder in

How to create a time chart that is not based on numerical values?

I am trying to create a graph for status history of some machine. Values I have are the name of machine & its server ...

by Communicator in

What are the use cases where lookups are needed on the indexers/search-peers?

I want to blacklist all the lookups from the replication bundle and would like to understand what are some valid use ...

by Influencer in

Max data points that charts can handle?

Hi, I am looking for the chart property to control the max number of data points that a chart can handle. There ar...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to search and alert on unbalanced load across hosts for a target sourcetype?

(Field) Extracting lines from a single file based on the leading word

How can I detect and alert on significant changes in a field value over time?

What is interval -1 in inputs.conf

How to edit my search to return a list within a list?

Replace where values may not exist; makemv, multiply across mvarrays, and then sum the products

Need help getting right timestamp from CSV

How to edit my regex to remove all text before an optional character?

How do you divide a count of events in timechart?

How do I add a field to my chart?

How to convert this string to a date?

How can I compare two multivalue fields from two different sets of events?

How to create a timechart on a dashboard to visualize events using two fields from my data?

Besides a series of regex's, is there an automated way to change duration format into plain english?

How to edit my search to calculate percentage of a multivalued field for total by Country?

windows app task category incorrect

How to make a search case-sensitive?

How can I edit my search to chart relationships between values for a certain field in my data?

How to extract a numeric value from my field and create an average?

How to trigger an alert if there is no event2 within 30 minutes of event1?

My search works when I run it manually, but why does it not produce results when I use it to populate a table?

How to edit my search to alert when a certain field value occurs more than 10 times in an hour and display results in a table?

How to create a time chart that is not based on numerical values?

What are the use cases where lookups are needed on the indexers/search-peers?

Max data points that charts can handle?

What's New in Splunk Cloud Platform 9.3.2411?

Buttercup Games: Further Dashboarding Techniques (Part 6)

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...