Splunk Search

Discussions

Thread Info

How to calculate concurrency using value in event?

Hi all, I have the following type of data with session information: starttime=1477419810 endtime=1477419818 cou...

by Explorer in

How to edit my search to append a total average column for a chart?

I can't seem to find a solution for this. I've created a chart over a given time span. I've been able to add a column...

by Path Finder in

How to sum a set of values for similar fields from JSON data to calculate a percentage?

I am trying to sum a set of values from some JSON files. The structure of the response is identical, but I want to gr...

by Engager in

How to create a regex to capture information from an indexing sourcetype?

Hi, I'm struggling to create a regex to capture all the information correctly from a sourcetype we have and make t...

by New Member in

How to accelerate the searches for a dynamic dashboard?

Hi, I have a dynamic dashboard which contains multiple panels and it takes a lot of time for displaying the data. Is ...

by Path Finder in

What's the order of search time field extraction

I have data like whrchan-ros,FirstName,LastName,End User,Activated,Major Account,Group,Direct sales I want to c...

by SplunkTrust in

How to convert partial rows into columns?

Hi. I have a search query returning the result as the following format: Application Service Owner Location ...

by Communicator in

How to split a string into 2 separate fields in Splunk 6.5.0?

Hi, before Splunk 6.5.0 I used commands like this to split strings into separate fields. For fields like produc...

by Motivator in

Why does dedup count and dc return a different number of values?

Doing separate searches with dc doesn't match numbers returned by a dedup count, except for the total. This is for th...

by Path Finder in

Is it possible to create one graph that has lines for each field and a timechart average for each field as additional lines?

So, I have a simple search index="prod1" source="/opt/apps/logs/my.log" Performance Timing foobar adapter res...

by Explorer in

After I have changed the name of a host, how can I show two host names as one name?

I fixed the name of a host on the forwarder. It was showing as "hostname.domain.com" instead of just "hostname". I fi...

by Explorer in

Date validate to check before 8AM daily

Hi, Need your help on the below. I want to validate a date/time to check if that time is before or after 8AM daily...

by Explorer in

How to create a report based on different source types and include the results from a search on 1 source type that requires a transaction command?

Hello, I have several different source types and I need to create a report on them, most of them have events with ...

by Contributor in

How to write a search that returns count totals and percentages?

I have some tables like below extracting from a csv file. BusinessUnit Status SLAMET Finance ...

by Explorer in

Difference between two dates

I have two fileds as below, now i would like to get difference date i.e Mydat-previousdate Mydate | previousdate 2...

by New Member in

Why am I seeing very different search performance between two indexed fields in two similar searches?

I have two indexed fields. When I search using the 1st field, the performance is great. However, when I search using ...

by Explorer in

Is there a better way of searching across a range of EventCodes?

Good morning. I am currently constructing a number of reports showing information relating to our domain controlle...

by Path Finder in

showperc and usother for stats/charts?

I'm wondering if there is any option to have a showperc and useother functionality in stats/charts? They seem to be a...

by Path Finder in

How to extract field value in one index for comparison with other index using join dynamically

Hi , In index1 ,in have field called hostname with values, sxer123 sdcfgg SDFCXZ I have a field called hostname...

by Path Finder in

Eval results and remove results based on conditions

The goal of my search is to 1) display the details 2) show the count of viruses which have not been handled by ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to calculate concurrency using value in event?

How to edit my search to append a total average column for a chart?

How to sum a set of values for similar fields from JSON data to calculate a percentage?

How to create a regex to capture information from an indexing sourcetype?

How to accelerate the searches for a dynamic dashboard?

What's the order of search time field extraction

How to convert partial rows into columns?

How to split a string into 2 separate fields in Splunk 6.5.0?

Why does dedup count and dc return a different number of values?

Is it possible to create one graph that has lines for each field and a timechart average for each field as additional lines?

After I have changed the name of a host, how can I show two host names as one name?

Date validate to check before 8AM daily

How to create a report based on different source types and include the results from a search on 1 source type that requires a transaction command?

How to write a search that returns count totals and percentages?

Difference between two dates

Why am I seeing very different search performance between two indexed fields in two similar searches?

Is there a better way of searching across a range of EventCodes?

showperc and usother for stats/charts?

How to extract field value in one index for comparison with other index using join dynamically

Eval results and remove results based on conditions

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

Comparison of field values with a lookup

Windows Event Log of Account Creation

How to convert large bytes to human readable units...

How to convert a large number to string with expre...

Need help on Dashboard related issue?