Splunk Search

Discussions

Thread Info

How do I edit my search to return a certain field value in my table of results?

Hi, I'm trying to return some results with the AppID that is being searched. My current search does everything I ...

by Explorer in

Is there a way to eval 'job.resultCount' in a postprocess search?

We recently upgraded to 6.3 and I have been toying with using eval and search event handlers. In one of my dashboards...

by New Member in

Compare monthly group average against user daily results

We have dashboards that show the average of user work for the last month this could be for any of the various departm...

by Path Finder in

DB Connect 1.1.7 download location

The DB Connect 1 page only has v1.2.2 available for download (indicates to use 1.1.7 for Java 6 but no link); I have ...

by Engager in

Alert for events over a certain amount and over a certain percentage change

I am trying to create an alert which will notify me when the percentage change in the delta/difference of events exce...

by Influencer in

Tranpose Column and Row Headings

Hi, I wonder whether someone may be able to help me please. I'm trying to compare the apps set up in my four envir...

by Motivator in

how do the stats p* commands work in summary rollups?

Hello, I have some data for which I calculate hourly avg/max/stdev into a summary index, then calculate daily summ...

by Builder in

totals for a transaction

I have a system with customers interacting with a catalogue, stepping through the menus, searching etc. I can chunk t...

by Engager in

splunk search for users logging onto servers

Hi, I have deployed splunk to log data of users who are logging onto servers (unix and windows). I want to create ...

by New Member in

Subsearch not returning any results though matches exists.

Hi, I am trying to run below query and the scenario is here. This is not returning any results though match exists. C...

by New Member in

Subsearch using loadjob not working

I try the following search: | loadjob savedsearch="admin:app1:app1_view1" | fields hostname This returns "host...

by Communicator in

Easy way to convert bits into bytes and kb

one of the values in my log is sent and received I believe it's bytes. I would like to display those as Kb and Mb. Us...

by Communicator in

How to do calculate log time between search result and next row ?

Hi All, I am studying splunk recently and need help about some question, thanks. When I want to search one key word a...

by New Member in

How to use the mvindex command to remove all characters after the second period (.) for a field's values?

Hello, I am finding difficulty to use the mvindex command to remove all the characters after the second period (.)...

by Builder in

How do I constrain a timechart's x-axis range, but still predict on more values than are displayed?

Hello, Using Splunk Enterprise 6.2 I am running a prediction using 30+ historical days of data to predict the n...

by Explorer in

Is this a scheduled real-time search?

Hi, Are processes that contain "rt_scheduler" real-time scheduled searches? Example: splunk 15005 75443 0 1...

by Champion in

A way to improve subsearch performance without changing configuration?

I am trying to search for data that is in a .csv lookup file and NOT in Splunk. My issue is that my subsearch stops (...

by Engager in

How to get a random sample of iis events each day for the last X days to build control charts?

On iis logs, suppose I have 60000 transactions per 24 hours. How can I get a random sample of say 5000 events? I need...

by New Member in

How to query only large difference in timestamps?

I have a dashboard query that returns fields of a log file, and I'm only interested if the difference in time between...

by Engager in

Proxy log regex: search for attachments

We are trying to extract from the field "url" all files transferred as part of a session. The ultimate goal is to kee...

by Contributor in

Timestamp/regex help

Hi, I'm having a hard time getting a regex/timestamp to work properly. Here are some sample events: [5892][...

by Champion in

removal of special character < question

Hello Everyone, I am trying to format some syslog data for a dashboard output. I have no idea how to remove the < cha...

by Engager in

Best way to overlay two searches on a graph that share similar X-axis intervals?

I would like to have a panel that shows total logs per hour over 24 hours in a column graph, and show the average log...

by Explorer in

Formating question and regex

Hi All, I'm trying to search for start up and shutdown message of AWS instances and build a nice table. On my test...

by Explorer in

Trendmicro Regex Help

Hi Community, I'm trying to figure out how to get the signature and signature id to their own fields. This has bee...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I edit my search to return a certain field value in my table of results?

Is there a way to eval 'job.resultCount' in a postprocess search?

Compare monthly group average against user daily results

DB Connect 1.1.7 download location

Alert for events over a certain amount and over a certain percentage change

Tranpose Column and Row Headings

how do the stats p* commands work in summary rollups?

totals for a transaction

splunk search for users logging onto servers

Subsearch not returning any results though matches exists.

Subsearch using loadjob not working

Easy way to convert bits into bytes and kb

How to do calculate log time between search result and next row ?

How to use the mvindex command to remove all characters after the second period (.) for a field's values?

How do I constrain a timechart's x-axis range, but still predict on more values than are displayed?

Is this a scheduled real-time search?

A way to improve subsearch performance without changing configuration?

How to get a random sample of iis events each day for the last X days to build control charts?

How to query only large difference in timestamps?

Proxy log regex: search for attachments

Timestamp/regex help

removal of special character < question

Best way to overlay two searches on a graph that share similar X-axis intervals?

Formating question and regex

Trendmicro Regex Help

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...