Splunk Search

Discussions

Thread Info

Calculate and display count variance between same field across unique hosts by another field

I created a table showing a mv field1 count for the same transactions as they passed through sequential hosts A, B, C...

by Explorer in

After uploading a CSV file to an index, why is my current search not producing results from the uploaded CSV data?

Hello, I have a problem about Data Input that is uploaded from my computer. I upload a CSV file and index the file...

by New Member in

how to have a timechart table group by columns

Hi, Please help me in creating a table with timechart grouped by columns: _time Products Service ProductA ProductB...

by New Member in

Timechart & Stats Dc.

Hi, I wondered whether someone may be able to help me please. I'm using the query below which works but contains d...

by Motivator in

how to saving various sums in a variable?

how to saving various sums in a variable for future search? I know it gives you to put a sum on a varivavel, but seve...

by Path Finder in

impact of fields command on performance

Hi, i was wondering if limitating fields with the "fields" command would have any impact on performance for stats...

by Path Finder in

adding/appending a row to get differences between cells above

I have a search giving me a table with row 1 and 2 below: _time A B C D 1 2015-02 1 3 5 7 ...

by Motivator in

How to filter my search to only list values for a field that contain more than one host?

Here is a simple question. The following is my search: index="atg" sessionId="*mob" host="*" | stats values(host) ...

by New Member in

How to group all possible combinations with transaction

Hi, I am quite new to splunk. I have been working with the log like below. 2016/3/18 10:00:00 user=userA Action=Co...

by New Member in

useother=f in tstats query? for piechart visualization

Hi, I have a tstats query and I want to display all "others" in piechart .below is my query: |tstats count AS "...

by Explorer in

How to specify a phrase to filter out

Hi, I want to filter out events that have a specific phrase in them. The phrase is "FIP VLAN" (which could be anyw...

by Champion in

How would I merge the events from two log files so that it appears as if coming from a single host?

The logs are created by the same application and have the same fields. What I am after is displaying the count of...

by New Member in

When searching via REST API in a distributed search environment, why am I getting error "supplied index 'p_uno' missing"?

Hallo, I have a setup with 2 indexers and a dedicated search head; the indexes.conf file is defined only on the in...

by Path Finder in

How to name NULL column

Hello, I'm a new user to splunk and want to know how to name a NULL column. For example, see below query. index...

by Explorer in

use one search result as parameter to another search query

I have two Splunk queries which are working independently but I want to join the two queries and get result at one go...

by New Member in

daily number of historically new users

Hi, I am struggling to get a what I think should be a quite straight job. I need to create a dashboard showing new us...

by Path Finder in

Splunk return different event count in verbose vs fast mode using "where"

Hi! I'm having a problem with the following simple search in Splunk 6.3.3: index=myIndex sourcetype=mySourcetype e...

by Builder in

Club results from multiple search in a single table.Search involves dedup and count by parameter

index=* activatesessionIdsForREST() : partnerId=11111111111 ActivateOfferRequestVO |dedup sessionIds|stats count(sess...

by Explorer in

ES incident_review_lookup

Dear All, In Splunk ES, is it possible to create a realtime alert for any update in incident_review KV store? The ...

by New Member in

splunk where condition

I have a sample query that i need to apply a where condition to: index="web" host="blah*" sourcetype="jboss:serve...

by Engager in

What is tstats and why is so much faster than stats?

Why is | tstats count where index=* by sourcetype so much faster than index=* | stats count by sourcetype ...

by Champion in

Python SDK: Why do search results not contain keys for all fields?

I'm retrieving DNS lookup log results from Splunk using the Python SDK. One of the fields present in the log is the d...

by Explorer in

How to reference the search time range

I have a query to breaks up the search result into multiple time period below eval Period=if(_time > relative_time...

by Path Finder in

I want to find the difference between the below 2 times in hh:mm:ss format, can somebody please assist? 03/17/2016 11:45:05 2016-03-17 11:44:03.0

I want to find the difference between the below 2 times in hh:mm:ss format, can somebody please assist? 03/17/2016 11...

by Path Finder in

What search query can I use on my search head to list all forwarder hosts and their associated Splunk forwarder versions?

Greetings Is there a query that I can use on my search head to list all my forwarder hosts and their associated sp...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Calculate and display count variance between same field across unique hosts by another field

After uploading a CSV file to an index, why is my current search not producing results from the uploaded CSV data?

how to have a timechart table group by columns

Timechart & Stats Dc.

how to saving various sums in a variable?

impact of fields command on performance

adding/appending a row to get differences between cells above

How to filter my search to only list values for a field that contain more than one host?

How to group all possible combinations with transaction

useother=f in tstats query? for piechart visualization

How to specify a phrase to filter out

How would I merge the events from two log files so that it appears as if coming from a single host?

When searching via REST API in a distributed search environment, why am I getting error "supplied index 'p_uno' missing"?

How to name NULL column

use one search result as parameter to another search query

daily number of historically new users

Splunk return different event count in verbose vs fast mode using "where"

Club results from multiple search in a single table.Search involves dedup and count by parameter

ES incident_review_lookup

splunk where condition

What is tstats and why is so much faster than stats?

Python SDK: Why do search results not contain keys for all fields?

How to reference the search time range

I want to find the difference between the below 2 times in hh:mm:ss format, can somebody please assist? 03/17/2016 11:45:05 2016-03-17 11:44:03.0

What search query can I use on my search head to list all forwarder hosts and their associated Splunk forwarder versions?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6