Splunk Search

Thread Info

How to count the number of times a certain value appears per field?

I'm new to Splunk - be kind... I can produce a table where I can get: Field1 Field2 Field3 Field4.... Co...

by Explorer in

How to add 1 month to a current date field in a search?

I have a table with an ID in it and a date. I've converted the date to be YYYYMMDD. Based on that date field, I would...

by Explorer in

How to group and calculate the program execute time in group?

Hi expert, currently I am study Splunk and have some question, could you help me to resolve them? Thank you in advanc...

by New Member in

How do I extract these two fields from a string in my sample data?

Hello, I have this logs : Apr 26 12:49:09 10.30.245.203 Apr 26 14:49:12 MachineOne info tmm1[11869]: Rule /User...

by New Member in

Splunk with MQ Series

Hi, As said in Splunk's Application Management Solutions page, IBM MQ Series belongs to typical data sources. But ...

by Engager in

iOS Transaction & Events Not Working

I can initialize my Mint instanced and it shows in the dashboard. I have a nice sample log like so. [[Mint sharedI...

by New Member in

Acceleration not working...

Struggling with this query in Splunk ES. The results come back fine but take a long time to generate. Tried to accele...

by Engager in

How do I combine my two searches into one timechart?

Hello, I have two searches I'd like to combine into one timechart. Each of these has its own set of _time values. ...

by Explorer in

How to combine data from two CSV files using a common field where this field has a different name in each file?

Hi, I have 2 CSV files that have a unique key of sorts.... The of sorts is, in one CSV file the unique key is name...

by Motivator in

Ticket analytics: How to chart open tickets over time like a "Burndown chart"?

I would like to show an Open Ticket Count over time. A kind of “burndown chart”. I’ve read around on the KB, but ...

by Engager in

How to edit my regex for props and transforms.conf to extract all values for two fields?

Hello, I have logs coming from one of my applications were the events are structured differently. I want to extrac...

by Path Finder in

How do I filter the results of my stats search with a where condition?

The pipeline logic of this discrete math is kicking me hard today. I need to be able to find a list of laptops that a...

by Communicator in

How to sum values in a table with a condition that compares columns?

Hi, I've got a table like this ts1 | ts2 | count | id 1461347440 | 1461347448 | 5 | 1234 1461347459 | 14613474...

by Motivator in

How many maximum rows and maximum columns can the KV store hold?

I am trying to create a data repository which will store columns and rows. The number of records (or rows) I would b...

by New Member in

How to plot data on the Splunk Map from lookup data using Country Name, Country Code, City Name but not IP?

I have a system that requires authentication so each user has a unique identifier. I have a lookup to enrich users...

by Contributor in

How to overlay a line of the overall average on a chart?

I have a line chart. The chart is the consumption of the week for 3 printers. I wanted to put a line (which will prob...

by Path Finder in

How to create an app with only a "Search" tab and another tab with a specific dashboard?

I would like to create an app with just a tab "search" and another tab with a specific dashboard (that I created). ...

by Communicator in

How to search the average and median of the number of events per second for each unique username?

Hello! I need help with a search. Let's imagine we have Windows logs. These logs contain the field Username. I wan...

by Explorer in

How to configure a timechart alert to not trigger between a certain time frame (1:00am - 5:00am)?

I am trying to set up an alert based on time chart. My objective is to check user logins, and if no user logged in fo...

by Communicator in

Is there a way to optimize my join search?

Hi, I did a report that lists users who have not logged on for more than 60 days and the status of users aren't di...

by Communicator in

How to use NOT in an IF condition?

I have 2 files: Account and Account.TXT. I have to get only the "Account" file details. I tried: if( (like(filena...

by New Member in

Convert this time format to epoch and simple date format

I have a time in the format of: Dec 23, 2015 11:45:26 BRST I'm trying to convert this to epoch time and later to ...

by Path Finder in

How to run 10 unrelated searches as one scheduled search?

I have several searches, about 10, each of which produces a CSV file as an output. I would like to run this as schedu...

by Contributor in

Why are Splunk searches returning events outside the frozenTimePeriodInSecs setting?

Hi there! I'm trying to set up the buckets in one Splunk deployment. I want to delete events greater than 1 week a...

by Communicator in

Why does the multisearch command only return results for the second search, but both searches produce results when run separately?

Hi, I'm on 6.1.1 and I need to search two different indexes, so I thought the multisearch command would be up for ...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

How to count the number of times a certain value appears per field?

How to add 1 month to a current date field in a search?

How to group and calculate the program execute time in group?

How do I extract these two fields from a string in my sample data?

Splunk with MQ Series

iOS Transaction & Events Not Working

Acceleration not working...

How do I combine my two searches into one timechart?

How to combine data from two CSV files using a common field where this field has a different name in each file?

Ticket analytics: How to chart open tickets over time like a "Burndown chart"?

How to edit my regex for props and transforms.conf to extract all values for two fields?

How do I filter the results of my stats search with a where condition?

How to sum values in a table with a condition that compares columns?

How many maximum rows and maximum columns can the KV store hold?

How to plot data on the Splunk Map from lookup data using Country Name, Country Code, City Name but not IP?

How to overlay a line of the overall average on a chart?

How to create an app with only a "Search" tab and another tab with a specific dashboard?

How to search the average and median of the number of events per second for each unique username?

How to configure a timechart alert to not trigger between a certain time frame (1:00am - 5:00am)?

Is there a way to optimize my join search?

How to use NOT in an IF condition?

Convert this time format to epoch and simple date format

How to run 10 unrelated searches as one scheduled search?

Why are Splunk searches returning events outside the frozenTimePeriodInSecs setting?

Why does the multisearch command only return results for the second search, but both searches produce results when run separately?

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...

Splunk Search

Are you a member of the Splunk Community?

Discussions