Splunk Search

Discussions

Thread Info

Each extracted field multivalue with duplicate values for JSON events

Hi, I am using splunk version 6.3.3 for forwarder and indexers in a clustered environment. Issue is when the searc...

by Explorer in

How to edit my regex in props.conf for proper search-time field extraction using my sample data?

I'm trying to extract a field called Item_Name using the file props.conf on the search head. I'm currently using this...

by Explorer in

How to add a lookup table value to matching search results?

I'm not sure whether or not this is a unique problem, but I'm hoping someone can help even if I'm overlooking an obvi...

by Explorer in

Why is my props.conf not working at all to parse XML data?

Hello everybody I'm pretty new to Splunk and I'm trying to parse an xml input for the first time. Unfortunately, w...

by Path Finder in

Is there any way to have the below query without map command?

Hi , With the below query, am facing issue while creating dashboard, as it is having a map command. index=Test ...

by Path Finder in

Why is my search to compare data week over week using time modifiers showing incomplete results?

I'm trying to apply the week over week design template from http://blogs.splunk.com/2012/02/19/compare-two-time-range...

by Path Finder in

How do I edit my transaction search to find over 3 failed Windows logon events that happen within a 10 minute timespan?

So I am working a bit with transaction and I am unable to verify how it should work. This is my search: index = "m...

by Explorer in

How to remove part of a field value?

I have a search that gives me a bunch of fields that look like: REBOOT=4/5/2016 9:17:19 AM REBOOT=4/5/2016 9:12:02 A...

by Path Finder in

refresh.auto.interval not working

Hi, I use a drop-down menu to set the refresh.auto.interval for a table: <panel> <title>Real-Time Stats</title> ...

by Communicator in

why stats last and first are inverted ?

When I search with stats first(myfield) last(myfield) They return the opposite !!!! example : 10/10/2010 myfield=A...

by Communicator in

How to combine my two tstats searches?

Hi, Wondering if someone could help me here, I'm trying to join two tstats searches together. I basically want ...

by Explorer in

How to add a new row to my table that subtracts the counts of two fields from the count of another field?

I have simple table as shown below Msg | Count Completed Stage 1 | 975 Completed Stage 2 | 750 Hit Quit | 200 I...

by Engager in

Include events from 7pm today onwards till next day same time.

Hi All Monitoring backups activity I need to start 7pm each night till same time next day. How can I give range in...

by Builder in

Why is my dashboard panel search using up so much disk space?

I am having trouble with the search for a dashboard panel. The job is taking up too much of my disk quota (~350MB whe...

by Engager in

How do I combine my results for two searches to display on a bar graph for comparison?

Hello, I am trying to join two searches 1)which gives the count for the last three months and 2)which gives the c...

by Builder in

How to add a table column that does operations in each cell based on the values from another column2?

asked a similar question here but here it is slightly different and here if I have a search that gives me somethi...

by Motivator in

How to search how long it takes for data to go from a universal forwarder to being searchable?

Anyone have a quick search on how to measure how long it's taking for data to go from Universal forwarder to be searc...

by Builder in

How to set x-axis time intervals for a line chart?

I've read over all of the other variations of this question, but I haven't been able to make this work. I have a s...

by Explorer in

How to rename and combine fields to display data with combined counts?

I'm trying to do an OS inventory from Active Directory. My results look something like this: operatingSystem------...

by Explorer in

Include results of another search in the body of an alert?

I have an alert that fires when the hourly count is 50% greater hour over hour, this seems to be working fine: ind...

by Splunk Employee in

Are all of the Splunk Fast Start courses outside the United States conducted in English?

Are all of the Splunk Fast Start Courses outside the United States conducted in English?

by New Member in

Is there a parameter that limits the number of real-time alerts?

Hi We are trying to alert based on different conditions for different application log data. We see in the activit...

by New Member in

Is there a way to track if the useragent changes during a session from IIS logs using the transaction command?

Is there a way to see if the useragent changes during a session using the transaction command? Thx, Jeff

by Influencer in

Whats the best way to classify events as being "Normal" or "Exception" type of events based on time ranges when i have various different exception windows timings?

I have historical events that i'm looking to classify as having occurred during an exception period or not. The chal...

by New Member in

How to edit my search to identify peak hours of transactions with API Gateway purchase logs?

Here's what I am trying to do. Using API Gateway purchase logs, identify peak and non-peak times. I want to send an a...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Each extracted field multivalue with duplicate values for JSON events

How to edit my regex in props.conf for proper search-time field extraction using my sample data?

How to add a lookup table value to matching search results?

Why is my props.conf not working at all to parse XML data?

Is there any way to have the below query without map command?

Why is my search to compare data week over week using time modifiers showing incomplete results?

How do I edit my transaction search to find over 3 failed Windows logon events that happen within a 10 minute timespan?

How to remove part of a field value?

refresh.auto.interval not working

why stats last and first are inverted ?

How to combine my two tstats searches?

How to add a new row to my table that subtracts the counts of two fields from the count of another field?

Include events from 7pm today onwards till next day same time.

Why is my dashboard panel search using up so much disk space?

How do I combine my results for two searches to display on a bar graph for comparison?

How to add a table column that does operations in each cell based on the values from another column2?

How to search how long it takes for data to go from a universal forwarder to being searchable?

How to set x-axis time intervals for a line chart?

How to rename and combine fields to display data with combined counts?

Include results of another search in the body of an alert?

Are all of the Splunk Fast Start courses outside the United States conducted in English?

Is there a parameter that limits the number of real-time alerts?

Is there a way to track if the useragent changes during a session from IIS logs using the transaction command?

Whats the best way to classify events as being "Normal" or "Exception" type of events based on time ranges when i have various different exception windows timings?

How to edit my search to identify peak hours of transactions with API Gateway purchase logs?

What's New in Splunk Cloud Platform 9.3.2411?

Buttercup Games: Further Dashboarding Techniques (Part 6)

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...