Splunk Search

Discussions

Thread Info

Why are we seeing duplicate events found in an index after update to Splunk 6.3.x?

We use several scheduled reports to ensure that we do not have any duplicate events in our indexes. Our searches look...

by Path Finder in

How do I sort bars in descending order based on count in my timechart?

Hello fellow splunkers, I'm currently charting around with webserver access logs. My current search string lo...

by Motivator in

How to use eventstats to get the max value after using timechart?

Hi All, I am trying to gather transaction per second on my 4 servers for each day over a week. I would like to sam...

by Communicator in

Is there a Splunk search command opposite of Transpose, similar to tools like "crosstab" or "crosstable"?

I have a data set that looks like this: Name, Month, Year, Data1, Data2, Data3, Data4, Data[x] Steve, 2,2015, 1,1,...

by Explorer in

How to convert m/s to km/h?

Hey guys, I'm having this syntax here and the incoming data is m/s and i need to convert it to km/h. How can i do it?...

by Explorer in

How to write a search to filter hosts by lookup table and show their metadata?

I have a task to list out some hosts that do not receive logs in Splunk for X hours. Initially it works fine if I def...

by Explorer in

How to edit my search to return events with an IP that originate from a Country in a lookup file?

I have a search for my IDS / IPS systems feeding Splunk. I want to evaluate all the IDS/IPS events that have triggere...

by Explorer in

Query to create a table to include fields from 2 different sourcetypes where values of field1 from sourcetype 1 is equal to field2 from sourcetype 2

I have 2 sourcetype sourcetype="pan:traffic" and sourcetype="pan:threat" I want to write a splunk query to find ev...

by Path Finder in

86400 in Splunk

What significance does '86400' have in Splunk? For example, why is it used here, '| eval day=floor((now()-_time)/8640...

by Explorer in

How to search the number of times an IP address comes up in our network traffic over different time ranges?

I'm searching for how frequently an IP address comes up in our network traffic during a 30, 30-60-60-90- and 90-120 d...

by Explorer in

How to edit my search on modified files to include additional details (what got changed) for an alert?

I currently have an alert set to notify me on any mass modification files over 100. The alert only provides the User,...

by Path Finder in

How to edit my eval case statements to get expected results based on multiple conditions and multiple fields?

I am trying to build a search where I can return a status_code based on the conditions of two fields: <search> |e...

by Path Finder in

How to save an eval urldecode as a field in Splunk 6.3.3?

I am trying to save this search below as a field for my user to be able to see on their "selected fields" during thei...

by Contributor in

Where do I put the "useother" argument in my search?

Hi, I have a search (Below) that I want to run to show me license details by date, sourcetype, and host. Unfortuna...

by Champion in

How to ensure a role will have a minimum search jobs number allocated to it?

Even though Splunk allows us to set a role level concurrent search jobs limit, it really does not allow us to ensure ...

by Builder in

How to count the number of times a certain value appears per field?

I'm new to Splunk - be kind... I can produce a table where I can get: Field1 Field2 Field3 Field4.... Co...

by Explorer in

How to add 1 month to a current date field in a search?

I have a table with an ID in it and a date. I've converted the date to be YYYYMMDD. Based on that date field, I would...

by Explorer in

How to group and calculate the program execute time in group?

Hi expert, currently I am study Splunk and have some question, could you help me to resolve them? Thank you in advanc...

by New Member in

How do I extract these two fields from a string in my sample data?

Hello, I have this logs : Apr 26 12:49:09 10.30.245.203 Apr 26 14:49:12 MachineOne info tmm1[11869]: Rule /User...

by New Member in

Splunk with MQ Series

Hi, As said in Splunk's Application Management Solutions page, IBM MQ Series belongs to typical data sources. But ...

by Engager in

iOS Transaction & Events Not Working

I can initialize my Mint instanced and it shows in the dashboard. I have a nice sample log like so. [[Mint sharedI...

by New Member in

Acceleration not working...

Struggling with this query in Splunk ES. The results come back fine but take a long time to generate. Tried to accele...

by Engager in

How do I combine my two searches into one timechart?

Hello, I have two searches I'd like to combine into one timechart. Each of these has its own set of _time values. ...

by Explorer in

How to combine data from two CSV files using a common field where this field has a different name in each file?

Hi, I have 2 CSV files that have a unique key of sorts.... The of sorts is, in one CSV file the unique key is name...

by Motivator in

Ticket analytics: How to chart open tickets over time like a "Burndown chart"?

I would like to show an Open Ticket Count over time. A kind of “burndown chart”. I’ve read around on the KB, but ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why are we seeing duplicate events found in an index after update to Splunk 6.3.x?

How do I sort bars in descending order based on count in my timechart?

How to use eventstats to get the max value after using timechart?

Is there a Splunk search command opposite of Transpose, similar to tools like "crosstab" or "crosstable"?

How to convert m/s to km/h?

How to write a search to filter hosts by lookup table and show their metadata?

How to edit my search to return events with an IP that originate from a Country in a lookup file?

Query to create a table to include fields from 2 different sourcetypes where values of field1 from sourcetype 1 is equal to field2 from sourcetype 2

86400 in Splunk

How to search the number of times an IP address comes up in our network traffic over different time ranges?

How to edit my search on modified files to include additional details (what got changed) for an alert?

How to edit my eval case statements to get expected results based on multiple conditions and multiple fields?

How to save an eval urldecode as a field in Splunk 6.3.3?

Where do I put the "useother" argument in my search?

How to ensure a role will have a minimum search jobs number allocated to it?

How to count the number of times a certain value appears per field?

How to add 1 month to a current date field in a search?

How to group and calculate the program execute time in group?

How do I extract these two fields from a string in my sample data?

Splunk with MQ Series

iOS Transaction & Events Not Working

Acceleration not working...

How do I combine my two searches into one timechart?

How to combine data from two CSV files using a common field where this field has a different name in each file?

Ticket analytics: How to chart open tickets over time like a "Burndown chart"?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions