Splunk Search

Discussions

Thread Info

How does Splunk create the date_month field?

Since day 23 so far, Splunk is not creating the date_month. It has not changed the date model is the same, as I verif...

by Path Finder in

How to search for a threshold of failed logins followed by a successful login from a user?

I found another thread where the user was trying something similar, with this string: index= | transaction src_ip...

by Explorer in

How i can calculate average of each event type

index="sc-general" info AND(heartbeat OR Successfully) NOT(created) | rex ":\s+(?\w+)" | eval entry_type=if(entry_typ...

by New Member in

How to use a wildcard in a where clause?

I am using the search below to shunt "ORA-00001" from a set of log files. This search works fine for just one log fil...

by Explorer in

Why are we seeing duplicate events found in an index after update to Splunk 6.3.x?

We use several scheduled reports to ensure that we do not have any duplicate events in our indexes. Our searches look...

by Path Finder in

How do I sort bars in descending order based on count in my timechart?

Hello fellow splunkers, I'm currently charting around with webserver access logs. My current search string lo...

by Motivator in

How to use eventstats to get the max value after using timechart?

Hi All, I am trying to gather transaction per second on my 4 servers for each day over a week. I would like to sam...

by Communicator in

Is there a Splunk search command opposite of Transpose, similar to tools like "crosstab" or "crosstable"?

I have a data set that looks like this: Name, Month, Year, Data1, Data2, Data3, Data4, Data[x] Steve, 2,2015, 1,1,...

by Explorer in

How to convert m/s to km/h?

Hey guys, I'm having this syntax here and the incoming data is m/s and i need to convert it to km/h. How can i do it?...

by Explorer in

How to write a search to filter hosts by lookup table and show their metadata?

I have a task to list out some hosts that do not receive logs in Splunk for X hours. Initially it works fine if I def...

by Explorer in

How to edit my search to return events with an IP that originate from a Country in a lookup file?

I have a search for my IDS / IPS systems feeding Splunk. I want to evaluate all the IDS/IPS events that have triggere...

by Explorer in

Query to create a table to include fields from 2 different sourcetypes where values of field1 from sourcetype 1 is equal to field2 from sourcetype 2

I have 2 sourcetype sourcetype="pan:traffic" and sourcetype="pan:threat" I want to write a splunk query to find ev...

by Path Finder in

86400 in Splunk

What significance does '86400' have in Splunk? For example, why is it used here, '| eval day=floor((now()-_time)/8640...

by Explorer in

How to search the number of times an IP address comes up in our network traffic over different time ranges?

I'm searching for how frequently an IP address comes up in our network traffic during a 30, 30-60-60-90- and 90-120 d...

by Explorer in

How to edit my search on modified files to include additional details (what got changed) for an alert?

I currently have an alert set to notify me on any mass modification files over 100. The alert only provides the User,...

by Path Finder in

How to edit my eval case statements to get expected results based on multiple conditions and multiple fields?

I am trying to build a search where I can return a status_code based on the conditions of two fields: <search> |e...

by Path Finder in

How to save an eval urldecode as a field in Splunk 6.3.3?

I am trying to save this search below as a field for my user to be able to see on their "selected fields" during thei...

by Contributor in

Where do I put the "useother" argument in my search?

Hi, I have a search (Below) that I want to run to show me license details by date, sourcetype, and host. Unfortuna...

by Champion in

How to ensure a role will have a minimum search jobs number allocated to it?

Even though Splunk allows us to set a role level concurrent search jobs limit, it really does not allow us to ensure ...

by Builder in

How to count the number of times a certain value appears per field?

I'm new to Splunk - be kind... I can produce a table where I can get: Field1 Field2 Field3 Field4.... Co...

by Explorer in

How to add 1 month to a current date field in a search?

I have a table with an ID in it and a date. I've converted the date to be YYYYMMDD. Based on that date field, I would...

by Explorer in

How to group and calculate the program execute time in group?

Hi expert, currently I am study Splunk and have some question, could you help me to resolve them? Thank you in advanc...

by New Member in

How do I extract these two fields from a string in my sample data?

Hello, I have this logs : Apr 26 12:49:09 10.30.245.203 Apr 26 14:49:12 MachineOne info tmm1[11869]: Rule /User...

by New Member in

Splunk with MQ Series

Hi, As said in Splunk's Application Management Solutions page, IBM MQ Series belongs to typical data sources. But ...

by Engager in

iOS Transaction & Events Not Working

I can initialize my Mint instanced and it shows in the dashboard. I have a nice sample log like so. [[Mint sharedI...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How does Splunk create the date_month field?

How to search for a threshold of failed logins followed by a successful login from a user?

How i can calculate average of each event type

How to use a wildcard in a where clause?

Why are we seeing duplicate events found in an index after update to Splunk 6.3.x?

How do I sort bars in descending order based on count in my timechart?

How to use eventstats to get the max value after using timechart?

Is there a Splunk search command opposite of Transpose, similar to tools like "crosstab" or "crosstable"?

How to convert m/s to km/h?

How to write a search to filter hosts by lookup table and show their metadata?

How to edit my search to return events with an IP that originate from a Country in a lookup file?

Query to create a table to include fields from 2 different sourcetypes where values of field1 from sourcetype 1 is equal to field2 from sourcetype 2

86400 in Splunk

How to search the number of times an IP address comes up in our network traffic over different time ranges?

How to edit my search on modified files to include additional details (what got changed) for an alert?

How to edit my eval case statements to get expected results based on multiple conditions and multiple fields?

How to save an eval urldecode as a field in Splunk 6.3.3?

Where do I put the "useother" argument in my search?

How to ensure a role will have a minimum search jobs number allocated to it?

How to count the number of times a certain value appears per field?

How to add 1 month to a current date field in a search?

How to group and calculate the program execute time in group?

How do I extract these two fields from a string in my sample data?

Splunk with MQ Series

iOS Transaction & Events Not Working

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions