Splunk Search

Discussions

Thread Info

How can I filter my results to compare values in two fields?

I have 2 fields called sc_bytes & cs_bytes in my results. How can I then filter my results to give me events when the...

by Path Finder in

How to extract the OS and Browser from a user agent string in our logs without a Splunk app or external script?

Hello Experts, I need help in determining the OS and Browser's that appear in our logs. I understand the easiest ...

by Explorer in

How can I rex on an exact error code?

Hello ppl I have a set of Error messages in an event log that looks like this ERROR [43f796d8da] there are several c...

by Explorer in

How to search for IP addresses in a lookup that are not found in my events?

I have a lookup which has an IP address column, and I'm trying to find which if the IP addresses from this lookup tab...

by Communicator in

Why is my field extraction not working properly between two log files?

Hello, I want to extract a field with the field extractor in Splunk. But when I extract these logs on log 1, I wil...

by Path Finder in

How do you use the arules search command?

I can't get any output data. My test dataset includes two fields f1 and f2: | inputcsv tmp1030.csv | arules f1 f2...

by Engager in

How can I view the full city list that Splunk uses for iplocation?

Hi, Does anyone know how I can view the full city list that Splunk uses for iplocation? I'm exporting my data, th...

by New Member in

How to search for and display the count of events per sourcetype in a table?

Hi all. I have a search that begins with: index="first" OR index="second" sourcetype=* I need to show a tab...

by Builder in

How to generate a search that will correlate multiple IP addresses that hit the same URL?

I am utilizing Cisco Ironport Squid logs. I found a suspicious event that is possible malware related and multiple co...

by Explorer in

How to write a search to display forwarders missing at a certain point in time?

Hi Guys Is there a search that can pull back the forwarders that are missing / not sending data at a point in time...

by Communicator in

How to calculate the time difference in minutes between two events?

I have two events I'm using this nt_time=strptime(VENDOR_NOTIFIED_TIME,"%F %T")|eval st_time = strptime(START_D...

by Explorer in

extracting fields between pattern in a search and and calculating length of value

Hello. I have a simmilar quesiton to this : https://answers.splunk.com/answers/176585/how-to-extract-a-field-bet...

by New Member in

Why am I getting "message Max Raw Size Limit Exceeded" errors that are now affecting search performance?

Hi Guys, I'm running a search and it seems to take longer than needed. I've search the logs for errors and found t...

by Communicator in

How to search for a field value during a certain period of time using an extracted time field?

Hi I have an extracted field from regex, ie Time_extract which gives hour. Now I want to get the logs between a p...

by Explorer in

Help with Splunk 6.3 Simple XML text input box: condition match regex IP address

I am trying to test a text input box value to determine if an IP address was provided. If an IP address was provided,...

by Builder in

Is it possible to highlight a specific term from an inputlookup?

All; I am running Splunk 6.3.5 and need to see what term "hits" in the resulting event. The search is: index=proxy...

by Communicator in

How to write a serach to list hosts sending data being indexed in Splunk for a specific sourcetype?

Hello, I'm trying to build a search that lists the hosts daily that are, filtering for a specific SourceType, send...

by Explorer in

How to write a search to create a summary index with a count of "0" when there are no events matching "myerror"?

I have a search to create a summary index which runs every 15 minutes: index=foo "myerror" | bin span=15m _time |...

by SplunkTrust in

Is there a way to calculate the percentile of a value within a range of values?

One of the most useful functions in Excel is percentilerank, which calculates the percentile of a value within a rang...

by Path Finder in

How to edit my search to track the amount of data being ingested to a specific index, measured in MB/per minute?

I'm trying to write a search to track the amount of data being ingested to a specific index, measured in MB/per minut...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I filter my results to compare values in two fields?

How to extract the OS and Browser from a user agent string in our logs without a Splunk app or external script?

How can I rex on an exact error code?

How to search for IP addresses in a lookup that are not found in my events?

Why is my field extraction not working properly between two log files?

How do you use the arules search command?

How can I view the full city list that Splunk uses for iplocation?

How to search for and display the count of events per sourcetype in a table?

How to generate a search that will correlate multiple IP addresses that hit the same URL?

How to write a search to display forwarders missing at a certain point in time?

How to calculate the time difference in minutes between two events?

extracting fields between pattern in a search and and calculating length of value

Why am I getting "message Max Raw Size Limit Exceeded" errors that are now affecting search performance?

How to search for a field value during a certain period of time using an extracted time field?

Help with Splunk 6.3 Simple XML text input box: condition match regex IP address

Is it possible to highlight a specific term from an inputlookup?

How to write a serach to list hosts sending data being indexed in Splunk for a specific sourcetype?

How to write a search to create a summary index with a count of "0" when there are no events matching "myerror"?

Is there a way to calculate the percentile of a value within a range of values?

How to edit my search to track the amount of data being ingested to a specific index, measured in MB/per minute?

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

Running multiple query based on condition

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...

Does splunk support Reactive Programming in Java/S...