Splunk Search

Discussions

Thread Info

eval & coalesce

I'm trying to normalize various user fields within Windows logs. The fields I'm trying to combine are users Users and...

by Contributor in

unit along with fieldname

Hi all is there any option in splunk, so that we can list the table contents and their units along with the table nam...

by Builder in

How do I do a chart in splunk whereby I can forecast into the future?

How do I do a chart in splunk whereby I can forecast into the future? Hi there appreciate any help here. Coming fr...

by Motivator in

Eval Question

I am trying to translate a user, to an external IP address and be accurate within 5 seconds. I have to do this using ...

by Motivator in

Trouble with Field Extraction

I am attempting to pull information from multiple eventtypes into 1 field called ext_ip I can get two of them, but I ...

by Motivator in

How to calculate the average based on fields.

Hello I think this should be simple enough but somehow I am not able to understand how to approach it. Here is the...

by Motivator in

Need to Create Two Time Series in One Chart

Answer below.

by Splunk Employee in

listing events directly from a table

Hi all, is there any option to directly list the events for a particular table entry.. after a search in dashboard u...

by Builder in

Temporal Input lookups?

We have been able to successfully use inputlookup with lookup files we have created. However, our lookup files have t...

by Explorer in

Sorting Charts

I have the following search that returns a chart of response times for web pages by GET and POST. index=iis_PRODU...

by Contributor in

How flexible use search if statement?How flexible use search if statement?

To produce a single value dashboard, the utilization of the CPU and the MEN , and when any value exceeding the target...

by New Member in

Possible bug - Deleting a saved search deletes all searches with the same name

I believe I have found a possible bug. There is a condition that when you delete a saved search all saved searches wi...

by Explorer in

eval fails if fields have a ":" in their name

I have some data in the form of xml records. The fields extract fine using the xmlkv operator, but I can not perform ...

by Path Finder in

multiple values for single field in multiple lines of a single multi-lined event

Below is my sample log. I'm trying to extract all the 'Pend Reason' codes and still maintain the host field which I'm...

by Splunk Employee in

Regular expression help and error (Regex: unmatched parentheses )

The regular expression is correct according to RegExr, but i keep on getting this error Regex: unmatched parenthes...

by Contributor in

Oracle into Splunk

I am trying to get the login/logoff and failed login of oracle 10.2.0.4 installed on windows to be seen by splunk. I ...

by New Member in

stats by date_hour failing to return results

Been scratching my head about this one... This search returns a value: index=os source=cpu host=myhost | stats ...

by Path Finder in

Using a lookup to grab a host's subnet and then list out all other hosts in that subnet.

I have a lookup table that includes fields for hostname and subnet. I can easily view all hosts in a subnet by search...

by Contributor in

Need help with regex

Hello I am trying to get the browser information from the below raw data and haven't been able to do so. Can anyon...

by Motivator in

Extraction failure

This seems like a straight forward config can someone spot where it's going wrong. I am unable to extract the "aaa" f...

by Path Finder in

Splunk Search

Discussions

eval & coalesce

unit along with fieldname

How do I do a chart in splunk whereby I can forecast into the future?

Eval Question

Trouble with Field Extraction

How to calculate the average based on fields.

Need to Create Two Time Series in One Chart

listing events directly from a table

Temporal Input lookups?

Sorting Charts

How flexible use search if statement?How flexible use search if statement?

Possible bug - Deleting a saved search deletes all searches with the same name

eval fails if fields have a ":" in their name

multiple values for single field in multiple lines of a single multi-lined event

Regular expression help and error (Regex: unmatched parentheses )

Oracle into Splunk

stats by date_hour failing to return results

Using a lookup to grab a host's subnet and then list out all other hosts in that subnet.

Need help with regex

Extraction failure

How to filter ipv6 addresses and keep only ipv4?

Jump multiple links at the same time

How are AWS logs get ingested into Splunk Enterpri...

Transaction ends and begins with same code

Predict command