Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Search query to retrive host upon selection

Hi, I have 2 versions with multiple hosts containing dev and stg environment version1 is 7.2 with host1, host2,......

by Path Finder in

How to find HTTP error code count with percentage for individual application based on time

Hi, i am trying to find each application individual http error codes total count with percentage here is the query...

by Communicator in

How to configure setting the host field during index time?

we're trying to set the host fields by extracting the name from the events, but it doesn't seem to work and would app...

by Contributor in

How to edit my search to create a table with multiple lines per single event

Hi, having JSON formatted events there are parts of the event with the same key like: events: [ [-] ...

by Explorer in

calculate hours difference between times

I want to calculate the hours difference between two times, I am using the below search command but its not working, ...

by New Member in

How to get an output for two different searches using join?

Hi , Search 1: index="sftp" USER=gradydftsftpdata | table USER, SESSION_ID,USER_IP,date_hour | dedup SESSION_ID...

by New Member in

How to edit my search to display my results in a trendline?

I'm trying to graph this same type of trendline (2nd Screenshot) in Splunk with daily results from 12pm-12pm. I'm usi...

by Explorer in

dynamic earliest time SPLUNK Query

We have to implement following scenerio in splunk. We are indexing a log "extractA" with _time as settlement day w...

by New Member in

how to search for index time extracted fields added to metadata

I need only fields that are extracted during index_time which are added to _meta. How to search for them so that sear...

by Contributor in

I have duplicate entries in a CSV file. How to write a search that extracts the FIRST entry?

Hi, I have a CSV file that looks like this Date,Version 01-24-2017 12:09:26,7_3_10_000500_3851898 01-25-2017 12...

by Motivator in

Stats not returning zero counts

index=xxx |bucket _time span=3m |stats count by _time host IP We are using the above stats command to get count inste...

by Contributor in

Splunk query to filter results

I have some code deployed on 1 out of my 6 servers. I need a splunk query that pulls data from the other 5 hosts. Som...

by Explorer in

How to combine the results of searches from two CSV files?

Hi All, I am new to Splunk world, Please help me to explore. I have two CSV files let's say table_1.csv with f...

by Explorer in

field extraction

I have a data in the format index = abc earliest =-10d when i run get results in teh format of string result set e...

by Explorer in

What is the way to exclude ports from a single search?

Silly question here. I am trying to search against my WAN for traffic flows NOT equal to certain ports. I seem to hav...

by Path Finder in

How to get the distinct count of the number of "Errors" or "Exceptions"?

I have used this following Splunk search, but the output result is not correct. I am using OR operator for either Err...

by New Member in

How to get all indexes and sourcetypes?

After browsing through Splunk Answers, the closest I could get is the following SPL to list all Indexes and Sourcetyp...

by Contributor in

How to edit my search to get a count and time chart of unique status codes by URL?

Hi all -- I'm having some trouble wrapping my mind around a problem I'd like to measure. I would like to perform ...

by New Member in

Convert saved search to inline search

I have a dashboard with 10 graphs all pointing to one saved search each. what is the easiest way to convert all of th...

by Contributor in

How to write a search to find the the 90th and 99th percentile for response time?

hi, I have some fields extracted from Splunk and it has application name, response time, and response code. By ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Search query to retrive host upon selection

How to find HTTP error code count with percentage for individual application based on time

How to configure setting the host field during index time?

How to edit my search to create a table with multiple lines per single event

calculate hours difference between times

How to get an output for two different searches using join?

How to edit my search to display my results in a trendline?

dynamic earliest time SPLUNK Query

how to search for index time extracted fields added to metadata

I have duplicate entries in a CSV file. How to write a search that extracts the FIRST entry?

Stats not returning zero counts

Splunk query to filter results

How to combine the results of searches from two CSV files?

field extraction

What is the way to exclude ports from a single search?

How to get the distinct count of the number of "Errors" or "Exceptions"?

How to get all indexes and sourcetypes?

How to edit my search to get a count and time chart of unique status codes by URL?

Convert saved search to inline search

How to write a search to find the the 90th and 99th percentile for response time?

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

There's No Place Like Chrome and the Splunk Platform

Customer Experience | Join the Customer Advisory Board!

Using comparison function within mstats

Search to match high temp events, but ignore speci...

splunk search statement using keyword from input b...

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out