Splunk Search

Discussions

Thread Info

I have duplicate entries in a CSV file. How to write a search that extracts the FIRST entry?

Hi, I have a CSV file that looks like this Date,Version 01-24-2017 12:09:26,7_3_10_000500_3851898 01-25-2017 12...

by Motivator in

Stats not returning zero counts

index=xxx |bucket _time span=3m |stats count by _time host IP We are using the above stats command to get count inste...

by Contributor in

Splunk query to filter results

I have some code deployed on 1 out of my 6 servers. I need a splunk query that pulls data from the other 5 hosts. Som...

by Explorer in

How to combine the results of searches from two CSV files?

Hi All, I am new to Splunk world, Please help me to explore. I have two CSV files let's say table_1.csv with f...

by Explorer in

field extraction

I have a data in the format index = abc earliest =-10d when i run get results in teh format of string result set e...

by Explorer in

What is the way to exclude ports from a single search?

Silly question here. I am trying to search against my WAN for traffic flows NOT equal to certain ports. I seem to hav...

by Path Finder in

How to get the distinct count of the number of "Errors" or "Exceptions"?

I have used this following Splunk search, but the output result is not correct. I am using OR operator for either Err...

by New Member in

How to get all indexes and sourcetypes?

After browsing through Splunk Answers, the closest I could get is the following SPL to list all Indexes and Sourcetyp...

by Contributor in

How to edit my search to get a count and time chart of unique status codes by URL?

Hi all -- I'm having some trouble wrapping my mind around a problem I'd like to measure. I would like to perform ...

by New Member in

Convert saved search to inline search

I have a dashboard with 10 graphs all pointing to one saved search each. what is the easiest way to convert all of th...

by Contributor in

How to write a search to find the the 90th and 99th percentile for response time?

hi, I have some fields extracted from Splunk and it has application name, response time, and response code. By ...

by Communicator in

How to create a dashboard search to output these specific fields in results?

What I'm trying to do is when I give input as index=sftp USER=gradydftsftp and it gives output as: Jan 27 10:15:01...

by New Member in

How to write a search to compare results from two tables, and show the results that only exist in the first table?

Background: I'm trying to create a search that will let me know if something about a user is true within the last 7 d...

by Path Finder in

How do I extract these fields from my sample json event?

I have data being fed into Splunk from a log file in json format. Currently it is not extracting any of the fields fr...

by Path Finder in

How to create a time chart with milestones?

Hi, I'm trying to get some sort of timechart with milestones. Something like the attached pic (example) . ...

by Motivator in

How to run a certain eval statement in a search based on the date range?

Creating a table for time zones, which will be used to keep track of our universal forwarders and their settings. Nee...

by Contributor in

Lookup latest value in CSV or datasource

Hi, I am currently tracking my electricity usage and would like to calculate the current cost using the kWh value in ...

by New Member in

use eval to change field vale

I have this logs: URI: tttplitmr_78 METHOD: POST BODY: {"s_data": {"System.ProcessorName": "Intel(R) Xeon(R) CPU E...

by Path Finder in

"Duplicate" events: Without using "dedup", how can I remove all but one of the events that occur within a 1 second time frame?

Hi, I have events that are sorta kinda duplicated. Sorta kinda means that everything is the same EXCEPT there is a...

by Motivator in

How to create a search for moving average for email sent per user

Thx to DalJeanis I have the following search that establishes a baseline of email sent per user by subject then looks...

by Influencer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

I have duplicate entries in a CSV file. How to write a search that extracts the FIRST entry?

Stats not returning zero counts

Splunk query to filter results

How to combine the results of searches from two CSV files?

field extraction

What is the way to exclude ports from a single search?

How to get the distinct count of the number of "Errors" or "Exceptions"?

How to get all indexes and sourcetypes?

How to edit my search to get a count and time chart of unique status codes by URL?

Convert saved search to inline search

How to write a search to find the the 90th and 99th percentile for response time?

How to create a dashboard search to output these specific fields in results?

How to write a search to compare results from two tables, and show the results that only exist in the first table?

How do I extract these fields from my sample json event?

How to create a time chart with milestones?

How to run a certain eval statement in a search based on the date range?

Lookup latest value in CSV or datasource

use eval to change field vale

"Duplicate" events: Without using "dedup", how can I remove all but one of the events that occur within a 1 second time frame?

How to create a search for moving average for email sent per user

There's No Place Like Chrome and the Splunk Platform

The Great Resilience Quest: 5th Leaderboard Update

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

How to timewrap for today Format

Need custom time for PDF schedule report

Using comparison function within mstats

splunk search statement using keyword from input b...

Ex Cisco - run a report for all DFS users who logg...