Splunk Search

Discussions

Thread Info

How to configure props.conf for both of my search-time extractions (from another existing field)?

Hi, I'd rather need to know how to put in .conf files both the following (search-time) extractions. sql_where_clau...

by Contributor in

If anyone of you or your teams have implemented Splunk in production, kindly share the following details ?

Time taken by splunk to process 200 GB/day (in Hours)? & what is the current volume (log Size) which has been process...

by Explorer in

Greater Than & Less Than or Equal To

Hi, I wonder whether someone may be able to help me please. I've created the line below which is part of a bigger ...

by Motivator in

Neighbouring Events with localize and map only retrieving 2 days of results

Hi, I am attempting to find the neighbouring events to a particular event over the last months set of data, but I'...

by Engager in

For multiple, but different field extractions on the same event source, what extraction definition takes precedence?

Hi fellow Splunkers! I'm curious to know what field extraction takes precedence if a field extraction is defined b...

by Motivator in

How do I prevent milliseconds from displaying in the _time field in search results?

Hello everyone ! I would like my search results to not display milliseconds in the _time field in the Search app, ...

by New Member in

How can I write a search that shows up and down status in bar graph for past 30 days by server?

Hi, we need to create a dashboard which shows up and down status in bar graph for past 30 days by server we are...

by Path Finder in

How do you order stats by multiple hierarchical fields

There are similar questions to this, but none are quite the same so I apologize for the overlap. Suppose I have a ...

by Explorer in

How to hardcode a field rename

Hello - didn't see this discussed elsewhere. I have an SNMP based source type who is interpreting the fields as un...

by Explorer in

Why is rename not working with stats or chart?

I'm not able to rename file names to display in a pie chart...any help would be appreciated... I tried both ways.. ...

by Builder in

How to allow users to view some search results from an index in a dashboard, without allowing them to search the index?

There is a lot of useful detail in the index=wineventlog. I would like to be able to allow my front tier service desk...

by Path Finder in

How to edit my search to find the difference between Downtime and Uptime, and also find percentage down time?

Hi, 1.We need to find difference between Downtime and Uptime: In the below example it went down at 18:06:02.299 an...

by Engager in

How to search all indexes except for a particular few?

Is there a way to search in all indexes except for a couple? An example is I have about 100 index but don't want to ...

by Contributor in

How to re-arrange a bar chart

Hi, I would like to sort my bar chart's by the following sequence, (Intensive, Intermediate, Minimal, Moderate). H...

by Path Finder in

How can I use a search results table to power another search per line?

I have a search that returns a table like this: IPAddress1 StartDate1 EndDate1 IPAddress2 StartDate2 EndDate2 ...

by Explorer in

What alternatives can I use for my search instead of a subsearch to avoid performance issues?

Hi, I am facing a subsearch performance problem. My goal is to have Bluecoat events filtered only to specific IP's...

by Splunk Employee in

How do I search and compare fields from two different CSV files?

I have two CSV files: dummy1 dummy2 dummy1 contains server ip apps running 10.1.1.1 Firefox, oracle, sky...

by Explorer in

How do I edit my search to find the difference between two fields?

Hi, I have a search given below. All is working fine, but in last I want to sort out difference between total-ackn...

by Communicator in

how do I use regular expression search results from one index search and use it in another?

How do I use regular expression search results from one index search and use it in another? The following does not wo...

by Engager in

How to calculate total duration for overlapping transactions

I have been trolling the community and have found a lot of information regarding usage of transactions, however I am ...

by Path Finder in

How are underscores in logs treated by Splunk?

All, Can you explain how the underscore is treated by Splunk? I see they are dropped at search times. I am se...

by Builder in

How to dedup with multiple criteria?

Hello, Previously I had a dashboard that was giving out C level some data, where I was deduping based on the SQL R...

by Communicator in

How can I clean up my Splunk search?

How do I clean up the following Splunk search? index=firewall Destination_Port!=80 Destination_Port!=443 Destinati...

by Explorer in

Conditional searching using eval command

All, I have the search below which is using eval and IF statement. I only want one of the search conditions to ex...

by Explorer in

Fields that were once extracted aren't being extracted anymore... why?

Hey there, I made an app. It worked good and extracted data exactly the way I wanted it to. I am now trying to dup...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to configure props.conf for both of my search-time extractions (from another existing field)?

If anyone of you or your teams have implemented Splunk in production, kindly share the following details ?

Greater Than & Less Than or Equal To

Neighbouring Events with localize and map only retrieving 2 days of results

For multiple, but different field extractions on the same event source, what extraction definition takes precedence?

How do I prevent milliseconds from displaying in the _time field in search results?

How can I write a search that shows up and down status in bar graph for past 30 days by server?

How do you order stats by multiple hierarchical fields

How to hardcode a field rename

Why is rename not working with stats or chart?

How to allow users to view some search results from an index in a dashboard, without allowing them to search the index?

How to edit my search to find the difference between Downtime and Uptime, and also find percentage down time?

How to search all indexes except for a particular few?

How to re-arrange a bar chart

How can I use a search results table to power another search per line?

What alternatives can I use for my search instead of a subsearch to avoid performance issues?

How do I search and compare fields from two different CSV files?

How do I edit my search to find the difference between two fields?

how do I use regular expression search results from one index search and use it in another?

How to calculate total duration for overlapping transactions

How are underscores in logs treated by Splunk?

How to dedup with multiple criteria?

How can I clean up my Splunk search?

Conditional searching using eval command

Fields that were once extracted aren't being extracted anymore... why?

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Cultivate Your Career Growth with Fresh Splunk Training

Introducing a Smarter Way to Discover Apps on Splunkbase

MLTK - What algorithm should I use?

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions