Splunk Search

Ask a Question

Discussions

Thread Info

Why is my configuration using regex to assign sourcetypes with props.conf and transforms.conf not working?

Hello, I am trying to get dynamic sourcetype working for a set directories under Splunk. The intention is that the...

by Path Finder in

After applying the stats percentile function to the daily max per sourcetype, how do I format the resulting table to create more fields?

If I have the following, the max per day per sourcetype: index=_internal sourcetype=* sourcetype=splunkd | timec...

by Motivator in

After adding a new Splunk server in a distributed environment, why does it not show up in results unless I include splunk_server=*?

I recently added a new splunk server in a distributed environment. Now, when I do this search: index=os earliest="...

by Path Finder in

create field for syslog raw data

Aug 31 10:06:32 serverA.com Aug 31 16:06:32 [serverA: HTTPPool02:debug]: sridhar:AUTH:error:Login failed for user sri...

by Path Finder in

How to extract the last file name from my sample string of data?

Hello all, I have the following string: "6900 0 1024 0 0 0 0 0 0 0 C:\windows\System3...

by Path Finder in

How to compare a certain date/time in epoch format with a fixed date/time in human readable format?

Hi, I'd like to compare two dates and time (if A<=B): the one, let's call it A, I have it already in epoch time an...

by Contributor in

How to use geostats to display top 5 results per country and sort by count instead of alphabetically?

Hello, I am new to Geostats and am wondering if a couple of features exist or not. Is it possible for each pie cha...

by Path Finder in

How to write a search to return the number of forwarders that have reported within the last hour?

Hi Guys So what I'm looking for is the search from the Deployment Monitor app that shows the All Forwarders sectio...

by Communicator in

How to give threshold values dynamically in the search query

Hi Team, I have got different sites seperated according to the tiers having different threshold values Ex Mumbai-T...

by Path Finder in

Grouping and counting by two different fields

Hi everyone, I'm not sure if I have chosen the title correctly, but I have tried to make it as generic as possible...

by Explorer in

How to represent data in piechart/Linechart which I received by using REST API

My data after search has following columns along with the other columns as below MLS_Number Count 1129078 1 124895...

by Path Finder in

How to display a table icon for a certain process status?

Hi I would like to show a list of processes and use the table icon set to show the status of the process, either e...

by Contributor in

strptime to get %Y-%m-%d

I run a command as below try to get all the locked out accounts, and get the date like %Y-%m-%d as well. But seems al...

by New Member in

How to filter xyseries table results to only show rows where there is a value of 0 in any column?

I am generating an XYseries resulting in a list of items vertically and a column for every day of the month. Examp...

by New Member in

Why am I getting different results for a search when run on its own versus as a subsearch for a join?

I'm writing a search to see abnormally high or low levels of traffic from forwarders on a day-to-day basis: getting t...

by Contributor in

Why is my inputlookup search not pulling a field from a CSV file needed to populate a timechart?

Requirement was to delete the contents of the index as soon as a new .csv file arrives and index the contents of the ...

by Communicator in

count between events

I would like to count values between an event and i'm not getting an entry point for this at all. Assume i get an ...

by Explorer in

stats return multiple columns where only one occurance exists

Hello, I'm not really sure how to appropriately describe my query need, which is why I think I can't find what I'...

by Path Finder in

timechart with math function

i am using timechart like this search | timechart span=10m avg(diff) but the diff number is in seconds I would ...

by Motivator in

How would I Split Transaction by Step by Host?

First the business case: We want a dashboard with a bar graph that shows the time a transaction spends at each step i...

by Explorer in

How can I perform a join with a separate query?

I need to create a query which returns a list of unique hosts (shost), the most recent 'status' column matching that ...

by Explorer in

where in subsearch

sourcetype="log4j" source="*server*" | rex field=_raw "nonce created : (?<nonce>[0-9a-z-]*)" | transaction thread sta...

by Path Finder in

Pulling data from a lookup file, what parameters need to be included and how do I format the data for a map visualization?

Some sample data for creating a maps visualisation in splunk countries_lat_long_int_code.csv code,name,country,...

by Motivator in

Why are multiple of the same events and values from a single source file being indexed in Splunk?

Hi team, I have a source file like this: {"ts":"08 26 2015 13:05:41.374","th":"http-bio-8080-exec-1", "level":"...

by New Member in

Why am I getting error "Search not executed: The minimum free disk space (1000MB) reached for /opt/splunk/var/run/splunk/dispatch."?

Hi I am getting this error on search Search not executed: The minimum free disk space (1000MB) reached for /o...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is my configuration using regex to assign sourcetypes with props.conf and transforms.conf not working?

After applying the stats percentile function to the daily max per sourcetype, how do I format the resulting table to create more fields?

After adding a new Splunk server in a distributed environment, why does it not show up in results unless I include splunk_server=*?

create field for syslog raw data

How to extract the last file name from my sample string of data?

How to compare a certain date/time in epoch format with a fixed date/time in human readable format?

How to use geostats to display top 5 results per country and sort by count instead of alphabetically?

How to write a search to return the number of forwarders that have reported within the last hour?

How to give threshold values dynamically in the search query

Grouping and counting by two different fields

How to represent data in piechart/Linechart which I received by using REST API

How to display a table icon for a certain process status?

strptime to get %Y-%m-%d

How to filter xyseries table results to only show rows where there is a value of 0 in any column?

Why am I getting different results for a search when run on its own versus as a subsearch for a join?

Why is my inputlookup search not pulling a field from a CSV file needed to populate a timechart?

count between events

stats return multiple columns where only one occurance exists

timechart with math function

How would I Split Transaction by Step by Host?

How can I perform a join with a separate query?

where in subsearch

Pulling data from a lookup file, what parameters need to be included and how do I format the data for a map visualization?

Why are multiple of the same events and values from a single source file being indexed in Splunk?

Why am I getting error "Search not executed: The minimum free disk space (1000MB) reached for /opt/splunk/var/run/splunk/dispatch."?

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

Alerting Best Practices: How to Create Good Detectors

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Salesforce in SPLUNK

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data