Splunk Search

Discussions

Thread Info

Combining multiple fields for reporting

I'm trying to get my results into a single field called Percent_CPU_Load. However, since the field is defined twice, ...

by Engager in

Search App and main page overall statistics

So on the main page of the Search app you have the 'Global Summary' and 'All indexed data' section which has the sour...

by Communicator in

search command for work time

i have one question I want to search time Daily from 9 am to 6:00 pm How can to use search command ? Thank you for...

by Explorer in

Eval time between events for transaction by group?

Hi, I'd like to do a report that tells me how long a forwarder hasn't been active. I use transaction to join similar ...

by Path Finder in

Run search to determine if forwarder has splunkweb enabled?

Is there a search string that would report on the status of splunkweb on each forwarding host?

by SplunkTrust in

One-liner to print scheduled searches?

Is there a command via splunk.exe or some other /bin tool that would output all scheduled searches in a particular in...

by SplunkTrust in

Evaluate search with lookup field?

Hi, I'm having problem with evaluating expression using lookup field. I create a lookup fileld by executing this sear...

by Path Finder in

Joining Transactions

Hello, I have two searches that use transactions to get part of a table of results that I want. Firstly, in...

by Communicator in

quick fields question. Time connected/time disconnect?

I want my table to show a column with what time a username connected to the network and another column showing when t...

by Explorer in

Splunk Searching Commands/Strings

Im fairly new to splunk (and linux for that matter) but I am trying to find a Web Page or Manual or whaeter that will...

by New Member in

Rewriting value of field if value is negative

Hi, I would like to rewrite bogus field values that are negative to 0. For example I would like to run the followi...

by Path Finder in

Follow event from source forwarder to indexer; how to troubleshoot a missing sourcetype

I just set up a new splunk forwarder on a linux host. One of the inputs is a monitor of the /var/log/messages file. I...

by SplunkTrust in

Splunkd won't restart after power failure

I'm running Splunk 4.1.3 on Windows 2008 R2 x64 and had a poweroutage. The splunkd service will not restart. Crash...

by Explorer in

How can I configure REGEX to recognize/match on a multi-line event?

I have a REGEX configured (in transforms.conf) that works with my single line events, but appears to be failing on al...

by Champion in

Which of these two searches is more performant or optimized, if at all?

Which search below is better or optimal from a performance perspective and why? sourcetype="mysoucetype" AND field...

by Splunk Employee in

Timechart and Chart display buggy column "count" when using "limit=0"

I've noticed that on Splunk 4.1.3 the timechart and chart commands, when used with "limit=0", the "count" aggregation...

by Builder in

mktime/strptime error (not working as documented)

I have a field in some events that contains a time as a string. The times are in the format "2010-07-15-13", which th...

by Engager in

Unable to delete events?

I've tried to delete events for a particular source,say source="tcp:1234" | delete The operation was successful.Ho...

by Contributor in

Multi-column stats: average and count for a column

I am building a search to find the average amount of time an action takes: sourcetype="timelog" | stats avg(r...

by New Member in

How can I exclude a subset of tags from my metadata search?

I run a metadata search that populates a summary page to link to all of my tags. The goal of the summary page is to i...

by Splunk Employee in

Splunk Search

Discussions

Combining multiple fields for reporting

Search App and main page overall statistics

search command for work time

Eval time between events for transaction by group?

Run search to determine if forwarder has splunkweb enabled?

One-liner to print scheduled searches?

Evaluate search with lookup field?

Joining Transactions

quick fields question. Time connected/time disconnect?

Splunk Searching Commands/Strings

Rewriting value of field if value is negative

Follow event from source forwarder to indexer; how to troubleshoot a missing sourcetype

Splunkd won't restart after power failure

How can I configure REGEX to recognize/match on a multi-line event?

Which of these two searches is more performant or optimized, if at all?

Timechart and Chart display buggy column "count" when using "limit=0"

mktime/strptime error (not working as documented)

Unable to delete events?

Multi-column stats: average and count for a column

How can I exclude a subset of tags from my metadata search?

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >

Search WinEventLogs based on user as Variable

Help request for Streamed search execute failed

search query - categorizing results based on a fie...

AnomaliDetection does not detect outlier data

SPL2 for onpremise

Splunk Search

Discussions

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.Find out what your skills are worth! Read the report >

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >