Splunk Search

Discussions

Thread Info

How to write a search to display a bar graph with span=1d?

I have a search looking for 7 days of data and one field below. STATUS="Delivered","created","released","Awaiting Del...

by Explorer in

How to compare results of same search for two different time ranges without using timechart?

I have logs which tell me the service name, time and domain name where this service was called. I have a query to ...

by Explorer in

subtraction doesn't work for multiple values in one field

I managed to create a table that somewhat looks like this: However, when I tried to append a new column with ...

by Engager in

Will inputs.conf tcp input stanza accept CIDR notation or REGEX? (forwarder version 4.3.6)

I have a need to accept data from multiple servers. WIll something like this work? [tcp://192.168.1.0\/24:9999]...

by Champion in

How do I match a field to a variable?

I've got a query that will have a string passed into it. In this case, it's "2-Low". I need to parse out the number a...

by Explorer in

After upgrade to a Splunk 6.2 indexer cluster, why do searches hang with high memory consumption and we're forced to restart?

Hi, We've recently upgraded to a Splunk 6.2 indexer cluster, but we're finding that searches will hang and the sys...

by Explorer in

How to parse a json tree into a table?

the following seach string basically pulls out the JSON puts it in a variable called data and then runs it through sp...

by Engager in

Returning results only if field has more than one unique name

I am looking to create a unique alert that would look at virus activity. The idea is to get a real time alert in a 60...

by Path Finder in

How to apply a rangemap to string values?

Hi Splunkers! I am running the following search to try and apply a "low" rangemap value if a string matches "up", ...

by Path Finder in

How do I add my company Entitlement to my user ID in order to open support cases with Splunk?

Hello, I am trying to add my company Entitlement to my user ID in order to have the possibility to open Support C...

by Explorer in

Trying to get difference between _time and _indextime in secs format

Tried using below search, but can't get result. I get null values in diff: XXX| eval indextime=strftime(_indextime...

by Explorer in

Is it possible to use a field's value as a field name for the join command?

I've got an index full of events that have hostname, and some have macaddr. I'm trying to join it to another set of e...

by Explorer in

How do I extract this date and time from a string in the format YYYYMMDDHHMMSS, and output it as DD:MM:YYYY HH:MM:SS AM?

Hi, I have a search that gives me the following output: /u01/splunk/etc/apps/sampleApp/data/order-2015120312000...

by Explorer in

ミリセカンドの表示方法について

tableコマンドで _timeフィールドを表示するとミリセカンドが表示されません。ミリセカンドまで表示させるにはどうすればいいでしょうか？

by Explorer in

Python alert script to show the search result values

Can someone please help me with a python script to display the values of search results. i have been trying but not a...

by Communicator in

How to combine multiple complicated searches?

Hi everyone, I have these 3 searches, and they are all complicated as it looks. Any idea on how to combine them? I...

by Explorer in

How do I optimize the performance of my search that is currently using a different time range per sourcetype?

Hi, I have a performance issue concerning multiple time ranges in 1 search. The search string is as follows: (i...

by Engager in

Delims not honoring quoted commas

Is there any way to 'force' delims/fields to honor a comma within quotes in a csv file? Is this a bug? Data is: ...

by Explorer in

calculating average that depends on the value of one field

I have this list of events: 1. dir=up, time=60, speed=12, weight=92 2. dir=down, time=54, speed=16, weight=32 3. dir=...

by Engager in

How to combine results from several data models to accelerate multiple objects within a single data model?

I'm using Splunk 6.1.4, which is unable to accelerate multiple objects within a single data model. Because of this, I...

by Path Finder in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Splunk Search

Discussions

How to write a search to display a bar graph with span=1d?

How to compare results of same search for two different time ranges without using timechart?

subtraction doesn't work for multiple values in one field

Will inputs.conf tcp input stanza accept CIDR notation or REGEX? (forwarder version 4.3.6)

How do I match a field to a variable?

After upgrade to a Splunk 6.2 indexer cluster, why do searches hang with high memory consumption and we're forced to restart?

How to parse a json tree into a table?

Returning results only if field has more than one unique name

How to apply a rangemap to string values?

How do I add my company Entitlement to my user ID in order to open support cases with Splunk?

Trying to get difference between _time and _indextime in secs format

Is it possible to use a field's value as a field name for the join command?

How do I extract this date and time from a string in the format YYYYMMDDHHMMSS, and output it as DD:MM:YYYY HH:MM:SS AM?

ミリセカンドの表示方法について

Python alert script to show the search result values

How to combine multiple complicated searches?

How do I optimize the performance of my search that is currently using a different time range per sourcetype?

Delims not honoring quoted commas

calculating average that depends on the value of one field

How to combine results from several data models to accelerate multiple objects within a single data model?

Why does statistics from a tstats change while the...

How to write query for Windows Remote Desktop Conn...

How to Detect 4 Commands run Within a 1 Second Tim...

Help with Transforming an ingest of timestamped da...

How to generate alarm for when CPU peaks at100% o...