Splunk Search

Discussions

Thread Info

How to combine stats count results?

I have this string and I want the output for this result to be combined on one line and also sum the results index...

by Communicator in

What time modifiers do I need to look at 1 hour of data for yesterday relative to today?

I want to just look at 1 hour for yesterday, but I want it to be relative to today so no matter when I look at it in ...

by Motivator in

How to use mvfilter with multiple regexes?

I am building an alert based on file accesses to certain files. This is what I have so far: index=wineventlog sour...

by Path Finder in

How to count and chart by minute an error exists, not the count of the number of errors? (ex: each minute = 1 count)

Hi, Anyone know what's the best way to count by minute the error exists, and not by the count of the number of er...

by Contributor in

How to create a PDF report with a varying number of timecharts, dependent on unique stats results?

Hi, I have a search w/ a stats function that illustrates multiple individual errors. Once that search completes, I...

by Contributor in

Using D3 donut with real-time search

Hi all, I'm tying to use D3 donut chart with splunk real-time search. I've defined SearchManager this way : var searc...

by Path Finder in

How to create a Geomap with the geostats command using source IP and destination IP?

I wrote this Splunk search that gives me the lat and lon for both the destination IP address and source IP address ba...

by New Member in

How to create a drop-down to show counter information based on host?

Hi everyone, Need help with my XML below. I need to create a drop-down to display certain data based on the host a...

by Path Finder in

How can I subtract two results from stats?

Hi all. I'm having a hard time trying to make a subtraction.. This is my entry csv: Date,category,amount,per...

by Communicator in

What's your best Humans vs Zombies query?

As a spin on the rabbit/coyote population cycle I've come up with one for humans vs zombies (somewhat at boss' reques...

by Motivator in

Rename a Column?

I'm processing some IIS log files with a search: stats count max(time_taken) avg(time_taken) as avgTT by cs_uri_stem ...

by Path Finder in

Field Extract returns different results than inline rex field

Using Splunk 6.2, I have a few regex commands that return drastically different results when they are set up using...

by Engager in

How to grep a number from a string?

Hi, I have a column in my source with different severity levels, for example - Severity 1 - High 2 - Medium ...

by Explorer in

Using the Splunk Python SDK, how do I get my custom generating search command to use the result of a subsearch as parameter?

I am in the process of writing a custom command using the Python SDK. It is a generating command. I would like the...

by Path Finder in

How to compare and filter results from an inputlookup table?

Hi all, So I have a search that currently is giving me a stats table where one of the fields is "Bundle", and wha...

by Path Finder in

Is it possible to use dedup or "|" commands in the base search of a data model?

I have an instance using ServiceNow data where I want to dedup the data based on sys_updated_on to get the last updat...

by Path Finder in

How to chart a varying number of fields?

I have message data similar to as follows, which is the count of active user processes on a host: host=hostA user1...

by Engager in

Search gives no hits for my _meta added fields

When adding an _meta entry into inputs.conf such as: [monitor:///tmp/fwdtest] sourcetype = sun_jvm _meta env::prd ...

by Splunk Employee in

How to export the last 25 hours of data using curl?

I have a saved search in splunk which has a default start time of 7 days. I have a curl command that works perfectly ...

by Path Finder in

Why is time column different from date in transaction?

If I run the following search for the previous month, the number of days that appears next to Sunday is 8? If I look ...

by Contributor in

Is there a way I can hardcode a search to 2 drilldown values?

Is there a way I can hardcode a search to 2 drilldown values? Basically this is what I am trying to achieve: Drilldow...

by Communicator in

How to use a lookup file to suppress alerts?

We have a network load balancer (NLB) that generates syslog messages when servers fail to respond to health probes fr...

by New Member in

How to get the top 10 values of a column by another column?

2015-09-02T14:01:02.228 Name=UPS6Z444706F2 Chkd_Out=Y DomID="Upstreamaccts\\racantr" Model="ProLiant WS460c Gen8 WS B...

by Builder in

How to search web logs for all destination IPs that only a single source IP has requested?

So I have web logs  , weblogs contain source IP, destination IP and other info. I am trying to write a search that w...

by Path Finder in

How to concatenate strings with special characters?

Hi, How can I concatenate Start time and duration in below format. Right now I am using this, but it is only half ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to combine stats count results?

What time modifiers do I need to look at 1 hour of data for yesterday relative to today?

How to use mvfilter with multiple regexes?

How to count and chart by minute an error exists, not the count of the number of errors? (ex: each minute = 1 count)

How to create a PDF report with a varying number of timecharts, dependent on unique stats results?

Using D3 donut with real-time search

How to create a Geomap with the geostats command using source IP and destination IP?

How to create a drop-down to show counter information based on host?

How can I subtract two results from stats?

What's your best Humans vs Zombies query?

Rename a Column?

Field Extract returns different results than inline rex field

How to grep a number from a string?

Using the Splunk Python SDK, how do I get my custom generating search command to use the result of a subsearch as parameter?

How to compare and filter results from an inputlookup table?

Is it possible to use dedup or "|" commands in the base search of a data model?

How to chart a varying number of fields?

Search gives no hits for my _meta added fields

How to export the last 25 hours of data using curl?

Why is time column different from date in transaction?

Is there a way I can hardcode a search to 2 drilldown values?

How to use a lookup file to suppress alerts?

How to get the top 10 values of a column by another column?

How to search web logs for all destination IPs that only a single source IP has requested?

How to concatenate strings with special characters?

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

New This Month in Splunk Observability Cloud - Synthetic Monitoring updates, UI ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...