Splunk Search

Ask a Question

Discussions

Thread Info

Week number and Month/Day of the begining of that week

I report on a count of events by week number, it displays like this: Week Number Count ----------- ...

by Motivator in

Why is my time search not showing expected results with a relative time picker input?

Hello everyone, Need your help. I have this dashboard to display some counter information for each host over a cer...

by Path Finder in

When I get a certain string in one search result, how do I append a field from another event that can be found through correlation of 2 other fields?

Hi, Best way for me to explain is by example. example search: host=*guac* sourcetype="syslog" | rex field=_r...

by Path Finder in

How can I add icons that replace the cell.value on my table without using rangemap?

Hi, I want to add icons that replace the cell.value on my table without using range map. How can I do that? ...

by Contributor in

How do I write the regex to extract fields from another existing field?

Hi, I need to extract a field from another field, no metadata fields. The existing field (let's call it existin...

by Contributor in

Use variable on bucketing option

Is there any way to use a variable on the bucketing start option? It only works if you use an explicit numeric value....

by Communicator in

How can I extract fields based on headers from a CSV file in .gz format?

I tried providing a csv file location in inputs.conf, [monitor:///path/to/*.csv.gz] source = testcsv sourcetype =...

by Explorer in

How to take index names from a CSV file and run a stats count on the listed index names?

I need to find various information (counts, last and first event received time, etc) on indexes listed in a CSV file....

by Communicator in

how to transpose ?

field1,field2,field3 1, a, b 1, b, c 1, c, d 2, r, s 2, s, k 2, k, l 2, l, m field 1 is the key based on above...

by New Member in

How to search users who had concurrent access on different PCs within the same logon and logoff period from my sample data set?

Sample data set user, pc, logon, logoff, durationOfLogon User11, HNA1E8I, 01-06-15 13:49:09, 01-06-15 13:49:11, 0:...

by New Member in

How can I keep only first 6k bytes of single line event by transforms.conf

How can I keep only first 6k bytes of single line event. I have syslog type of data. They are single line and some...

by Splunk Employee in

How do I split the output of the join in Splunk

I have a splunk join between a synchornous event and an asynchornous event. The only join condition between these are...

by Path Finder in

How to Use * in escape sequence?

We can use \ as an escape sequence for special characters ",",(,),[,] and so on. How to use for * character?

by Path Finder in

How to convert this numeric field to a date format? "20150223" to "2015-02-23"

Hi everybody, I need your help please, i want to convert a numeric field to a date. Ex: "20150223" >> "2015-02-23"...

by Engager in

How to combine stats count results?

I have this string and I want the output for this result to be combined on one line and also sum the results index...

by Communicator in

What time modifiers do I need to look at 1 hour of data for yesterday relative to today?

I want to just look at 1 hour for yesterday, but I want it to be relative to today so no matter when I look at it in ...

by Motivator in

How to use mvfilter with multiple regexes?

I am building an alert based on file accesses to certain files. This is what I have so far: index=wineventlog sour...

by Path Finder in

How to count and chart by minute an error exists, not the count of the number of errors? (ex: each minute = 1 count)

Hi, Anyone know what's the best way to count by minute the error exists, and not by the count of the number of er...

by Contributor in

How to create a PDF report with a varying number of timecharts, dependent on unique stats results?

Hi, I have a search w/ a stats function that illustrates multiple individual errors. Once that search completes, I...

by Contributor in

Using D3 donut with real-time search

Hi all, I'm tying to use D3 donut chart with splunk real-time search. I've defined SearchManager this way : var searc...

by Path Finder in

How to create a Geomap with the geostats command using source IP and destination IP?

I wrote this Splunk search that gives me the lat and lon for both the destination IP address and source IP address ba...

by New Member in

How to create a drop-down to show counter information based on host?

Hi everyone, Need help with my XML below. I need to create a drop-down to display certain data based on the host a...

by Path Finder in

How can I subtract two results from stats?

Hi all. I'm having a hard time trying to make a subtraction.. This is my entry csv: Date,category,amount,per...

by Communicator in

What's your best Humans vs Zombies query?

As a spin on the rabbit/coyote population cycle I've come up with one for humans vs zombies (somewhat at boss' reques...

by Motivator in

Rename a Column?

I'm processing some IIS log files with a search: stats count max(time_taken) avg(time_taken) as avgTT by cs_uri_stem ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Week number and Month/Day of the begining of that week

Why is my time search not showing expected results with a relative time picker input?

When I get a certain string in one search result, how do I append a field from another event that can be found through correlation of 2 other fields?

How can I add icons that replace the cell.value on my table without using rangemap?

How do I write the regex to extract fields from another existing field?

Use variable on bucketing option

How can I extract fields based on headers from a CSV file in .gz format?

How to take index names from a CSV file and run a stats count on the listed index names?

how to transpose ?

How to search users who had concurrent access on different PCs within the same logon and logoff period from my sample data set?

How can I keep only first 6k bytes of single line event by transforms.conf

How do I split the output of the join in Splunk

How to Use * in escape sequence?

How to convert this numeric field to a date format? "20150223" to "2015-02-23"

How to combine stats count results?

What time modifiers do I need to look at 1 hour of data for yesterday relative to today?

How to use mvfilter with multiple regexes?

How to count and chart by minute an error exists, not the count of the number of errors? (ex: each minute = 1 count)

How to create a PDF report with a varying number of timecharts, dependent on unique stats results?

Using D3 donut with real-time search

How to create a Geomap with the geostats command using source IP and destination IP?

How to create a drop-down to show counter information based on host?

How can I subtract two results from stats?

What's your best Humans vs Zombies query?

Rename a Column?

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!