Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
Michael_Schyma1

Transforms.conf and props.conf field extractions

Hey fellow Splunker's. I am trying to figure out what i am doing wrong in the transforms.conf to create the proper fi...
by Michael_Schyma1 Contributor in Splunk Search 09-08-2015
0 11
0
11
wpreston

Week number and Month/Day of the begining of that week

I report on a count of events by week number, it displays like this: Week Number Count ----------- -...
by wpreston Motivator in Splunk Search 09-08-2015
3 7
3
7
idab

Why is my time search not showing expected results with a relative time picker input?

Hello everyone, Need your help. I have this dashboard to display some counter information for each host over a certa...
by idab Path Finder in Splunk Search 09-08-2015
0 1
0
1
splunk0

When I get a certain string in one search result, how do I append a field from another event that can be found through correlation of 2 other fields?

Hi, Best way for me to explain is by example. example search: host=*guac* sourcetype="syslog" | rex field=_raw "gu...
by splunk0 Path Finder in Splunk Search 09-08-2015
0 2
0
2
sfatnass

How can I add icons that replace the cell.value on my table without using rangemap?

Hi, I want to add icons that replace the cell.value on my table without using range map. How can I do that? thx
by sfatnass Contributor in Splunk Search 09-08-2015
2 2
2
2
skender27

How do I write the regex to extract fields from another existing field?

Hi, I need to extract a field from another field, no metadata fields. The existing field (let's call it existing_fi...
by skender27 Contributor in Splunk Search 09-08-2015
0 15
0
15
bfernandez

Use variable on bucketing option

Is there any way to use a variable on the bucketing start option? It only works if you use an explicit numeric value....
by bfernandez Communicator in Splunk Search 09-08-2015
0 5
0
5
jkponnuri

How can I extract fields based on headers from a CSV file in .gz format?

I tried providing a csv file location in inputs.conf, [monitor:///path/to/*.csv.gz] source = testcsv sourcetype = t...
by jkponnuri Explorer in Splunk Search 09-07-2015
0 8
0
8
varad_joshi

How to take index names from a CSV file and run a stats count on the listed index names?

I need to find various information (counts, last and first event received time, etc) on indexes listed in a CSV file....
by varad_joshi Communicator in Splunk Search 09-07-2015
0 2
0
2
sajumulakkal

how to transpose ?

field1,field2,field3 1, a, b 1, b, c 1, c, d 2, r, s 2, s, k 2, k, l 2, l, m field 1 is the key based on above dat...
by sajumulakkal New Member in Splunk Search 09-07-2015
0 3
0
3
hkhat5

How to search users who had concurrent access on different PCs within the same logon and logoff period from my sample data set?

Sample data set user, pc, logon, logoff, durationOfLogon User11, HNA1E8I, 01-06-15 13:49:09, 01-06-15 13:49:11, 0:00...
by hkhat5 New Member in Splunk Search 09-07-2015
0 2
0
2
Masa

How can I keep only first 6k bytes of single line event by transforms.conf

How can I keep only first 6k bytes of single line event. I have syslog type of data. They are single line and someti...
by Masa Splunk Employee Splunk Employee in Splunk Search 09-07-2015
0 7
0
7
arungeorge09

How do I split the output of the join in Splunk

I have a splunk join between a synchornous event and an asynchornous event. The only join condition between these are...
by arungeorge09 Path Finder in Splunk Search 09-07-2015
0 1
0
1
Madhan45

How to Use * in escape sequence?

We can use \ as an escape sequence for special characters ",",(,),[,] and so on. How to use for * character?
by Madhan45 Path Finder in Splunk Search 09-07-2015
0 3
0
3
isedrof

How to convert this numeric field to a date format? "20150223" to "2015-02-23"

Hi everybody, I need your help please, i want to convert a numeric field to a date. Ex: "20150223" >> "2015-02-23" ...
by isedrof Engager in Splunk Search 09-07-2015
0 3
0
3
raindrop18

How to combine stats count results?

I have this string and I want the output for this result to be combined on one line and also sum the results index="...
by raindrop18 Communicator in Splunk Search 09-06-2015
0 2
0
2
HattrickNZ

What time modifiers do I need to look at 1 hour of data for yesterday relative to today?

I want to just look at 1 hour for yesterday, but I want it to be relative to today so no matter when I look at it in ...
by HattrickNZ Motivator in Splunk Search 09-05-2015
0 4
0
4
pdoconnell

How to use mvfilter with multiple regexes?

I am building an alert based on file accesses to certain files. This is what I have so far: index=wineventlog source...
by pdoconnell Path Finder in Splunk Search 09-05-2015
0 1
0
1
subtrakt

How to count and chart by minute an error exists, not the count of the number of errors? (ex: each minute = 1 count)

Hi, Anyone know what's the best way to count by minute the error exists, and not by the count of the number of erro...
by subtrakt Contributor in Splunk Search 09-05-2015
0 1
0
1
subtrakt

How to create a PDF report with a varying number of timecharts, dependent on unique stats results?

Hi, I have a search w/ a stats function that illustrates multiple individual errors. Once that search completes, I ...
by subtrakt Contributor in Splunk Search 09-05-2015
0 6
0
6
dimitryz

Using D3 donut with real-time search

Hi all, I'm tying to use D3 donut chart with splunk real-time search. I've defined SearchManager this way : var searc...
by dimitryz Path Finder in Splunk Search 09-04-2015
0 1
0
1
ryanprice22

How to create a Geomap with the geostats command using source IP and destination IP?

I wrote this Splunk search that gives me the lat and lon for both the destination IP address and source IP address ba...
by ryanprice22 New Member in Splunk Search 09-04-2015
0 3
0
3
idab

How to create a drop-down to show counter information based on host?

Hi everyone, Need help with my XML below. I need to create a drop-down to display certain data based on the host and...
by idab Path Finder in Splunk Search 09-04-2015
0 3
0
3
guimilare

How can I subtract two results from stats?

Hi all. I'm having a hard time trying to make a subtraction.. This is my entry csv: Date,category,amount,person 01...
by guimilare Communicator in Splunk Search 09-04-2015
0 5
0
5
Runals

What's your best Humans vs Zombies query?

As a spin on the rabbit/coyote population cycle I've come up with one for humans vs zombies (somewhat at boss' reques...
by Runals Motivator in Splunk Search 09-04-2015
12 8
12
8
Top Labels
Get Updates on the Splunk Community!

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

Splunk Developer Day announcements: AI agents, MCP tools, Forecasting, and Custom ...

Splunk Developer Day was packed with product and platform updates for developers building in the AI ...