Splunk Search

Ask a Question

Discussions

Thread Info

how to calculate percentage

Hi, Can anyone help how to calculate percentage for the report below for '%Act_fail_G_Total' host Act-Sucess Ac...

by Communicator in

Using transaction on a field alias I created for 2 fields with different names in different sourcetypes, why am I unable to group all matching events?

Hi, I have 2 sourcetypes: wineventlog:security and WinEventLog:Microsoft-Windows-Sysmon/Operational. I have extrac...

by Communicator in

Enriching Proxy Log data containing userid and IP address with DNS & Active Directory attributes, how do we handle subsearch result limits?

So, fun problem: We're wanting to do some data enrichment so that we can build good reports. What we want to do is...

by Contributor in

Map on splunk 6

Is there a way to use the google map app or something similar in splunk 6? I have syslogs containing latitude and lon...

by Engager in

timechart X axis

How can I get more then 4 marks on x axis using timechart? In a search like this: earliest=-1d@d latest=-0d@d sour...

by Communicator in

How to link two sources with equals fields in each?

Hey everyone, Here is my problem: I have two sources (Source1 and Source2): * In source1 I have the field "device num...

by Explorer in

Displaying chart in real-time with fixed earliest/latest

I have a query that overlays the value of one date with the value of another date, it is put together as this: ......

by Communicator in

How To Get = sum(set A events) / sum (set B events).

Hello, I'm new to splunk. I need to evaluate result = sum(set A events) / sum (set B events). I've tried: sourcety...

by Path Finder in

Does dbquery results count toward daily index license?

So, the title says it all. I was looking in the db connect documentation and didn't see anything that answered this q...

by Builder in

Postprocessing search with tokens in base search not returning results

I'm trying to build a form with a base search and post processing search as below. The panel gets loaded from a drill...

by Contributor in

Dashboard not showing correct results

Hello, I have created a dashboard with some very simple searches, for example: index=something | stats count ...

by Explorer in

How to chart URLS by error code percentage

We are grabbing logs from nginx. I would like to know how I can chart URLS that are returning a 408 error code as wel...

by New Member in

framework and splunk both run?

Hi, I'm a little confused with how the app framework works. Does it run seperately outside of splunk? One of our d...

by Champion in

How do you create a threshold on a bar chart to show when certain cpu/computer (e.g server) resource(s) exceed its normal threshold?

Need Help : I'm trying to create a bar chart to display the data below for each server: 1. Free Space 2. Free Megabyt...

by Path Finder in

How can I edit my search with multiple appendcols to improve performance?

Hi Splunkers! Just wondering whether anyone can advise me on how to tune the following search statement? The reaso...

by Communicator in

Help with creating search to chart current data against calcuated averages.

I am indexing some data in json format. The json has some fields that are arrays like: { system: "peanuts", location:...

by Contributor in

How to use a lookup table in a search to match any IPs or domains found in a column, but ignore any values older than 90 days?

I currently have a lookup table that contains 2 columns: date and ioc. The goal is to have Splunk go through the look...

by Engager in

Timechart distribution of stats count result

I am trying to do the following search: Log file looks like 2012-12-01 11:00:00 id=B starttime=2012-12-02T08:00...

by Path Finder in

How to search the count of a certain field value since a specific time in a subsearch?

I'm almost finished with my search When I do this, search I've got what I want, but my count is not correct... *I wo...

by Engager in

Marker Gauge for multiple events in single search

My search returns a table like below, I would like to have Marker Gauge grouped them as host. Please share your thoug...

by Engager in

Search bug when using NOT and specific wildcard based searches?

I've observed some strange behavior with a particular search: index=test NOT user=*$ Will not return results wh...

by Explorer in

How to edit my search to add a column with the total for each list(count) by a field?

Hi to everyone I have this search: sourcetype="cisco:asa" | stats count by src_ip,dest_ip | sort -count | stat...

by Communicator in

How do I search which individual IPs are reporting into Splunk forwarders by network?

I am new to this particular Splunk environment and need to familiarize myself with its content and layout. The majori...

by Contributor in

How do I add the count of string values in each row?

Hi guys, If I want to add the total values from each row, I can use the command | addtotal and this is only used t...

by Explorer in

How to create a drilldown for specific dynamic values on a table?

Dear Everyone, I need some input for creating a drilldown on a table. My Table will look like the image below ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

how to calculate percentage

Using transaction on a field alias I created for 2 fields with different names in different sourcetypes, why am I unable to group all matching events?

Enriching Proxy Log data containing userid and IP address with DNS & Active Directory attributes, how do we handle subsearch result limits?

Map on splunk 6

timechart X axis

How to link two sources with equals fields in each?

Displaying chart in real-time with fixed earliest/latest

How To Get = sum(set A events) / sum (set B events).

Does dbquery results count toward daily index license?

Postprocessing search with tokens in base search not returning results

Dashboard not showing correct results

How to chart URLS by error code percentage

framework and splunk both run?

How do you create a threshold on a bar chart to show when certain cpu/computer (e.g server) resource(s) exceed its normal threshold?

How can I edit my search with multiple appendcols to improve performance?

Help with creating search to chart current data against calcuated averages.

How to use a lookup table in a search to match any IPs or domains found in a column, but ignore any values older than 90 days?

Timechart distribution of stats count result

How to search the count of a certain field value since a specific time in a subsearch?

Marker Gauge for multiple events in single search

Search bug when using NOT and specific wildcard based searches?

How to edit my search to add a column with the total for each list(count) by a field?

How do I search which individual IPs are reporting into Splunk forwarders by network?

How do I add the count of string values in each row?

How to create a drilldown for specific dynamic values on a table?

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions