Splunk Search

Discussions

Thread Info

Splunk to Splunk communication stuck in CLOSE_WAIT

A Splunk environment in one data center configured with multiple indexers became completely unresponsive to the data ...

by Splunk Employee in

how to have 2 stats

How can i have those 2 stats? | dbquery PROD-UOL7-MANUT-MONITORACAO "select dat_collect_transaction as \"data\",...

by Contributor in

question on makemv and mvexpand

i have search query that seperate multivalue and expand them into various result. It work for entry that has data but...

by Explorer in

Timechart for three different actions : Browse, View, Download

Hi guys, So I have a query which displays elapsedTime values for three different actions which are browse, view, a...

by Communicator in

Joining two similar tabular search results?

I'm trying to collate result sets from two different, slightly similar subsearches. I have one search like this: ...

by Path Finder in

Check status in progress with closed/resolved

Hi, I am trying to create an alert that I need check if status "work in progress" was opened for more than 1 hour,...

by New Member in

How to edit my search to create a moving average based on 3 parameters?

I have the following data. The count field is calculated based on the method, status and date (I would also have the ...

by New Member in

How do I export a chart as a high-quality image?

Struggling a bit to find an answer to this. Can anyone suggest a way to create a sharp, high-quality image export ...

by Explorer in

How to extract curly brackets in regular expression

Hi, I am having a problem extracting fields that have curly brackets {} I have the log file line; 2015.06.24 11:55...

by Communicator in

Multiline table column header

I have a table that has long column headers. Can i make these headers multi-line formatted? old table headers: Ser...

by Engager in

carriage return in transaction results

I am using transaction and sending the result to an external workflow. The combined results from transaction appear o...

by Engager in

When using an API to enrich my data, how can I control how many requests Splunk sends to my external lookup script?

When using an API to enrich my data, for example running MD5 hashes in my logs against VirusTotal's API, how can I co...

by Path Finder in

Run search according to user inputs(If/Else conditions)

Hi, I want to run search queries depend on user input,ie what user selecting from dropdown. eg:if user choose ...

by Communicator in

search with NOT (a time-based auto-looked-up-field value here)

In props.conf, I have a time-based auto-lookup: "LOOKUP-jobstart = jobstart host OUTPUT jobid, user", against a perio...

by Path Finder in

Extraction of multiple events from a single variable length event

Hi Splunkers  I have some variable length NAT translation events in the following format: Apr 12 11:42:23 1.2....

by Builder in

How to get a max point in a given range

Hello Splunkians (?). I have a table of data with 2 fields : host / data_used_mb / _timestamp host data_used_mb...

by Explorer in

eval assigns value based on subsearch, but says expression is malformed

Hi all, I have a saved search containing an eval and a subsearch that seems to work successfully: source="S2 C...

by New Member in

Need help with subtotals in search

Using the search below i get the results in the first table. I would like to show subtotals (in some fashion) like th...

by New Member in

Why am I not seeing any values for fields created with the eval command in my search?

I have this search, but I am not seeing any values for Requests: (status=200 OR status>399) | eval Type=if(status=...

by Contributor in

Macro with a macro-name-argument

Can a macro be defined, that takes another string as the name of the macro, which gets ‘eval’ed first based on the ev...

by Explorer in

How to join extracted, multi-value SourceTypeA:field_a with extracted SourceType:field_b?

I want to compute a join of an extracted, multi-value SourceTypeA:field_a string variable with an extracted SourceTyp...

by New Member in

extract _time from one search and apply to another

vmstat , net stat is captured every minute. While access_combined has entires whenever traffic comes in (every second...

by Path Finder in

substr field comparison and negative matching

Hi, I've tried a few of the hints here to solve this one elegantly but can't quite get there. I have two source...

by Contributor in

Rename aggregated group by fields with colon separator

I have a search query that uses a regular expression to place values in a field/variable and then it aggregates value...

by New Member in

What are the correct stats functions to use to get the first and last event for a host in a specified time range?

What is the correct stats function to use to get the last event for a host in a specified time range? first(_raw) or ...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk to Splunk communication stuck in CLOSE_WAIT

how to have 2 stats

question on makemv and mvexpand

Timechart for three different actions : Browse, View, Download

Joining two similar tabular search results?

Check status in progress with closed/resolved

How to edit my search to create a moving average based on 3 parameters?

How do I export a chart as a high-quality image?

How to extract curly brackets in regular expression

Multiline table column header

carriage return in transaction results

When using an API to enrich my data, how can I control how many requests Splunk sends to my external lookup script?

Run search according to user inputs(If/Else conditions)

search with NOT (a time-based auto-looked-up-field value here)

Extraction of multiple events from a single variable length event

How to get a max point in a given range

eval assigns value based on subsearch, but says expression is malformed

Need help with subtotals in search

Why am I not seeing any values for fields created with the eval command in my search?

Macro with a macro-name-argument

How to join extracted, multi-value SourceTypeA:field_a with extracted SourceType:field_b?

extract _time from one search and apply to another

substr field comparison and negative matching

Rename aggregated group by fields with colon separator

What are the correct stats functions to use to get the first and last event for a host in a specified time range?

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown