Splunk Search

Discussions

Thread Info

How can I extract text between 2 standard texts that may contain " . , ? / " ?

I have this type of log: Bin:456852 IssuingBank:PBS INTERNATIONAL A/S;DANSKE BANK;DANSKEBANK IssingCountry:DK IRF...

by Explorer in

If I only have transaction data from 8AM to 6PM, how do I display a timechart from 00 to 24 hours?

I have data (transactions data) which shows 8 AM to 6 PM, but I need to show a report from 00 hrs to 24 hrs. I tried ...

by Explorer in

Why is my search returning a different set of results after I replaced the 'dedup' command with 'stats dc()' to improve performance?

Hi, I wonder whether someone may be able to help me please. I'm using the search below to successfully produce...

by Motivator in

How to calculate a rolling quarters growth rate, so if the current month is August, then growth rate = (May+June+July 2015)/(May+June+July 2014)?

Hi all, I want to calculate the rolling quarters growth rate, which is calculated from the sum of the previous 3 m...

by Path Finder in

Looking for a License Usage query to generate external scripted alerts with

hi guys i'm looking for help around license usage. i'm trying to troubleshoot a license violation we had recently ...

by Contributor in

Stats against timechart

I have a search that I can use in a dashboard that gives me statistical data about bandwidth usage on a firewall. I h...

by Communicator in

Use EVAL and Case for Windows EventCodes to provide information in table output.

Using this code I am able to generate a table for IIS Application Pool specific errors. With the eval-case providing ...

by Builder in

How to configure the search head for distributed search with one search head, one indexer, and no cluster?

I am setting up a green-field Splunk environment with one search head and one indexer, which we would like to separat...

by Engager in

Is there a unix-style 'paste' in Splunk to merge three multivalue fields?

paste is an extremely useful unix command. I want to use that very feature to merge three multivalue fields in exactl...

by Explorer in

How to get the average of two fields from two different indexes by time?

I'm trying to get the average memory and CPU usage by the hour. Unfortunately, that information is stored on two diff...

by Path Finder in

How to write a search to convert some table rows as columns?

I need to convert the following source data as a specified output. Source Data Hostname Event_time ...

by New Member in

How to edit props.conf to specify a different regex for each of three sourcetypes?

Hello, I'm trying to parse three different log files with different regex. I have three different sourcetypes...

by Explorer in

How to calculate the durations between 1 start event and multiple end events?

Hello all, How do I get the time between one start event and multiple end events? Let me explain: I have one s...

by Explorer in

Since we're using the batch stanza on our forwarders, how can we manually find duplicate indexed logs?

We're using 'batch' stanza on our Splunk forwarders so they delete the log files once they've been indexed. Obviously...

by Path Finder in

Can we save the extracted fields from one Splunk instance and import them to another Splunk instance?

Can we save the extracted fields from one Splunk instance and import the same to another Splunk instance ? Please ...

by Explorer in

What's a faster search than a Nested IF statement?

I wrote this search to look at a user agent string (RTG_Browser) and identify the operating system. I plan on writing...

by SplunkTrust in

How to obtain a sum of averages

I have a data set that looks similar to the sample lines below and I'm having a difficult time finding a good way to ...

by Explorer in

Table - Row Colouring - (Splunk 6.x examples app)

I was just trying to use the same example javascript and css with different search query, but i'm not able to get the...

by Motivator in

How to calculate bandwidth utilization on an snmp interface from one point to another

Hi, I keep getting negative values on my chart when i run my search below.All I'm trying to do is calculate the ba...

by Path Finder in

I created a lookup and mapped to the logs, but how do I get the count of another field from a different log into my table?

index=main sourcetype=mysourcetype| stats count by X | lookup data.csv cad as X |table name, count, login | where nam...

by New Member in

Filter Based on click

We have a query which is using join condition to filter data and we have a graph resulting into three columns Fail|Su...

by Communicator in

How to set a fixed height for all tables or charts in a panel?

Hi I have the following panel that has to two different charts/visualizations. The table changes its height depend...

by Builder in

How to write regex or MV command to extract multiple values?

Hi, I have a list of Locate ID's (below) that are contained within a single event in Splunk. I am trying to create...

by Path Finder in

TLD Extraction for Report

I'm looking at creating a report that extracts suspicious TLDS over a period of time such as, as past six hours, or p...

by Explorer in

How to search for newly created OOID's and parse it with my previous search

Hey guys, So I am trying to combine an old search with a new search of mine. I basically wanted to continually fet...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I extract text between 2 standard texts that may contain " . , ? / " ?

If I only have transaction data from 8AM to 6PM, how do I display a timechart from 00 to 24 hours?

Why is my search returning a different set of results after I replaced the 'dedup' command with 'stats dc()' to improve performance?

How to calculate a rolling quarters growth rate, so if the current month is August, then growth rate = (May+June+July 2015)/(May+June+July 2014)?

Looking for a License Usage query to generate external scripted alerts with

Stats against timechart

Use EVAL and Case for Windows EventCodes to provide information in table output.

How to configure the search head for distributed search with one search head, one indexer, and no cluster?

Is there a unix-style 'paste' in Splunk to merge three multivalue fields?

How to get the average of two fields from two different indexes by time?

How to write a search to convert some table rows as columns?

How to edit props.conf to specify a different regex for each of three sourcetypes?

How to calculate the durations between 1 start event and multiple end events?

Since we're using the batch stanza on our forwarders, how can we manually find duplicate indexed logs?

Can we save the extracted fields from one Splunk instance and import them to another Splunk instance?

What's a faster search than a Nested IF statement?

How to obtain a sum of averages

Table - Row Colouring - (Splunk 6.x examples app)

How to calculate bandwidth utilization on an snmp interface from one point to another

I created a lookup and mapped to the logs, but how do I get the count of another field from a different log into my table?

Filter Based on click

How to set a fixed height for all tables or charts in a panel?

How to write regex or MV command to extract multiple values?

TLD Extraction for Report

How to search for newly created OOID's and parse it with my previous search

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions