Splunk Search

Discussions

Thread Info

Is there a way to export the Data Summary information on the Search Page to a dashboard?

I was looking at the Data Summary information on the Search page and noticed that there doesn't seem to be a way to e...

by Path Finder in

How do I count the total in a subsearch with only totals that are greater than 100.

sourcetype=mysource Name=web_access `myfilter` | stats count(Source_Host) as temp by Source_Host, Dest_Host | sort -t...

by Explorer in

How to get the head K of each index in a Splunk search?

My stats contain an entry called "index". How to get the head K of each index type? For example I want the top 10 in ...

by Explorer in

Getting the counts

Hi i have this query - sourcetype=access_combined_cookie uri="xxxxx" jsession!=- | bucket _time span=5m | stats count...

by Contributor in

How to create a table with two stats list columns?

I have two queries that I want to merge into one. First query: <pre> sourcetype="sourceType1" rex "Application=...

by New Member in

Query to return events whose count is more than 3 times standard deviation,Find outlier events, using different time ranges for events and for stats

I am trying to write a query which returns the values in myCol which have a count greater than 3 times the standard d...

by New Member in

How to compare results of a bar chart from two different times

I have a search index=* sourcetype=tsv Transaction=* Jmeter_measure="ok.pct90"| chart avg(Jmeter_RT_val) by Transact...

by New Member in

is their way alert(search query) can distinguish between weekdays, weekends, monthend?

hi All, is their way alert(search query) can distinguish between weekdays, weekends, monthend? Thanks Sathish R

by Contributor in

Help with tracking vulnerability data over time

I'm trying to figure out the smartest way to track vulnerability data over time and account for how DHCP may mean tha...

by Builder in

How to find yearlly,monthly, weekly wise data using single date value?

Hi, I have Transaction date format as below. I want to find yearlly,monthly, weekly wise data using single date value...

by Explorer in

How do I extract a string from my sample log using the rex command?

How do I extract the string from MSG: till EL from the sample log below using the rex command? BL: | LL: ERROR | T...

by New Member in

Is Splunk preferable for XML data?

Hi, I was working with Splunk and XML data from past 1 month, and found that Splunk is not very friendly with XML ...

by Explorer in

How to count the the number of elements in a fields after performing a set difference against other events?

How could the number of elements in a tuple of fields be counted after performing a set difference against the other ...

by Contributor in

How to extract filename form Source field

Hi team, I have got a csv files indexed into splunk with names SOURCE= C:\Netwrokanalysis\germany.csv ,c:\networka...

by Path Finder in

How to get list of host and source type which are not not sending data for last 24 hour.

I have couples of host and each host has multiple source type, I want to list down host and source type which are not...

by Explorer in

How do I combine two searches from 2 sourcetypes, each with a requestID field, without using join?

I'm still going through the myriad of answers relating to this, but as of yet, have not found my answer. I am doing s...

by Builder in

How to join 2 different source tyoe using identity column?

Hi All, We have 2 different sourcetype master and child need to join/append the source type on identity column mas...

by Explorer in

How to count/map internal traffic for a range of IP addresses?

I have the following fields within splunk: srcaddr and dstaddr, and I would like to map the number of internal to int...

by Path Finder in

How to use a lookup table to find a value within a range?

My static lookup table has 3 columns titled Low, High and Name. When I run a search in splunk and extract a field val...

by Engager in

would like to know how to get subtraction of field value in two different events

would like to know how to get subtraction of field value in two different events i mean i have event A with field su...

by Communicator in

Splunk DB Connect: Is it possible to specify a SQL Query by running an inner join query to use as the database input?

In the DB Connect app, when I try to add a Database Input, instead of selecting a Table Name I would like to Specify ...

by Path Finder in

How to edit my search to find the total count for three different actions?

Hi guys, I wanted to know how I would go about getting the total count for each document action over the past 30 d...

by Communicator in

How to write a transaction search where startswith starts with event A, while endswith must match a regex

I need to find a sequence of activity that always start with: http://abc.com/abc.html http://abc.com/end.xvz?.... ...

by Explorer in

how to use timerangepicker's earliest

I want to only use timerangepicker'e earliest or latest. for example i set my search earliest is @mon and my search l...

by Explorer in

Outer join on lookup and subsearch timeout

Hi all, I am running into a timeout problem on one of my searches and now wanr to find out if there maybe is a bet...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is there a way to export the Data Summary information on the Search Page to a dashboard?

How do I count the total in a subsearch with only totals that are greater than 100.

How to get the head K of each index in a Splunk search?

Getting the counts

How to create a table with two stats list columns?

Query to return events whose count is more than 3 times standard deviation,Find outlier events, using different time ranges for events and for stats

How to compare results of a bar chart from two different times

is their way alert(search query) can distinguish between weekdays, weekends, monthend?

Help with tracking vulnerability data over time

How to find yearlly,monthly, weekly wise data using single date value?

How do I extract a string from my sample log using the rex command?

Is Splunk preferable for XML data?

How to count the the number of elements in a fields after performing a set difference against other events?

How to extract filename form Source field

How to get list of host and source type which are not not sending data for last 24 hour.

How do I combine two searches from 2 sourcetypes, each with a requestID field, without using join?

How to join 2 different source tyoe using identity column?

How to count/map internal traffic for a range of IP addresses?

How to use a lookup table to find a value within a range?

would like to know how to get subtraction of field value in two different events

Splunk DB Connect: Is it possible to specify a SQL Query by running an inner join query to use as the database input?

How to edit my search to find the total count for three different actions?

How to write a transaction search where startswith starts with event A, while endswith must match a regex

how to use timerangepicker's earliest

Outer join on lookup and subsearch timeout

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions