Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Regular expression in Search

Hello, i want all records from some hosts. How can i find records from hosts that match: host=chvj[34]04ld8[246...

by Communicator in

Search Macro Question

Hey, I have the following saved search in my Splunk instance which I saved as a search macro: sourcetype="log-f...

by Motivator in

avg of number of events by day

Hi all, i need to search the average number from the count by day of an event. for example if i have 3 5 and 4 eve...

by Path Finder in

TimeRangePicker Charting Question

Hey, I have written the following advanced dashboard that allows me to view results in a simple table based on wha...

by Motivator in

Best way to create a transaction of three events?

I've got data that looks (functionally) like this: Event 1 contains String-A Field-X Event 2 contains String-B Fie...

by Explorer in

Search for percent symbol in log entries

Our web server logs have percent symbols in the entries. I am able to search for certain logs by using REGEX (e.g. RE...

by Communicator in

Is there a search that a user can execute to view search history

We have a users that would like to see their search history, however this user does not have admin rights and does no...

by Communicator in

Strange search results

Hi, I am currently indexing bash history files. The user and other information are encapsulated in the file name w...

by Path Finder in

Invalid display for custom time search?

Hi, I've tried to do a search based on custom time. For example,I've chosen from the drop down box > Custom tim...

by Contributor in

How to perform a division between subresults

Hi all, I would like to perform the following each result returned by source="wmi:cputime" daysago=30 | wher...

by Explorer in

How can I limt my search results to the first event returned?

How can I limit my search results to the first event returned? I am trying to define a transaction that starts wit...

by Path Finder in

Create semaphore with splunk

Hi all i need to create a graph like a semaphore green between 2 values yellow between other 2 values red over a valu...

by Path Finder in

Combining Multiple Fields in Charting

Given a data set with events that fall into X categories and Y subcategories, can I display a chart that shows a colu...

by Communicator in

Scripted Input failing, runs fine when run manually

Hello, I have a scriped input that is throwing an error: ERROR ExecProcessor - message from ""MyScript.bat"" py...

by Communicator in

datetime.xml filename timestamp !?!

Hello, I am trying to extract the timestamp from the filepath of my log files. I've read and followed variations o...

by Engager in

Is it possible to hide _raw from a search result?

The data I'm sending to my Splunk Index is made of a number of KV records. A subset of a record data looks like: t...

by Splunk Employee in

transaction search: how to determine unresolved "start of problem" events

Hi, In my application, i use a file to store problems: when happen and when resolve. When a problem happen, more t...

by Path Finder in

Wildcarding help in inputs.conf -- controlling directory depth

Inputs.conf: The stanza [monitor:///app/fao/dittradeflow/servers/.../logs] will look at all folders and subfolders wi...

by Path Finder in

Can I make field values case-sensitive?

Is there a way to enforce case-sensitivity on a field by field basis? Example: myid="0ZP0YFS5Rl7pACDD1K002" ...

by Splunk Employee in

Need to calculate weighted average across columns like addtotals does sum across columns (from chart command)

I have asked almost the same question here. I will try to explain my question better here My command looks like th...

by Path Finder in

Splunk Search

Discussions

Regular expression in Search

Search Macro Question

avg of number of events by day

TimeRangePicker Charting Question

Best way to create a transaction of three events?

Search for percent symbol in log entries

Is there a search that a user can execute to view search history

Strange search results

Invalid display for custom time search?

How to perform a division between subresults

How can I limt my search results to the first event returned?

Create semaphore with splunk

Combining Multiple Fields in Charting

Scripted Input failing, runs fine when run manually

datetime.xml filename timestamp !?!

Is it possible to hide _raw from a search result?

transaction search: how to determine unresolved "start of problem" events

Wildcarding help in inputs.conf -- controlling directory depth

Can I make field values case-sensitive?

Need to calculate weighted average across columns like addtotals does sum across columns (from chart command)

Help calculating error breach rate

JSON formatting

Why isn't transaction working for me?

How to determine working duration of user on Chang...

ML Users hitting Limits