Splunk Search

Ask a Question

Discussions

Thread Info

How to count when there are 'no results found'

I have a very simple query and can't believe I can't get this to work... The os index should have 5 sourcetypes fo...

by Engager in

Use stats to show multiple values resulting from fields generated by eval command

Sorry, for some reason I cannot post my code, so attaching photo instead (please post my code if you can). Result ...

by Communicator in

extract top ten values

hi i use this code index="wineventlog" sourcetype="wineventlog:" SourceName="" Type="Critique" OR Type="Avertissement...

by Explorer in

How do I search for events that do not have another specific event occurring within a certain time?

I want to search for events that do not have a specific other event occurring within a certain time. For example, ...

by New Member in

can you please provide me a query to find out the outdated splunk universal forwarders list in our environment

i want to check the versions of all the splunk universal forwarders which are before 4.2 version in my existing envir...

by New Member in

Calculating the average time between start and stop jobs for a service

Hi, i've asked this question before and never got it to work.maybe it was my fault that i was not clear on what i ...

by Contributor in

How to custom field extract for the field "ending with"?

My sample log (Modified to remove confidential data) looks like following. Apr 9 13:54:13 10.195.247.77 04/09/201...

by New Member in

How to search a query based on the result of another query?

I have list of events that have IP address { USERID: system01 browser: Chrome, ip: 192.168.10.10 ...} { USERID: syste...

by Explorer in

How to collapse variable part of url to get a list of urls?

Hi, I'm trying to get a list of urls that users are visiting for each of the customer sites that we manage. I ...

by Path Finder in

How to get the month name for selecting previous month via date_month?

We've got the following search: tag=PeopleCounters earliest=-13mon@mon latest=@mon date_month=March | chart sum(co...

by Path Finder in

Visited website duration

Hi Everyone, I have the query below and it works, however I would like to add the time spend on each website/domai...

by New Member in

Getting values from a field and comparing them

I have the following query: index=source sourcetype=type_example | bin _time span=5m| eval TIME=strftime(_time,"%...

by Explorer in

Is it possible to combine multiple rows in a lookup table?

Hello, I use a dbxquery to import asset’s tags which includes information about asset’s category, business unit an...

by Communicator in

How can I display my data in a bubble chart?

I am running the following search: "authentication failed" | stats count by user, sourceip | sort -count | head 10...

by Explorer in

How to count stats for two different field logs coming from the same device by using the OR command?

I have two different fields in logs coming from the same device. I want to count that stats for both fields by using ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to count when there are 'no results found'

Use stats to show multiple values resulting from fields generated by eval command

extract top ten values

How do I search for events that do not have another specific event occurring within a certain time?

can you please provide me a query to find out the outdated splunk universal forwarders list in our environment

Calculating the average time between start and stop jobs for a service

How to custom field extract for the field "ending with"?

How to search a query based on the result of another query?

How to collapse variable part of url to get a list of urls?

How to get the month name for selecting previous month via date_month?

Visited website duration

Getting values from a field and comparing them

Is it possible to combine multiple rows in a lookup table?

How can I display my data in a bubble chart?

How to count stats for two different field logs coming from the same device by using the OR command?

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update

Help with report creation please

How to combine rows based on parent-child relation...

Outputlookup to a kvstore does not write results

How do I limit a search to everything except the t...

StatsBuffer::read: Row is too large for StatsBuffe...