Splunk Search

Discussions

Thread Info

What does "splunk enable boot-start" actually do?

I need to enable Splunk to start on boot on a few Linux (SLES 9/10, Red Hat AS 5) and Unix (HP-UX 11.23/11.31, AIX 5....

by Explorer in

Is there a way to add a line break in a search, but before piping in every other search command?

So, after an upgrade, the logs changed, but the line-break configuration wasn't adapted immediately. Before, it was "...

by Explorer in

Aruba Controller authmgr syslog. How to search each device's successful authentication count by username?

Hi, I have an Aruba Controller SYSLOG example: Apr 1 11:41:32 192.168.1.254 Apr 1 11:41:28 2015 Aruba3600 a...

by Engager in

How to create a chart to show successful or failed installations for components in my sample data?

hi I have total 7 components installed. 3 have failed to install and 4 are successfully installed... I want to ta...

by New Member in

Warning/Error Banner messages

I would like to suppress all messages in the search app. It would be nice to be able to suppress then by role so that...

by Splunk Employee in

How do I get the 5 most active hosts that created a new folder in the last 7 days?

Hey guys, I am trying to create a custom search which the question directly states. How would I go about doing tha...

by Communicator in

Why history command only shows my searches, not searches run by all users?

I want to see all the searches that are run on Splunk server in a given time by different users. I am using the “|His...

by Explorer in

Is there a way to replace indexes specified in previously created searches at search-time?

Hi: I am looking at having greater control over our indexes. The problem I have, is that there are tons of searches t...

by Explorer in

Declare a variable for a search to find distribution of calls

I have 4 basic web services (I'll add more later) which are called throughout the day. My CalculateTax web service is...

by SplunkTrust in

How do I group software versions together

I have a query that tells me the count of unique devices running a particular software version (major.minor.release.b...

by Explorer in

problem getting data into Excel from Splunk

Hi there. Trying to join a few .ai file (created in Adobe Illustrator) to my query in Microsoft Query i get the follo...

by Engager in

How to replace the "No Data Found" message with the custom message in the dashboard panel when the query in dashboard is not returning any results.

by New Member in

duration for first event and last event

Hi, If i wish to find out the duration for the first event and the last event in hour, minutes and second, what would...

by Path Finder in

How to extract multiple same name child attributes from XML data into their own unique fields?

I have some XML data broken down into events that have multiple child attributes that share the same name but are dis...

by Path Finder in

SLA Line on Chart

I am using this search to get license use over 30 days index="summary_indexers" | timechart partial=f span=1d sum...

by Motivator in

Dashboard drop down and input option

I have created a dashboard with hourly sum(added) values for all users. In the dashboard I want to give the option of...

by Communicator in

differences in multi-valued field over time

Hi all, I'm getting events like this: time=11111 file=aaaa time=11111 file=bbbb time=11111 file=cccc time=11111...

by Engager in

How to convert bytes to megabytes for use in my timechart search?

Hi, I am writing a search: timechart span=1h sum(Bytes) AS "MBytes " In the same search, I want it to retu...

by Explorer in

Why does a simple Splunk search such as index=abc take a long time to complete?

Hi, I am working on a distributed splunk environment. I have created an app and a separate indexer for this app to...

by Communicator in

How does this search from Splunk documentation work to calculate the percentage of outliers?

I'd like to understand the mathematical meaning of the below search on documentation. Is this my understanding right ...

by Explorer in

Why is my search returning "Error in 'eval' command: The expression is malformed. Expected XOR"?

Hi everyone, I have this search: index=main sourcetype=WinEventLog:Security | eval Logon_failur = case((Event...

by Communicator in

How to combine two values from separate searches to get an average?

I have 2 searches index=test field1=abc field2=xyc | stats dc(field3) as Devices and index=test field1=abc ...

by Engager in

Transpose Multi Value Fields

So I'm working on a new App, one that generates summary data based on eventtypes and fields. The summary data looks l...

by SplunkTrust in

How can i use a eval expression with a result other then previously defined?

Hi, Im currently building a dashboard and one of my search strings is the one below. I currently see the values GP...

by Explorer in

How to only show stats max(value) where min(value) is greater than 0 in the last 5 minutes?

Hi all, just getting started and trying to get something together quickly to show management so forgive asking what i...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What does "splunk enable boot-start" actually do?

Is there a way to add a line break in a search, but before piping in every other search command?

Aruba Controller authmgr syslog. How to search each device's successful authentication count by username?

How to create a chart to show successful or failed installations for components in my sample data?

Warning/Error Banner messages

How do I get the 5 most active hosts that created a new folder in the last 7 days?

Why history command only shows my searches, not searches run by all users?

Is there a way to replace indexes specified in previously created searches at search-time?

Declare a variable for a search to find distribution of calls

How do I group software versions together

problem getting data into Excel from Splunk

How to replace the "No Data Found" message with the custom message in the dashboard panel when the query in dashboard is not returning any results.

duration for first event and last event

How to extract multiple same name child attributes from XML data into their own unique fields?

SLA Line on Chart

Dashboard drop down and input option

differences in multi-valued field over time

How to convert bytes to megabytes for use in my timechart search?

Why does a simple Splunk search such as index=abc take a long time to complete?

How does this search from Splunk documentation work to calculate the percentage of outliers?

Why is my search returning "Error in 'eval' command: The expression is malformed. Expected XOR"?

How to combine two values from separate searches to get an average?

Transpose Multi Value Fields

How can i use a eval expression with a result other then previously defined?

How to only show stats max(value) where min(value) is greater than 0 in the last 5 minutes?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...