Splunk Search

Ask a Question

Discussions

Thread Info

Why does the time range picker return events for Last 24 Hours, but not for Date and Time for the same time range?

HI, My search is index=aa sourcetype=windows_server_hourly | rex field=host "(?[a-z0-9-]+).*" | eval "Server Name...

by Contributor in

Can the exact same search return different results depending on use in a search bar versus the REST API?

Hello, this search in the search bar of splunk: javaException=* earliest=-m@m | sort _time returns about 10...

by New Member in

Wierd results with rename

This is really strange. It appears that I can either rename _time or format _time but not both. Here are the searches...

by Builder in

Is there a way to count the number of searches through an app?

Hi, Is there a way to count the number of searches via app?

by Champion in

Enforcing string field type on digit-only data

Hi, I'm working with log data which contains MSISDNs (mobile numbers), which are in the form of "491701234567". It's ...

by Engager in

Add date to the timestamp of an event

I have some events, that are indexed with strange dates... 17:56:58,442: htsxml2|c6d1956a-d611-47a5-97df-df0d31e1d...

by Path Finder in

Simple searching by extracted field doesn't work

Hello, I have following field extraction and eventtype related definitions: In props.conf: [eventtype::app_p...

by Explorer in

Splunk field-extraction strangeness.

Folks, Running Splunk 4.2.4 in a distributed setup (1 SH + 1 Indexer). In the Splunk for Cisco Firewall TA is d...

by Communicator in

Reliable way to specify span to bucket numeric values

OK. A bit of a journey here. I am searching for a good reliable method of bucketing numeric field values into categor...

by SplunkTrust in

Work out the duration between two fields

Hi there. I basically have a data set with Support Cases in, i would like to find out the duration between the case b...

by Explorer in

"bucket _time span=..." has no affect on search results

I am trying to group events with same fields and get a count for every 5 minutes interval. I used the following searc...

by Explorer in

What is the Optimal Solution for Monitoring Host Uptime using OS Data Over a Long Period of Time?

I would like to graph by month/day of the week how many times we have restarted two servers in particular. Rather ...

by Builder in

Setting up multiple cron job to the same alert

How do I add multiple cron jobs given 1 alert? I have to setup alert traffic by customer, if there are none for the l...

by Explorer in

How to write one search find the count for three different time frames without using append or multisearch?

Hi, Please help me sort this out. I have a single search like index=test sourcetype= test...| stats count, but th...

by Contributor in

Create a graph with time fields different than event's timestamp

Hi In my events I have the following fields: 1. Initial_time (This is different than event's timestamp) (format=strin...

by Builder in

date fields for WMI source types

I noticed that my [WinEventLog:Security] does not appear to have the same date fields (date_hour, date_min, date_wday...

by Path Finder in

combine 2 index with one common field

Hello i have index=sqltem with the sourcetype=temp-log with the following field : starttime, endtime, user_id, db...

by New Member in

Need help to auto extract fields in non standard files

Hello, I am working on this for a while but i can't make it work correctly. I hope someone can help me to do this I h...

by Engager in

Calculating the percentage growth value of a field day to day

Hello everyone! I would like to know the percentage of growth of the field "wasted_MB" day by day, that is, the pe...

by Explorer in

Why is dedup not giving me the earliest event?

I'm attempting to consolidate records that share the same values in 3 fields, and I want to keep the event that has t...

by New Member in

Is there a way to ignore certain events

Is there a way to ignore splunk to read certain events: Here is a sample event that needs to be ignored: _!====...

by Path Finder in

How can I display a new calculated total field appended at the end of each event?

I would appreciate any comments. Search Case 1 host="HP" sourcetype="csv" Displays all fields for 8292 eve...

by Path Finder in

How can I edit my stats search to change the output format?

I have a formating question. When I run this: index=userdata | eval platform=case(rl_user_agent like "%iPhone...

by Path Finder in

Adding a field extraction causes other fields to disappear

I have come across a problem where the fields i have defined in my transforms.conf for a csv file are disappearing fr...

by Explorer in

Count of distinct events by multiple values?

This seems easy but for some reason I guess I don't know how to ask the question. I want a table that looks like t...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why does the time range picker return events for Last 24 Hours, but not for Date and Time for the same time range?

Can the exact same search return different results depending on use in a search bar versus the REST API?

Wierd results with rename

Is there a way to count the number of searches through an app?

Enforcing string field type on digit-only data

Add date to the timestamp of an event

Simple searching by extracted field doesn't work

Splunk field-extraction strangeness.

Reliable way to specify span to bucket numeric values

Work out the duration between two fields

"bucket _time span=..." has no affect on search results

What is the Optimal Solution for Monitoring Host Uptime using OS Data Over a Long Period of Time?

Setting up multiple cron job to the same alert

How to write one search find the count for three different time frames without using append or multisearch?

Create a graph with time fields different than event's timestamp

date fields for WMI source types

combine 2 index with one common field

Need help to auto extract fields in non standard files

Calculating the percentage growth value of a field day to day

Why is dedup not giving me the earliest event?

Is there a way to ignore certain events

How can I display a new calculated total field appended at the end of each event?

How can I edit my stats search to change the output format?

Adding a field extraction causes other fields to disappear

Count of distinct events by multiple values?

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...