Splunk Search

Discussions

Thread Info

How to search for the same IP in multiple sourcetypes within a certain time frame?

Greetings, I am looking for a way to search through 2 sourcetypes: sourcetype=bro_http AND sourcetype=McAfee to fi...

by Path Finder in

How to combine two fields into one to run a stats count search?

I have log events which are little different, but each event has a unique name which I am interested in. However, thi...

by New Member in

How to add a column with the max values for a set of fields on each row and add these values in the totals row?

I need to add a maximum column for a set of fields on each row (created using chart ... OVER ... BY ... ), and then a...

by Engager in

What is meant to clean up dispatch?

Splunk recently fell over because the dispatch directory (on an ext2 filesystem) hit 32000 directory entries, so the ...

by Engager in

How to search the last 90 days of BlueCoat logs for the top 100 websites?

This is the criteria I'm using: index=bcoat_logs sc_filter_result!=DENIED cs_host!="-" | stats count(cs_host) by c...

by New Member in

How to edit my search to get the counts and eval results for each value of a certain field?

The below returns the correct results, but I only get the RequestOne, RequestTwo, and meetscriteria fields when field...

by Engager in

To Get sum of hosts

Hi, i have a simple query where i am getting response times by host. i want to get the sum of hosts as a filed. I ...

by Contributor in

How do I table 3 distinct values within the same event if all values share the same field name?

Hi, In my log, I have the same name field for three distinct values in the same event. For example: ... Securit...

by Communicator in

Captain Skipping Configuration Replication

Hi guys, I'm having a problem with my environment, we have 15 machines, 1 Master, 1 Deploy, 1 Universal Forwarder,...

by Contributor in

"Unanswered" Questions

As a note: 17:30 CET - 4,825 questions, 1,069 unanswered!?! There are so many answered questions still "open" / un...

by Contributor in

How to search the count of each Windows event code in my data and run arithmetic operations with these counts to display on a timechart?

Hello! I have some Windows event log data with 5 different event codes. I need to count by each of the event codes...

by Builder in

How to create a panel that displays response events which take longer than the time of X to respond?

Hey fellow Splunkers, I have a very complex problem which I am attempting to solve and thought it couldn't hurt to...

by Explorer in

What is the difference between `tstats` and tstats?

Hi all, I'm trying to build a simple dashboard that shows a simple graph of bytes sent by a web server. I realize ...

by Engager in

How to add the result of 2 calculations in 2 searches?

I have 2 searches which from the log I calculate a difference of a number at the current time and the beginning of th...

by New Member in

Search to display a table of only Active alerts in time frame

I am trying to build a table that will show the active alerts for SNMP trap data ingested via a text file. I can ...

by Path Finder in

How to Sort the "count by..." results

I am using the search below for the locked out accounts - Should be possible to sort the result by the user with high...

by Path Finder in

Active Directory LastLogonTimestamp EVAL/WHERE Date Math

I'm attempting to locate systems that have not logged into AD for 90 days. I am using the following search; index=...

by Communicator in

How to extract the date from the file name without modifying datetime.xml?

Hi everyone, I am currently trying to extract the date from the filename so I can use it for all events include in...

by Path Finder in

Segregate data base on IP Address

I am looking for the best solution for segregate data into multiple indexes. There are IP addresses (very vary) being...

by New Member in

How to extract XML field data using transforms.conf?

How to extract xml data contained in AUDDET_STR field in the following event using transforms.conf settings? "2016...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to search for the same IP in multiple sourcetypes within a certain time frame?

How to combine two fields into one to run a stats count search?

How to add a column with the max values for a set of fields on each row and add these values in the totals row?

What is meant to clean up dispatch?

How to search the last 90 days of BlueCoat logs for the top 100 websites?

How to edit my search to get the counts and eval results for each value of a certain field?

To Get sum of hosts

How do I table 3 distinct values within the same event if all values share the same field name?

Captain Skipping Configuration Replication

"Unanswered" Questions

How to search the count of each Windows event code in my data and run arithmetic operations with these counts to display on a timechart?

How to create a panel that displays response events which take longer than the time of X to respond?

What is the difference between `tstats` and tstats?

How to add the result of 2 calculations in 2 searches?

Search to display a table of only Active alerts in time frame

How to Sort the "count by..." results

Active Directory LastLogonTimestamp EVAL/WHERE Date Math

How to extract the date from the file name without modifying datetime.xml?

Segregate data base on IP Address

How to extract XML field data using transforms.conf?

Splunk APM & RUM | Upcoming Planned Maintenance

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

multi-level nested JSON to table?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?

How to configure alert when a service is in failed...

how to identify '\n' in Splunk rex