Splunk Search

Discussions

Thread Info

How to extract fields and assign values from my data with the field extractor utility?

I have a custom file which we don't have problems searching certain "strings" within, but what I cannot figure out is...

by Engager in

Join two searches by different field names

I have a search I'm running which now works fine index="ecom" eventName=pageLoad | regex referrer="^http://www.exa...

by Path Finder in

Field extraction regex expression to pull information after a pattern

I am trying to get regex working for a field extraction on some SSRS logs I have indexed in our deployment. My goal i...

by Path Finder in

How do I customize the output of emailed search results?

Below is the Message I get from Search Results: 2015-04-23T15:39:28.3177658-04:00 0049 (Handler #32, Sync/TEST1.xm...

by New Member in

Search for value in field after stripping characters

Not sure how best to word the question but below is what I am trying to do - feel free to edit the question header. ...

by Path Finder in

strptime is not returning proper results

Hi All, I have a lookup file which contains 2 columns such as "hour (HH:MM)" and "job" hour job ------...

by Explorer in

Why is nullQueue not working with regex?

I am trying to pull in Windows DNS logs, but drop all internal requests. I have been able to get the logs in, and hav...

by Explorer in

How to automate a search to compare the past 24hrs in test with the last 30 days in production?

earliest=-30d@d latest=@m sourcetype=Apps (sub_source!="'A'" AND sub_source!="'B'") AND (((Hosted="TEST") A...

by Explorer in

how to get number of concurrent sessions per minute

Hi , How to get number of concurrent sessions per minute. My transaction started with beginning session and ends w...

by Communicator in

Why am I unable to extract 2 fields from source at index-time with my current configuration and regex?

All my log files are in foldes named: c:\blah\something\myapp_test\logs\somelogfile.log => app=myapp => env=t...

by Communicator in

How can I check for a URL query parameter NOT being passed

This is a follow-on question to http://answers.splunk.com/answers/228254/how-to-search-the-total-number-of-hits-to-ur...

by New Member in

Ignore results that do not appear in a separate search

A quick run down of what I want first: I have a bunch of data flowing in for production, test, and training environme...

by Communicator in

Should I be using eval or subsearch? Not able to perform Search when evaluating a boolean expression

I know this is a Splunk newbie question but I am having some issues getting this to work. I have a column field named...

by New Member in

Sort and display top 5 values alone

I am trying to display the top 5 memory used values by command - Meaning the top 5 commands with maximum usage, but I...

by Communicator in

How do I divide data in a field by a certain value?

I have a search based on an SQL query e.g. select * from . I would like to divide some data displayed on a field call...

by Path Finder in

Fisher test using R for data in Splunk

Hi I want to perform fisher test on data in Splunk. The table passed to R looks like this: index=summary stats...

by Motivator in

How to create a timechart showing how many unique FieldA were created in the last 7 days and the total number of unique FieldA?

Hi all, I am new to splunk and I am trying to form a timechart for my following question: How many unique entit...

by New Member in

How to clone monthly reports from my current search?

Hi All, I've got this search string index=my_index sourcetype=my_sourcetype host=hostname ((signature_number=1...

by Contributor in

lookup each value in multivalue field

I need to lookup each value in a multivalue field from a lookup table but it seems to only return the first field. So...

by Splunk Employee in

How to search for users that no longer exist in LDAP so I can remove their user directories from Splunk?

We use LDAP for user authentication. We have many, many users. Anyone have a search or script where I can find users ...

by Splunk Employee in

Counting Totals in CSV Lookup and return results to query

Hi, I have a simple query that counts the number of virus infected machines by different departments. infection_st...

by Explorer in

How to show only fields over 0?

I have a query like this: index=main Product=$product$ | time chart count by Quantity But I need it to return only va...

by Contributor in

How to set up a drop-down box to represent 2 different variables at the same time (Multiple searches)?

I have a dashboard which takes user input from an input field ($number$) and then has a drop-down box for another opt...

by Communicator in

CEF output to Arcsight - where can I find 'rtoutput.py' ?

Where can I find rtoutput.py ? It is mentioned here on page 8.

by Path Finder in

If a user can log in by ssh to HOST2 only from HOST1, how to search logins to HOST2 if the user did not previously log in to HOST1?

I have two hosts: HOST1, HOST2. A user can log in by ssh to the HOST2 only from the HOST1. I need to search logins to...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to extract fields and assign values from my data with the field extractor utility?

Join two searches by different field names

Field extraction regex expression to pull information after a pattern

How do I customize the output of emailed search results?

Search for value in field after stripping characters

strptime is not returning proper results

Why is nullQueue not working with regex?

How to automate a search to compare the past 24hrs in test with the last 30 days in production?

how to get number of concurrent sessions per minute

Why am I unable to extract 2 fields from source at index-time with my current configuration and regex?

How can I check for a URL query parameter NOT being passed

Ignore results that do not appear in a separate search

Should I be using eval or subsearch? Not able to perform Search when evaluating a boolean expression

Sort and display top 5 values alone

How do I divide data in a field by a certain value?

Fisher test using R for data in Splunk

How to create a timechart showing how many unique FieldA were created in the last 7 days and the total number of unique FieldA?

How to clone monthly reports from my current search?

lookup each value in multivalue field

How to search for users that no longer exist in LDAP so I can remove their user directories from Splunk?

Counting Totals in CSV Lookup and return results to query

How to show only fields over 0?

How to set up a drop-down box to represent 2 different variables at the same time (Multiple searches)?

CEF output to Arcsight - where can I find 'rtoutput.py' ?

If a user can log in by ssh to HOST2 only from HOST1, how to search logins to HOST2 if the user did not previously log in to HOST1?

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

Splunk ITSI & Correlated Network Visibility

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 3)

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions