Splunk Search

Discussions

Thread Info

How to create a table for mount point space?

I am attempting to build a search which shows the available space for the Unix mount that I desire. These are the sta...

by Motivator in

Why does metadata show the wrong total event count after using the delete command?

Scenario1: deleted the events from the indexer1 using the delete command, successfully executed but 1. Still few Host...

by Contributor in

Can Splunk's Search and Reporting capabilities be used to perform the reporting functions similar to a Business Intelligence tool?

Hi, I am a fairly new user to Splunk and my role is more around business reporting. I was wondering if someone wo...

by New Member in

How to put search query in "views.py" and show the output on splunk template(html page)?

Hi, I have created an application using Django Bindings. I wanted to know, if is it possible to write search queries ...

by Builder in

How to edit my serach to display count in a column chart?

HI, I have the following search: sourcetype=* | chart count(eval(status="info")) AS info, count(eval(status="Erro...

by Path Finder in

How to count and chart how many times a keyword showed in the log?

Hi Friends, How can I count and chart from a data source based on some keywords ? example: the log has THREAD_1, THR...

by New Member in

recursively join the same table?

Hi I have a data set with parent ID and child ID in a same table. I am looking for a search that produce the foll...

by Splunk Employee in

What is the best way to combine 3+ fields?

I have three fields name_1, name_2, and name_3 that I would like to combine into one field. There is no guarantee tha...

by Path Finder in

How does dedup work in splunk ?

How does dedup work in splunk ? My concern is about the performance. If my search is over 500K -1M events out of whic...

by Communicator in

How to search the number of days a request was open for?

I have three fields "Request Date" , "Remote Access Date Fulfilled" and "R_Drive Date Fulfilled". I need to find how ...

by Contributor in

How to show 0 occurrences of a field value in a table?

Hello, I'm doing a table to summarize some data and I want the table show the column or the row even if a given fi...

by Engager in

How to fetch unique session strings

How can we get all unique session strings from log which can contains all combinations of characters , symbols and di...

by New Member in

Is it possible to define a lookup to act as a Hunk input filter at search-time?

Hi there, I have been testing Hunk and noticed that due to the lack of pre-indexing, it relies quite a lot on prop...

by Explorer in

Where do I configure inputs.conf for Splunk DB Connect 1.1.5 in a search head pooling environment?

We faced HTTP 401 issues with Java Bridge for DB Connect 1.1.6, so I downgraded it to 1.1.5 and the bridge started ri...

by Communicator in

How to combine my two searches and render dynamic ranges for a Radial Gauge?

I have a Drop-down box from where I get the type of Device chosen and depending on the chosen device I need to dynami...

by New Member in

How to get all transactions for the defined day which are larger than the average transaction amount for the month before?

Hi all, I am trying to get all transactions for defined day in the past that have amount larger than the average tran...

by New Member in

Lookup from a search instead of CSV

Hi All, I have two data sources. One of them is a transient data which keeps changing. I have to use this search a...

by Contributor in

Splunk DB Connect: I have a database input with a query, but why is no data being captured by the tailing input?

I am trying to pull a large amount of data from a data warehouse into Splunk. I have a database input setup with a qu...

by Communicator in

How to view all of the real-time concurrent system-wide searches

Hello, I am trying to view all of the real-time concurrent system-wide searches to see how many users have real-ti...

by New Member in

Need help in extracting value from a field

i have tried whatever i could to get the desired output rex but not happening, please help.. This is what i am tryin...

by Communicator in

I'm missing some events from the search index

I have set up log index in Splunk to monitor Airwatch logs on several servers. However it seems that not all entries ...

by Explorer in

Does Splunk support rex in macros?

I'm receiving the following error: Error in 'rex' command: Encountered the following error while compiling the regex ...

by Engager in

How to find out the no of users who didn't logged in some X application. and its percentage.????

by Explorer in

Stats count and average

I have a log that more or less looks like: timestamp=1422006650 from=bob@sender.com to=alice@receiver.com subjec...

by Explorer in

How do I create a search that will show the average call durations for each of the three locations below?

How do I create a search that will show the average call durations for each of the three locations below? Where AVG_D...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to create a table for mount point space?

Why does metadata show the wrong total event count after using the delete command?

Can Splunk's Search and Reporting capabilities be used to perform the reporting functions similar to a Business Intelligence tool?

How to put search query in "views.py" and show the output on splunk template(html page)?

How to edit my serach to display count in a column chart?

How to count and chart how many times a keyword showed in the log?

recursively join the same table?

What is the best way to combine 3+ fields?

How does dedup work in splunk ?

How to search the number of days a request was open for?

How to show 0 occurrences of a field value in a table?

How to fetch unique session strings

Is it possible to define a lookup to act as a Hunk input filter at search-time?

Where do I configure inputs.conf for Splunk DB Connect 1.1.5 in a search head pooling environment?

How to combine my two searches and render dynamic ranges for a Radial Gauge?

How to get all transactions for the defined day which are larger than the average transaction amount for the month before?

Lookup from a search instead of CSV

Splunk DB Connect: I have a database input with a query, but why is no data being captured by the tailing input?

How to view all of the real-time concurrent system-wide searches

Need help in extracting value from a field

I'm missing some events from the search index

Does Splunk support rex in macros?

How to find out the no of users who didn't logged in some X application. and its percentage.????

Stats count and average

How do I create a search that will show the average call durations for each of the three locations below?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Help generating table

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...