Splunk Search

Discussions

Thread Info

Is there a way to count the number of searches through an app?

Hi, Is there a way to count the number of searches via app?

by Champion in

Enforcing string field type on digit-only data

Hi, I'm working with log data which contains MSISDNs (mobile numbers), which are in the form of "491701234567". It's ...

by Engager in

Add date to the timestamp of an event

I have some events, that are indexed with strange dates... 17:56:58,442: htsxml2|c6d1956a-d611-47a5-97df-df0d31e1d...

by Path Finder in

Simple searching by extracted field doesn't work

Hello, I have following field extraction and eventtype related definitions: In props.conf: [eventtype::app_p...

by Explorer in

Splunk field-extraction strangeness.

Folks, Running Splunk 4.2.4 in a distributed setup (1 SH + 1 Indexer). In the Splunk for Cisco Firewall TA is d...

by Communicator in

Reliable way to specify span to bucket numeric values

OK. A bit of a journey here. I am searching for a good reliable method of bucketing numeric field values into categor...

by SplunkTrust in

Work out the duration between two fields

Hi there. I basically have a data set with Support Cases in, i would like to find out the duration between the case b...

by Explorer in

"bucket _time span=..." has no affect on search results

I am trying to group events with same fields and get a count for every 5 minutes interval. I used the following searc...

by Explorer in

What is the Optimal Solution for Monitoring Host Uptime using OS Data Over a Long Period of Time?

I would like to graph by month/day of the week how many times we have restarted two servers in particular. Rather ...

by Builder in

Setting up multiple cron job to the same alert

How do I add multiple cron jobs given 1 alert? I have to setup alert traffic by customer, if there are none for the l...

by Explorer in

How to write one search find the count for three different time frames without using append or multisearch?

Hi, Please help me sort this out. I have a single search like index=test sourcetype= test...| stats count, but th...

by Contributor in

Create a graph with time fields different than event's timestamp

Hi In my events I have the following fields: 1. Initial_time (This is different than event's timestamp) (format=strin...

by Builder in

date fields for WMI source types

I noticed that my [WinEventLog:Security] does not appear to have the same date fields (date_hour, date_min, date_wday...

by Path Finder in

combine 2 index with one common field

Hello i have index=sqltem with the sourcetype=temp-log with the following field : starttime, endtime, user_id, db...

by New Member in

Need help to auto extract fields in non standard files

Hello, I am working on this for a while but i can't make it work correctly. I hope someone can help me to do this I h...

by Engager in

Calculating the percentage growth value of a field day to day

Hello everyone! I would like to know the percentage of growth of the field "wasted_MB" day by day, that is, the pe...

by Explorer in

Why is dedup not giving me the earliest event?

I'm attempting to consolidate records that share the same values in 3 fields, and I want to keep the event that has t...

by New Member in

Is there a way to ignore certain events

Is there a way to ignore splunk to read certain events: Here is a sample event that needs to be ignored: _!====...

by Path Finder in

How can I display a new calculated total field appended at the end of each event?

I would appreciate any comments. Search Case 1 host="HP" sourcetype="csv" Displays all fields for 8292 eve...

by Path Finder in

How can I edit my stats search to change the output format?

I have a formating question. When I run this: index=userdata | eval platform=case(rl_user_agent like "%iPhone...

by Path Finder in

Adding a field extraction causes other fields to disappear

I have come across a problem where the fields i have defined in my transforms.conf for a csv file are disappearing fr...

by Explorer in

Count of distinct events by multiple values?

This seems easy but for some reason I guess I don't know how to ask the question. I want a table that looks like t...

by Builder in

For each group of UIDs, how do I edit my search to filter out values from ColumnB that are not present in ColumnA?

earliest=-60d@d latest=-0d@d msg=login_daily | eval time=strftime(_time, "%m/%d/%y") | where cadt>1421366400 |stats c...

by Path Finder in

What token can I use in a timechart to pass the 'split by' clause in the $host$ token to another view in Simple XML?

I have created a dashboard in simple XML and I am attempting to make a dynamic drilldown leveraging the split by clau...

by Motivator in

How do i create another field based on existing naming convention

I have a raw event from where i want to capture a few specific fields already configured in splunk and want to create...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is there a way to count the number of searches through an app?

Enforcing string field type on digit-only data

Add date to the timestamp of an event

Simple searching by extracted field doesn't work

Splunk field-extraction strangeness.

Reliable way to specify span to bucket numeric values

Work out the duration between two fields

"bucket _time span=..." has no affect on search results

What is the Optimal Solution for Monitoring Host Uptime using OS Data Over a Long Period of Time?

Setting up multiple cron job to the same alert

How to write one search find the count for three different time frames without using append or multisearch?

Create a graph with time fields different than event's timestamp

date fields for WMI source types

combine 2 index with one common field

Need help to auto extract fields in non standard files

Calculating the percentage growth value of a field day to day

Why is dedup not giving me the earliest event?

Is there a way to ignore certain events

How can I display a new calculated total field appended at the end of each event?

How can I edit my stats search to change the output format?

Adding a field extraction causes other fields to disappear

Count of distinct events by multiple values?

For each group of UIDs, how do I edit my search to filter out values from ColumnB that are not present in ColumnA?

What token can I use in a timechart to pass the 'split by' clause in the $host$ token to another view in Simple XML?

How do i create another field based on existing naming convention

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions