Splunk Search

Thread Info

Why regex created with the Field Extractor utility is not working when used in a search?

Field extractor created a regex that when I use as a search string doesn't work. The search string is: index=myind...

by Influencer in

Suggestions on calculating reduction rates over a period of time

I am new to Splunk and need guidance on writing a generic search that will give me the percent increase over a two mo...

by New Member in

Bug in spath ? Not recovering every fields

Hi have a query, that try to get all the fields from an xml doc. For some reason, spath seems to ignore some of the ...

by Builder in

How do I search using an evaluated numeric field

index=xxx event="NEAT-IN" platform=apns |eval epochT=relative_time(now(), "-2d@d") | eval day= strftime(epochT,"%d"...

by Path Finder in

How to find the difference between two fields of two searches from two different times?

Hi, I would like to have the difference between two fields at two different times. So, what am I supposed to use? ...

by Path Finder in

How find hosts that are missing a particular sourcetype

My windows hosts should have 'WinEventLog:Security' and Script:InstalledUpdates. How can I search for hosts that h...

by Path Finder in

How to Bump a List with Data in Splunk to Get a Match

Hi All, I have a list of invoice numbers that I want to try and find data for in Splunk. I added the list in a CSV...

by Builder in

Does anyone know how to use the highlight command to highlight strings in a table, not just raw events?

Any idea on how to use the highlight command to highlight strings that are in a table? It only appears to work when l...

by Communicator in

How to translate a numeric field name into a readable name to use in a search?

I have a file that is indexed regulary, with several data in one line: "245614":"0","245615":"1","245616":"1","24...

by Explorer in

How to write stats query to find top 20 count records based on zipcode and split by gender?

Can you please tell us how to write stats query for this case? We have columns: zipcode gender 07809 f 0...

by Builder in

Search for host name where hostname is not an IP

When I use the | metadata type=hosts I see all my servers as well as network equipment that have host as the IP of th...

by Motivator in

How to join two events in the same index for comparison purposes?

Hello Spelunkers, I have a Splunk query problem that I can't seem to solve. index=prod-web-apps sourcetype=csv-...

by New Member in

How to get values after the last /

Hi, After using search command I got the following output for XYZ field /mrIWeb/Images/SE/2.1/lib/qstudio/qcrea...

by Communicator in

Need help merging 2 stats outputs to one chart to get a total bytes count over time per source and destination

Here is what the code looks like separate, (my search) | stats sum(bytes) by src_ip | sort 5 -bytes and (...

by New Member in

Why are fields not extracted at index-time pulling a CSV file into Splunk with my current configuration?

I’m trying to pull a CSV file into Splunk with the fields extracted at index-time. My environment consist of multiple...

by Explorer in

How to use "where" clause in my search to timechart the percentage of the sum of Field1 based on the value of Field2?

I need to timechart the percentage of the sum of Field1 based on the value of Field2 preferably using single query ...

by Explorer in

What are best practices for creating a dashboard of saved searches without hitting the concurrent search quota per user?

All, I'd like to allow users to create a dashboard of saved searches without it counting towards their search quot...

by Contributor in

using streamstats and stats together

i'd like to produce a field per event that's the running sum of some field as a percentage of the total sum of that f...

by Path Finder in

How to build timechart (?conditional)

Hi guys, I have a ticket history collected from our system: TicketNumber,State,OpenDate (od) , ClosureDate (cd) 1,...

by Explorer in

How can I use splunk like spark or storm ?

I want to analysis 100k targets using the same search command in the realtime,splunk will create 100k search jobs in ...

by Communicator in

How to correlate two searches that don't share a common field?

So I am trying to correlate two searches with one another. Unfortunately, I don't have any common fields between the ...

by Path Finder in

How do I save job search results in Hunk?

I am wondering how to save job search results in Hunk over the long term. I can see where to save a job but there see...

by Explorer in

Need help with regex

I am trying to extract different error messages out of raw server log events. Below are the examples of different typ...

by New Member in

Joining two fields based on matching value to two other fields.

I am trying to create a top bandwidth users report from the RT_FLOW_SESSION_CLOSE data coming from our Juniper SRX. A...

by Path Finder in

Zoom with second dashboard not working

I am performing a sentiment analysis on RSS feeds over time and want to make a timechart zoom capability in my dashbo...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Why regex created with the Field Extractor utility is not working when used in a search?

Suggestions on calculating reduction rates over a period of time

Bug in spath ? Not recovering every fields

How do I search using an evaluated numeric field

How to find the difference between two fields of two searches from two different times?

How find hosts that are missing a particular sourcetype

How to Bump a List with Data in Splunk to Get a Match

Does anyone know how to use the highlight command to highlight strings in a table, not just raw events?

How to translate a numeric field name into a readable name to use in a search?

How to write stats query to find top 20 count records based on zipcode and split by gender?

Search for host name where hostname is not an IP

How to join two events in the same index for comparison purposes?

How to get values after the last /

Need help merging 2 stats outputs to one chart to get a total bytes count over time per source and destination

Why are fields not extracted at index-time pulling a CSV file into Splunk with my current configuration?

How to use "where" clause in my search to timechart the percentage of the sum of Field1 based on the value of Field2?

What are best practices for creating a dashboard of saved searches without hitting the concurrent search quota per user?

using streamstats and stats together

How to build timechart (?conditional)

How can I use splunk like spark or storm ?

How to correlate two searches that don't share a common field?

How do I save job search results in Hunk?

Need help with regex

Joining two fields based on matching value to two other fields.

Zoom with second dashboard not working

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...

Splunk Search

Are you a member of the Splunk Community?

Discussions