Splunk Search

Discussions

Thread Info

Help! I need to know if Splunk is capable of the following;

• Need to be able to view the health of the servers and applications running across all three datacentres in a single...

by New Member in

How to write a search to count variations (different order and number) of transaction events?

I need a search to count variations of event occurance. Lets say we have events: A,B,C,D,E which are combined into tr...

by Explorer in

How to edit my search to get the sum of multiple results per transaction_Id?

index=inctv starttime=10/07/2015:00:00:00 endtime=10/13/2015:00:00:00 (sourcetype="mysource" OperationName="*MyImpl.*...

by Engager in

How to filter out syslog events from a group of hosts via regex?

Hi We have a group of servers and looks like they have been reconfigured. Until we get hold of a sysadmin and fix ...

by Path Finder in

Makemv example not working

In trying to use makemv, which seems incredibly simple, I've been ingesting multiple iterations of a single event wit...

by Communicator in

Nessus in Splunk - pull scans from Windows Server

I'm running Splunk on a Linux box. Nessus is running on another Linux box, but I'm using the Nessus web GUI from a Wi...

by New Member in

stats usage to display output as follows

I have a table like this .. Table 1 : Information to be searched **Company A | Company B abc xyz lmn pqr de...

by Motivator in

Why is Auto Refresh not working with Post Process Search in a dashboard panel?

Hi All, We have a dashboard with 6 panels in which for one panel we have implemented a post process search. The is...

by Contributor in

Can a particular user or role ignore the limits.conf max_searches_per_cpu setting?

Is there a way to bypass max_searches_per_cpu setting (in limits.conf) for a given user or role? I need to to this...

by Path Finder in

How to extract particular data from a file and then define fields from it?

Hi I have a flat file with the following data which is ingested in Splunk: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~...

by New Member in

Extracting field based on prior field extracted

Hi all, So I have data that looks something like this where each event contains somewhat historical data, and it h...

by Path Finder in

perfmon PercentProcessorTime incorrect maximum

Splunk 6.1 running on Windows 2012 R1 perfmon remote machine Windows 2008 R1. Querying PercentProcessorTime from P...

by Path Finder in

How do we chain up events based on parent-child events without recursion?

Let's say I have something like this: time,ParentId,ChildId 12:05:10 PM, ,A1 12:05:11 PM, ,B1 12:05:12 PM,A1 ,A2 1...

by Splunk Employee in

How to edit my search to sum up the count of hosts per group for each account?

Hi All, I'm pretty new to Splunk so still learning my way around everything. Running a search like this results...

by Engager in

What's wrong with my rangemap?

Hi, I'm trying out some searches learned at .conf. This one is supposed to provide lag info for indexing delays. U...

by Champion in

How do I edit my "eval if match" syntax to evaluate complex combinations with precedence on the order of operation?

Hello all, I have the following eval function which functions properly: | eval my_count=if(match(lower(FieldNa...

by Path Finder in

Help with replacing values

Hi, I have my output I was looking for, but was wondering if there was a cleaner way to do it. Basically I have a ...

by Explorer in

How to group search results based on values?

I need to filter some search results. Today I have the following search: search index="test" series_name=* | stats...

by Path Finder in

Looking to see if a string is present in another search

I'm looking through DNS logs in one index. They are normal DNS logs, so they have the normal query containing the hos...

by Contributor in

Where can I find a reference for complex search examples? Does anyone have the PDF version of the book Building Splunk Solutions?

I need to understand more on the complex searches that can be performed using Splunk.

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Help! I need to know if Splunk is capable of the following;

How to write a search to count variations (different order and number) of transaction events?

How to edit my search to get the sum of multiple results per transaction_Id?

How to filter out syslog events from a group of hosts via regex?

Makemv example not working

Nessus in Splunk - pull scans from Windows Server

stats usage to display output as follows

Why is Auto Refresh not working with Post Process Search in a dashboard panel?

Can a particular user or role ignore the limits.conf max_searches_per_cpu setting?

How to extract particular data from a file and then define fields from it?

Extracting field based on prior field extracted

perfmon PercentProcessorTime incorrect maximum

How do we chain up events based on parent-child events without recursion?

How to edit my search to sum up the count of hosts per group for each account?

What's wrong with my rangemap?

How do I edit my "eval if match" syntax to evaluate complex combinations with precedence on the order of operation?

Help with replacing values

How to group search results based on values?

Looking to see if a string is present in another search

Where can I find a reference for complex search examples? Does anyone have the PDF version of the book Building Splunk Solutions?

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

Observability Highlights | January 2023 Newsletter

How to achieve Crowdsec json logs fields extractio...

Need help on Dashboard related issue?

Why does Walklex return spaces before some of the ...

Why won't Walklex timespan follow time specificati...

How to use MLTK to tune DNS Query Length Outliers ...