Splunk Search

Ask a Question

Discussions

Thread Info

Splunk query filtering on lookup table csv

Hello, I have a query which shows me whether malicious sites have been accessed per client ip: "Potentially Unw...

by New Member in

How to edit my search to graph a daily Weighted Average over time?

Hi, I'm trying to graph a daily weighted average of priority over time. Data looks like: id=123,priority=80,time=...

by Path Finder in

How do I show stats where count is greater than 10, but without showing count field?

I have an example query where I show the elapsed time for all log lines where detail equals one of three things, and ...

by Explorer in

Why other apps are calling a lookup that is not globally shared and causing errors?

I see a lot of questions asked here similar to this, and the answer is generally to make the lookup globally shared. ...

by Builder in

Eval function on a column that has spaces

Table blah, “has a space” |eval tonumber(“has a space”)/2 Do you know a way to do the above that works? In the abo...

by Explorer in

If I have one field with 3 distinct values, how to sum 2 of the values as a unique value and the 3rd value on its own?

Hi guys, I have the following situation. One field that can have three distinct values and I need sum two value...

by Engager in

Chart only showing 1000 events

Hi, I'm trying to create a chart of results over time, however the chart only charts the first 1000 results. I'm usin...

by Path Finder in

how to duplicate value in one row to multiple rows.

Hello I am trying to duplicate the values of status and user for all rows below so that I can use them in my searc...

by Motivator in

Is the maxout limitation of a subsearch defined as the number of events that can be used or number of rows in the result table of my subsearch?

Hi, is the maxout limitation of a subsearch defined as the number of events that can be used or the number of rows...

by Motivator in

How to get 3 different outputs in a single column

Hi, I want 3 different outputs in a single column. I will explain what exactly I want to do I have activated...

by Communicator in

Why am I getting different results between these 2 searches?

Hi, I'm using a search like this for a timerange of one single day: sourcetype=A | lookup lookup.csv id OUTPUT tim...

by Motivator in

How to find the difference between two dates/times and add a new column to a table to show the difference?

i have a query as below... search 1|join type=left [search2] the query returns the following fields... place...

by Communicator in

DB Connect tail question

Hello This is my DB tail config which I am trying to get the data from. But I get few errors in the dbx log. I gue...

by Motivator in

field combination does not work properly

Hi, I have the following search on splunk indexer. Although field "a" and "b" return results, field "steps" does not ...

by New Member in

"OR" and subsearch, which one is more efficient?

I have a large set of logs and two sets of mutually exclusive criteria, one signifies beginning and progression of an...

by SplunkTrust in

Is there a query I can use to get the amount of bandwidth used by my forwarders?

by Path Finder in

Finding mismatched events

We have distinct events for each phase of an incoming API call, 2012-09-07 01:12:59.691 category=api_request api_t...

by New Member in

HiddenPostProcess - TimeChart - No Result Found

If I combine my Base Search + secondary search I see the result but with following code - my TimeChart has no results...

by Path Finder in

how to draw a simple graph of response times against _time

I need to draw a simple graph of all the response times for a particular service in my application. I am using the be...

by Path Finder in

how to create Geo Map in Splunk

Hi, I am using Splunk 6.0 with Windows OS. I want to create Geo Map with the help of Splunk with free edition. Cur...

by Engager in

How to search for events before a given time if the event time is dynamically generated?

I have a search that finds bad events and I want to use the results to look back in time (a day for example) and see ...

by Explorer in

Question regarding grouping of results into a table

So I have events which have the following fields that I would like to sort by: app, dst_ip, bytes Preferably I ...

by Path Finder in

How to edit my inputs.conf monitor stanza regex for a range of IP addresses?

I think I'm missing a clue here. I have logs being dumped in /var/log/splunk - most devices are appliances, not in DN...

by Explorer in

How to parse wtmp file

I am ingesting the non-binary wtmp file in Splunk and was able to two generic fields: 1) priority = auth. (4 unique),...

by Influencer in

Why is performance worse in Splunk 6.2.1 and the results are different between dashboard chart count and actual search query count?

Hi Splunkers, I am using Splunk 6.2.1 and I found a very disappointing match between chart count and actual search...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk query filtering on lookup table csv

How to edit my search to graph a daily Weighted Average over time?

How do I show stats where count is greater than 10, but without showing count field?

Why other apps are calling a lookup that is not globally shared and causing errors?

Eval function on a column that has spaces

If I have one field with 3 distinct values, how to sum 2 of the values as a unique value and the 3rd value on its own?

Chart only showing 1000 events

how to duplicate value in one row to multiple rows.

Is the maxout limitation of a subsearch defined as the number of events that can be used or number of rows in the result table of my subsearch?

How to get 3 different outputs in a single column

Why am I getting different results between these 2 searches?

How to find the difference between two dates/times and add a new column to a table to show the difference?

DB Connect tail question

field combination does not work properly

"OR" and subsearch, which one is more efficient?

Is there a query I can use to get the amount of bandwidth used by my forwarders?

Finding mismatched events

HiddenPostProcess - TimeChart - No Result Found

how to draw a simple graph of response times against _time

how to create Geo Map in Splunk

How to search for events before a given time if the event time is dynamically generated?

Question regarding grouping of results into a table

How to edit my inputs.conf monitor stanza regex for a range of IP addresses?

How to parse wtmp file

Why is performance worse in Splunk 6.2.1 and the results are different between dashboard chart count and actual search query count?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions