Splunk Search

Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
brettcave

ordering of fields in a transaction (mvfind bug?)

I am trying to determine the sequence of pageviews that a visitor visits. I have the following query: eventtype="Ana...
by brettcave Builder in Splunk Search 11-18-2014
0 4
0
4
icyfeverr

The Lovely Transaction Command

When using the transaction command, I am getting unexpected results. Search: sourcetype=abc source="/u/spool/zlogs/a...
by icyfeverr Path Finder in Splunk Search 11-18-2014
0 12
0
12
feickertmd

Convert epoch time from drilldown parameter

I have set up a drilldown to jump from a timechart graph to another dashboard. <link> <![CDATA[ ...
by feickertmd Communicator in Splunk Search 11-18-2014
0 3
0
3
diggin

How to pass the counts from two panels into a third panel to get a percentage of the whole and use a speed meter?

I am wanting to add a panel to a dashboard which shows a percentage of total vulnerable hosts to total hosts in the e...
by diggin New Member in Splunk Search 11-18-2014
0 5
0
5
bcarr12

Manipulating fields within a transaction

What would be the best way to go about manipulating fields within a transaction? For example, let's say I have the f...
by bcarr12 Path Finder in Splunk Search 11-18-2014
0 2
0
2
Notinocrunch

Is it possible to extract the name of the day and month from an event date field in the format dd/mm/yyyy?

Assuming all my eventdate fields are in the following format: dd/mm/yyyy i.e 12/06/2014 Is it possible to work with...
by Notinocrunch New Member in Splunk Search 11-18-2014
0 3
0
3
clayton_bell_ag

How to configure Splunk to extract key value pairs for a particular sourcetype with JSON log data?

How do I tell splunk that a particular source_type should have specific extract command parameters applied so as to c...
by clayton_bell_ag Engager in Splunk Search 11-18-2014
1 1
1
1
guilmxm

how can I query against a time range if i have renamed datetime to _time?

Hi, Thanks you so much for this very great application that opens Splunk to many information system reality! This Ap...
by guilmxm Influencer in Splunk Search 11-18-2014
0 2
0
2
cwl

earliest=0 is not overriding the time range selected in dropdown menu

When I did a search like "index=_internal earliest=0" + "Last 15 minutes" in drop down menu I could not see below mes...
by cwl Contributor in Splunk Search 11-18-2014
0 2
0
2
mohitab

How to search for the first record for each group of data for a field?

Data: I have CSV data indexed containing sensory information. The structure is timestamp, Flight_ID, lon, lat, alt. ...
by mohitab Path Finder in Splunk Search 11-18-2014
0 5
0
5
cruschke_bde

How to search for hosts that are not forwarding data of a specific source or sourcetype?

I am running a lot of Splunkforwarders and use source=system sourcetype=foo for some custom Solaris OS metrics. All t...
by cruschke_bde Explorer in Splunk Search 11-18-2014
1 4
1
4
nishan_perera

How to count each tupple values by day of the week

I got a query like this, %asa deny OR denied | eval dest_port = if(isnum(dest_port),dest_port,00)| eval denyTuppleVa...
by nishan_perera Explorer in Splunk Search 11-17-2014
0 6
0
6
david_rundle_fi

How to automatically extract domain from URL through conf files at search-time?

I have CSV inputs that include a URL field. I would like to extract the top level domain from that URL, and perform...
by david_rundle_fi Explorer in Splunk Search 11-17-2014
1 3
1
3
mcronkrite

DB Connect: Why am I not able to connect to DB2 database and getting error "JDBC driver for database type DB2 is not installed"?

Encountered the following error while trying to save: In handler 'databases': JDBC driver (com.ibm.db2.jcc.DB2Driver...
by mcronkrite Splunk Employee Splunk Employee in Splunk Search 11-17-2014
0 1
0
1
vrmerlin

Why is the limit I set for jschart resultTruncationLimit not being applied?

I have a jschart in advanced XML that is plotting data from a dbquery; I expect it to get several thousand datapoints...
by vrmerlin New Member in Splunk Search 11-17-2014
0 4
0
4
jrodriguezap

How to prevent field names with periods (.) OR hyphens (-) from getting replaced with underscores (_)?

Hi I have the following logs: 10/01/2014 00:00:00 -0500, client_host="172.24.1.41", client_id=db01, report_id=RAS04,...
by jrodriguezap Contributor in Splunk Search 11-17-2014
0 9
0
9
billconnell

Is there a repository for queries folks use?

I am hoping there is a place were sample queries that stored? I'm new to splunk and hope there is a repository of q...
by billconnell Engager in Splunk Search 11-17-2014
2 3
2
3
johntopley

Calculate traffic split based on URI prefix

Hi, The traffic in our application is routed according to a URI prefix, for example: uri_path=/foo/* or uri_path=/ba...
by johntopley Explorer in Splunk Search 11-17-2014
0 16
0
16
Venkat_16

Receiving message "Field extractor name=extract-doublecolon-transform is unusually slow" How to optimize the regex for my field extraction?

We have events in below format.. [2014-11-17 05:00:00,876] [INFO] [EventTimestamp::2014-11-17T05:00:00.876-06:00|Ref...
by Venkat_16 Contributor in Splunk Search 11-17-2014
0 1
0
1
arungeorge09

How do I extract fields from a json object (serialized) and put it back to splunk index?

Sample data: <167>1 2014-11-15T16:45:44.542-07:00 host.name.com neat 11151 gcm [meta@28281 sequenceId="43096" sysUpT...
by arungeorge09 Path Finder in Splunk Search 11-17-2014
0 3
0
3
splunkhelp

Can I provide a default value for a |rex command field extraction?

Good Day! Insight would be much appreciated on the following... The data below may or may not have the occurrence o...
by splunkhelp Explorer in Splunk Search 11-17-2014
0 6
0
6
karthicjayarama

Joining two log files that have two common fields

Hello, It would be very helpful for me if you could find out the solution for the following scenario. SELECT * FROM...
by karthicjayarama New Member in Splunk Search 11-17-2014
0 3
0
3
howyagoin

How to search for successful transactions only if a certain number of failed transactions are returned by client IP?

I'm looking to develop a table/report which shows me IP addresses in a HTTP access log whereby the client first gener...
by howyagoin Contributor in Splunk Search 11-16-2014
0 2
0
2
xvxt006

How to filter my search and only return results if response time is greater than median time?

Hi, I would like to get results only if response time is greater than median time. I have used below query. But for ...
by xvxt006 Contributor in Splunk Search 11-16-2014
1 4
1
4
kj384g

Why is stats more efficient and better supported with MapReduce than transaction?

I was told that stats is more efficent and better supported with MapReduce... is that true and if so why?
by kj384g New Member in Splunk Search 11-16-2014
0 1
0
1
Claim a $25 Cisco Store Gift Card
Help us improve the Splunk Community and complete our survey today!
Top Labels
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...