Splunk Search

Ask a Question

Discussions

Thread Info

rex n replace or rex and optional find

cs_username field contains multiple formats of username in the form of: username domain\usernam username@domain.com ...

by Communicator in

Calculate Average for multiple fields

My logs currently capture transaction summaries. The transaction summaries can have 0 to n number of integration. ...

by Explorer in

How to mask both index and search time data and how to verify if it is masked?

How to mask index and search time data? How to verify if it is masked?

by Explorer in

Is it possible to tell Splunk to group events based on a column?

This is an extension of the question http://answers.splunk.com/answers/171571/using-splunk-to-create-and-view-table-m...

by Communicator in

Combine searches through field

I have a query that pulls up IPs' but with no hostname. I have a separate query that can correlate each IP to a host ...

by Path Finder in

How to search for the most popular purchased item X AND which other item was purchased most often with item X?

I would like to search for common product-packages. So I want to look for one item (AAA) and find out which other ite...

by Explorer in

WIndows Software Installation: Extract from Message Field

Hello, everone. I am new to regular and perl expressions and attempting to extract the Product Name, Product Version ...

by Communicator in

Does the time range picker apply the same range to both a primary search and subsearch? If yes, can I override the subsearch time range?

I want to know about the scope of time range chosen by time range picker/ In my case, I have two sourcetypes and all ...

by Explorer in

Compare two fields and select value from 3rd filed if the comparison match

I am very new to splunk and need your help in resolving below issue. I have two CSV files uploaded in splunk insta...

by New Member in

Multivalue field combining and dynamic field creation from extraction of values

Starting with the data in an event: Lines in Single Event: PosTransactionProperties[1].PosTransactionPropertyCo...

by Path Finder in

Sum latest entries from multiple sources & timechart as a single line

Hello, I have multiple remote performance monitors sources, namely WMI:FOO1, WMI:FOO2 etc. up to and including WMI...

by New Member in

How to extract one field combining different substrings of another field

I have a pattern in my raw field " ..... SPLIT: 11111:22222 ........." which says master id was split to id1:id2. But...

by Engager in

Incorrect results when using PERC with TSTATS?

Has anyone had any luck using PERC with TSTATS on a tsidx file created from data model? here is my tstats search ...

by Builder in

How to edit and optimize my search to calculate the average and format top ten results?

I have a working search that calculates total hits, avg(per_hour), avg(per_minute), top10 IPs with count and value. N...

by Path Finder in

Is there a way to debug a search to see the process it is taking to produce its results?

In a previous question I asked last night. I found weird unexpected results on my search. This begs the question - is...

by Path Finder in

SA-Eventgen: detect timestamp in replay- vs. sample-mode

when i take my eventgen conf in sample-mode the timestamp is replaced with the actual time in the defined format. whe...

by Path Finder in

How to modify delta search to convert negative values in results to positive values?

Hi , I need to make a graph for the delta_f where i am finding the difference of current value and next value . By...

by Explorer in

Is it possible to have two search results from two different sources on one PDF report?

I want my search result from a source and another search result from a different source to appear on one single PDF r...

by Communicator in

How to extract a field with rex and compare it against a lookup to find unmatched events?

Hi , index =casm_prod source =/opt/siteminder/log/smtracedefault.log sourcetype=smtrace supportcentral | rex "(\...

by Explorer in

Is it possible to query a temp table using Splunk DB Connect?

Hi, I am trying to use Splunk to monitor my process by using the db connect. My problem is I am using the followi...

by Path Finder in

db connect - input joining 3 tables

Hi I have an issue trying to create an input with db connect that throws this error 2013-06-12 11:29:23.417 dbx...

by Builder in

How do you merge multi-threaded (non-consecutive) log entries into events?

I have a multi-threaded application in Glassfish. A single event generates multiple lines of logging but multiple eve...

by New Member in

Error when using eval in a range

Hi, i have the following search query: index=project_omega host=PersistUBS | transaction startswith="Targeting fil...

by Builder in

How to write a search to find or track the host of a DHCP IP at a specific time?

I am trying to build a query so that anytime someone needs to find the host of a DHCP IP at a specific time (since th...

by Path Finder in

How do you re-arrange columns from a "stats count" function?

My existing query produces a table that has the following columns in this order: Source IPCountDestination IPDesti...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

rex n replace or rex and optional find

Calculate Average for multiple fields

How to mask both index and search time data and how to verify if it is masked?

Is it possible to tell Splunk to group events based on a column?

Combine searches through field

How to search for the most popular purchased item X AND which other item was purchased most often with item X?

WIndows Software Installation: Extract from Message Field

Does the time range picker apply the same range to both a primary search and subsearch? If yes, can I override the subsearch time range?

Compare two fields and select value from 3rd filed if the comparison match

Multivalue field combining and dynamic field creation from extraction of values

Sum latest entries from multiple sources & timechart as a single line

How to extract one field combining different substrings of another field

Incorrect results when using PERC with TSTATS?

How to edit and optimize my search to calculate the average and format top ten results?

Is there a way to debug a search to see the process it is taking to produce its results?

SA-Eventgen: detect timestamp in replay- vs. sample-mode

How to modify delta search to convert negative values in results to positive values?

Is it possible to have two search results from two different sources on one PDF report?

How to extract a field with rex and compare it against a lookup to find unmatched events?

Is it possible to query a temp table using Splunk DB Connect?

db connect - input joining 3 tables

How do you merge multi-threaded (non-consecutive) log entries into events?

Error when using eval in a range

How to write a search to find or track the host of a DHCP IP at a specific time?

How do you re-arrange columns from a "stats count" function?

Can’t make it to .conf25? Join us online!

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!