Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
akhan8928

How to schedule a search every 15 minutes to compare results of the same day/time from the last 3 weeks and measure standard deviation?

Hey all, We are recording very order we receive as an event. What I'd like to do is get a count every 15 minutes rea...
by akhan8928 New Member in Splunk Search 10-24-2014
0 2
0
2
Mahieu

Stdev has a weird behaviour

Hi everyone, I'm seeing strange results using stdev. I'm using the following command : sourcetype=whatever | stats ...
by Mahieu Communicator in Splunk Search 10-24-2014
2 3
2
3
PabloBonilha

How to consolidate the percentage of errors per day in a timechart?

Hello everyone, I'm trying to consolidate the percentage of errors per day using the query below, but this is not ha...
by PabloBonilha Explorer in Splunk Search 10-24-2014
1 4
1
4
andrey2007

How to join field name and field value?

I have an index with start and finish time of user`s workday 27.08.2014 user="userA" weekday="monday" worktime="10....
by andrey2007 Contributor in Splunk Search 10-24-2014
1 6
1
6
abhayneilam

Correlating two indexes data

Hi, I have a correlation ID in one index ( index="AAA" | rex "XXXXXX\]\[(?.*?)\]" ) which I want to match wit...
by abhayneilam Contributor in Splunk Search 10-24-2014
0 4
0
4
conor_splunk

Search-time field extraction with multiple values

I am trying to extract a field from a Windows event which can contain multiple values. At the search line I can do th...
by conor_splunk Path Finder in Splunk Search 10-24-2014
1 1
1
1
daniel_hanft

How many Splunk processes are normal on a Linux indexer?

Hi Splunk Community, how many splunk processes are normal on a Linux Indexer? I've observed sometimes there are up t...
by daniel_hanft Explorer in Splunk Search 10-23-2014
1 5
1
5
alucas_1stop

Finding standing out IPs of requestors to a particular host over a timespan in an access log

I spent about 5 minutes trying to figure out how to even title this question. Its much easier explained by this exam...
by alucas_1stop New Member in Splunk Search 10-23-2014
0 14
0
14
tlow

How to write regex to extract my field?

Hi, i'm try using the interactive field extractor tools create a field for this "Exception Message"="Thread was bein...
by tlow Explorer in Splunk Search 10-23-2014
0 5
0
5
victorstarosten

What is the most efficient way to search for unique hosts by a specific index?

I need to find unique hosts consumed by a specific index. I use the following search string: index=my_index |stats ...
by victorstarosten Engager in Splunk Search 10-23-2014
0 4
0
4
armonsal

How to find difference between a current event and previous event and display the changes?

Hello everyone, I have events with this format 10/23/2014 04:00:02 -0300, search_name=CDR_INSTITUCIONES_APP, search...
by armonsal Explorer in Splunk Search 10-23-2014
0 3
0
3
a212830

How would I chart count of field values over time?

Hi, I have a very ugly data feed, and the customer thinks that they are getting duplicate events, because the event ...
by a212830 Champion in Splunk Search 10-23-2014
0 3
0
3
vtsguerrero

Help with regex for a highly confusing field extraction

Hello guys! I know Splunk has a REGEX helper, but in this case, I have an amount of data wich is almost binary, take ...
by vtsguerrero Contributor in Splunk Search 10-23-2014
1 14
1
14
shangshin

Suppress alert email due to splunk internal error

Hi, Is it possible to suppress alert email from the saved searches due to splunk internal error. For example, I rece...
by shangshin Builder in Splunk Search 10-23-2014
0 15
0
15
bohrasaurabh

Why regex and configuration in props.conf and transforms.conf are not working for search-time field extractions?

I have the below lines in of of the logs and I want to perform Search time field extraction on the sourcetype 14133...
by bohrasaurabh Communicator in Splunk Search 10-23-2014
0 6
0
6
kkossery

Extract multiple lines from search output

Experts, I have a Event Log output using the search string sourcetype="WinEventLog:Security" "eventcode=4767" OR "e...
by kkossery Communicator in Splunk Search 10-23-2014
0 7
0
7
DanielFordWA

How to allow users dashboard access, but no Search & Reporting App access in Splunk 6.1.4?

I have created an app that contains some simple XML dashboards. I am trying to achieve the following. User logs ont...
by DanielFordWA Contributor in Splunk Search 10-23-2014
1 2
1
2
srinathd

get epoch time from string time example from 20090930 to epoch time?

get epoch time from string time example from 20090930 to epoch time?
by srinathd Contributor in Splunk Search 10-23-2014
0 1
0
1
shariinPH

How to change the range of colors for D3 Chart?

Hi Splunkers! Anyone here who knows how to change the range of colors for D3 Chart? Hope someone can help us with t...
by shariinPH Contributor in Splunk Search 10-23-2014
1 1
1
1
mikaelbje

Why is the drilldown in my search using three lookup tables not returning results?

I'm working on a dashboard that shows VPN logins and Citrix XenApp applications with inputs to select a specific busi...
by mikaelbje Motivator in Splunk Search 10-23-2014
0 3
0
3
chandravadanj

How to calculate the difference between two timestamps from the same event?

I need suggestion to write a search query to calculate a difference between the timestamps for the same event. Follow...
by chandravadanj Explorer in Splunk Search 10-22-2014
1 6
1
6
subtrakt

If summary searches run every 5 minutes, can a non-summary search be merged with the summary to fill-in the most recent 5 minutes?

Summary searches occur every 5 mins but for those who need more immediate results can a non-summary search be merged ...
by subtrakt Contributor in Splunk Search 10-22-2014
0 1
0
1
rdunn

Using the results of one search to perform another (dynamic search results)?

I'm relatively new to Splunk, so I'm pretty sure I'm going about this the wrong way but I have to think it's possible...
by rdunn Engager in Splunk Search 10-22-2014
4 3
4
3
shikhanshu

Plotting Date vs Time in Splunk

My event has fields like this: _time = <timestamp> target_date1 = "1/1/2015" target_date2 = "2/3/2015" target_date3 ...
by shikhanshu Path Finder in Splunk Search 10-22-2014
0 7
0
7
gozulin

How to rename an index in Splunk 6?

How do I do this? The index I'm renaming is brand new so there are no reports/searches or anything relying on it yet ...
by gozulin Communicator in Splunk Search 10-22-2014
4 2
4
2
Top Labels
Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...