Splunk Search

Discussions

Thread Info

How to configure props.conf for timestamp recognition and extraction for 2 log files with different timestamp structures?

Hi, I have two different type log files using in Splunk and I do not have any timestamp issue with the first one (...

by Path Finder in

How to calculate the number of requests occurring per host from the search result

I am really new to splunk and can some one please help me I need to calculate number of request hitting our host so b...

by Explorer in

Set operator

I've tried using SET operator to find all the users who satisfy first condition but are not present in second search ...

by Path Finder in

Why eval case with comparison operators doesn't return expected result?

Hi all, I am using the following search string to determine if a specific value in a table falls between 34 and 50 (p...

by Path Finder in

How to group two different events together that share the same source and destination IP address?

I'm having trouble writing a search query that looks for one specific event followed by different specific event with...

by Builder in

How to calculate the average of total column

I've following query... What I'm interested in producing the output as, OS Users Actions Actions_Per_User IO...

by Path Finder in

Help joining datasources/queries across a field and during a timeframe

I have a situation where I need to take a queries result (successful logins of users) and then use each of those even...

by Path Finder in

How to search unfinished transaction events and duration without a unique ID?

Hello all and thank you for any help in advance, I have a log of tunnels like so: Oct 2 15:23:08 localhost cha...

by Engager in

How to use a daily updated lookup table to search for new sourcetypes added in the past 24 hours?

I want to create a search that displays any newly added sourcetypes in the past 24 hrs. I've created a report that ou...

by Engager in

How to write regex in transforms.conf to filter events to null queue?

Hi everyone, I am having difficulty filtering events via my props/transform.conf files. Below are my key stanza's ...

by Explorer in

How to use Splunk to detect ShellShock exploit attempts?

Let me start by saying I am brand new to Splunk, and not a programmer by profession, but I am surprised that this que...

by Engager in

Number field extraction from the log and need to find difference of the next number

Hi , I have below format logs which gets generated every 15 minutes in the below pattern and i need to find out th...

by Explorer in

Grouping the request and response as a transaction

We have a log which can be grouped as a transaction. The transaction will have the following events: 2014/08/07 10:1...

by Path Finder in

Removing charts from scheduled PDF reports?

Is it possible to remove charts from a scheduled PDF report? I would like to see a report that only shows me my table...

by Explorer in

Passing a count to a token used for a label in Single

Hi I have a single which shows the total assets after a search. I then want to add a token so that i can use th...

by Path Finder in

How to make the value to be column

Hi All, I remember that Splunk has a command to make the value to column but I forgot it. Anyone remember? Here...

by Path Finder in

Regex to match email id anywhere in raw log

I do index an unstructured log file , where i want to extract email_id in that. Since, email ids are present in diffe...

by Motivator in

How to Summarize a count by Day over the last 30 days

Hi All, I am looking for duplicate invoices, and have created a search which gives me the total list. However, I w...

by Builder in

Is debug enabled for my searches, and can this affect my search performance?

Hi, I was looking at the job inspector on one of my SH's and noticed that debug is enabled within the job inspecto...

by Champion in

how to display "Blank Character" in multivalue field

hello everyone, i have a question about "Blank Character" display in multivalue field i use a "rex" to extract man...

by New Member in

DNS Query doesnt look right

Hi All, Not sure im in the right place for this, but i'm hoping someone understands. I've configured splunk to...

by Path Finder in

How to write a stats search on syslog data to get a report of all country names that are blocked?

I'm very new to splunk, and just started using it. Please forgive my ignorance. I'm dumping my syslog from a soni...

by Engager in

How to use comparison operators in a search to match field value condition?

Hello Everyone, i want to check one condition in splunk and if that condition match and then i need to get those e...

by Contributor in

How to remove commas from a field before indexing?

I have data that looks like this: [2014-09-03T00:58:59.977-04:00] [octetstring] [NOTIFICATION] [OVD-20039] [com.o...

by Explorer in

How to write a search for a multikv timechart?

I have a chart command i've been gathering all the netstat values for a single hour index=os host=ship* starttim...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to configure props.conf for timestamp recognition and extraction for 2 log files with different timestamp structures?

How to calculate the number of requests occurring per host from the search result

Set operator

Why eval case with comparison operators doesn't return expected result?

How to group two different events together that share the same source and destination IP address?

How to calculate the average of total column

Help joining datasources/queries across a field and during a timeframe

How to search unfinished transaction events and duration without a unique ID?

How to use a daily updated lookup table to search for new sourcetypes added in the past 24 hours?

How to write regex in transforms.conf to filter events to null queue?

How to use Splunk to detect ShellShock exploit attempts?

Number field extraction from the log and need to find difference of the next number

Grouping the request and response as a transaction

Removing charts from scheduled PDF reports?

Passing a count to a token used for a label in Single

How to make the value to be column

Regex to match email id anywhere in raw log

How to Summarize a count by Day over the last 30 days

Is debug enabled for my searches, and can this affect my search performance?

how to display "Blank Character" in multivalue field

DNS Query doesnt look right

How to write a stats search on syslog data to get a report of all country names that are blocked?

How to use comparison operators in a search to match field value condition?

How to remove commas from a field before indexing?

How to write a search for a multikv timechart?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions