Splunk Search

Discussions

Thread Info

How to calculate the average number of events with errors by field name?

I am trying to calculate the average number of errors by calculating events(with error)/total events. Here is my que...

by Explorer in

How to configure regex for transforms.conf and props.conf to send specified IIS data to nullQueue?

Trying to dump off what seems like a simple thing to do from raw iis logs. just want to not allow this to index: cs_u...

by Path Finder in

How to write regex to extract and index a field enclosed in quotations after a known string?

I have a set of logs which wasn't automatically parsed when indexed into Splunk. I would like to extract a field ...

by Path Finder in

LDAP Group Configuration: Can I increase the search request time limit higher than default UI timeout of 30 seconds?

Hi Experts, I am configuring a dynamic ldap group with splunk .Group employee has more than 50,000 users. when I a...

by Builder in

How to extract a field from a single line text file and chart or graph the results?

Hi I manage to load my directory into splunk. Its a directory of multiple single line .txt file. Splunk is able to...

by New Member in

Appending search results with subsearch fields

Hi, folks, I'm building an alert to detect anomalous logons, intending to use the following (simplified) logic, ...

by Explorer in

Finding transactions that have specific order of events

Hi all Splunkers! So transactions. I have 3 eventtypes, lets call them et-A, et-B and et-C and I want to find all ...

by Explorer in

Calculate a value based on multiple events

My events have the following structure: id=[id] key=[key] value=[value] For example: id=1 key=mycounter value=4 id...

by Explorer in

Search history file?

In users' /search/history folder there is a file named .csv (I guess that could be , as they are the same here) In...

by Communicator in

Dedup lost data, a bug?

For below search : eventtype=MYTYPE [search eventtype=MYTYPE | sort 0 _time desc | dedup fieldX | return 1000 sou...

by New Member in

extract fields from a sentence

Hi, I had the following sentence and wish to extract fields as follows: event Row: 1234, tp1, 314242, 1, 2014-09-2...

by Path Finder in

charting.chart.nullvaluemode = gaps not working for Stacked Area charts

Hi I have a timechart which plots a stacked area chart of multiple series. I want to omit the null values. I tried...

by Communicator in

Splunk diag error messages, No directory sepatator found

While running splunk diag on an indexer, i received the following error messages. Any idea's as to what they mean or ...

by Communicator in

How to create a new date field with a value that is 90 days after the value in another date field?

Hi , Similarly , source="dbmo-tail://idware/id_account" application=TFD [|inputlookup execSSO.csv |rename sso a...

by Explorer in

Why am I getting "Incoming data was invalid...Keys missing: {(name, transactionId)}" after updating from BugSense to Splunk?

Hi Guys, I updated from BugSense to Splunk and I saw this in my log [SPLJSONModel.m:256] Incoming data was invalid...

by Engager in

How do I get row number grouped by column?

I can add an absolute row number to my search results with streamstats count as row However, I would like th...

by Explorer in

Custom event renderers in Splunk 6

Can anyone confirm that custom event renderers still work as documented in Splunk 6? I've tried going through the CSS...

by Explorer in

How to chart eventless days without losing drilldown after a _time field format?

Hi there fellas, I'm having troubles trying to chart eventless days when they are the first events to plot in a c...

by Motivator in

How to create a table with fields from a combination of two sources, but only when the field appears in both.

Hello gurus! Would you please help with this problem? I have one index (main) and two sources (hostInfo and smRela...

by New Member in

Epoch Time to Conventional Time

Hello, I am having trouble converting to Hour:Minute:Second format from epoch time First i have made a subtraction...

by Champion in

How to change the scale of the distinct count of a field on a timechart?

I have the following line: timechart span=1d sum(TypeAErrors) , sum(TypeBErrors), dc(racf) as "Unique Ids" but...

by Contributor in

Search pooling and alerting

Hi- I am setting up search pooling on splunk 5.0.7 and testing alerts. I have two search heads in the pool behi...

by Explorer in

How to extract and create fields from event logs and table the results?

I'm running a search at the moment that lists users connecting to a vpn during out of work hours and I'm getting the ...

by Path Finder in

Why full dump of a table from Oracle DB fails when the table structure changes?

Hi Team, I was trying out this exercise, which would come handy when we hook on splunk to our production DB's. -> ...

by New Member in

How long does the ad hoc search run ?

Hi Splunkers, Priviously our search head were down with 100% CPU and memory used. That was caused by background se...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to calculate the average number of events with errors by field name?

How to configure regex for transforms.conf and props.conf to send specified IIS data to nullQueue?

How to write regex to extract and index a field enclosed in quotations after a known string?

LDAP Group Configuration: Can I increase the search request time limit higher than default UI timeout of 30 seconds?

How to extract a field from a single line text file and chart or graph the results?

Appending search results with subsearch fields

Finding transactions that have specific order of events

Calculate a value based on multiple events

Search history file?

Dedup lost data, a bug?

extract fields from a sentence

charting.chart.nullvaluemode = gaps not working for Stacked Area charts

Splunk diag error messages, No directory sepatator found

How to create a new date field with a value that is 90 days after the value in another date field?

Why am I getting "Incoming data was invalid...Keys missing: {(name, transactionId)}" after updating from BugSense to Splunk?

How do I get row number grouped by column?

Custom event renderers in Splunk 6

How to chart eventless days without losing drilldown after a _time field format?

How to create a table with fields from a combination of two sources, but only when the field appears in both.

Epoch Time to Conventional Time

How to change the scale of the distinct count of a field on a timechart?

Search pooling and alerting

How to extract and create fields from event logs and table the results?

Why full dump of a table from Oracle DB fails when the table structure changes?

How long does the ad hoc search run ?

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Stay Connected: Your Guide to October Tech Talks, Office Hours, and Webinars!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions