Splunk Search

Discussions

Thread Info

How to graph timechart of top 5 processes for the metric selected by the user?

Hi All. If the user selects %_Processor_Time,then I need to show the graph for avg(%_Processor_Time) for top 5 proces...

by Explorer in

How to strip leading zeros from a field and join with another set of events to create a new field?

I have a set of events on an input stream which I need to query and want to carry out a join with another data set wh...

by Path Finder in

Running a query from your machine to another machine.

Hi, Can we tell Splunk to run a query on another machine and return back with an answer. I am working in shared envir...

by Explorer in

How to remove duplicate values of a field inside of a row/column?

Hi I have a table like this (there are other fields between first and last field): Var1-------...-------Varn ...

by Explorer in

How to increase the maximum real-time concurrent searches limit?

Hi, I've been using Splunk 6.1.2 trial for a week now, it has been installed on Debian and is running fine, but......

by Path Finder in

How to count number of occurrences made of a "set diff" command, using a different time range

Hi, I am challenging myself to solve a problem which came up last week. The idea is to first make a set diff b...

by Communicator in

How to use eval or other method in calculated fields to extract values into a new field?

Hi, I am thinking of using the Calculated Fields option to extract one field. I have following values in a field n...

by Explorer in

How to set up an alert if a user makes a change to a group?

I am fairly new to splunk but I am trying to create a search that would send out an alert whenever a member of a cert...

by Path Finder in

How to write a search to merge logs with transaction where OR if?

Hi there A query, you can do something like a "transaction where" For example, all of the following logs, merged wi...

by Contributor in

How to write a search that sorts by field with a date format in its values?

Hello Splunkers, I have a search that's coming up nicely but I need to refine the search further by sorting by a fiel...

by Contributor in

How to find the average of columns in a timechart?

I am trying to to the average of columns in a timechart as a grand average. Below is my query, any help on this will ...

by New Member in

How to create transition report for a field from a 5 minute sampled input over long periods of time?

I have a script that I wrote which goes out and samples data from a few thousand servers every 5 minutes and returns ...

by Contributor in

How to extract fields without regex?

I'm trying to extract fields from a message containing the following string.. 'database'=running 'management'=runn...

by New Member in

'AND' operator in Regular Expressions

I am trying to only select the data that has Directory Administrators OR Master Web Resource Admins AND I want that d...

by Contributor in

How to search and table count for multiple fields?

Can anyone help me making this table? I have the field Status, wich has events Status=1, Status=2, Status=3. I need t...

by Contributor in

Report only if exists in external lookup

I have a very basic lookup defined. Given a UserID in my indexed data, I lookup the name from an external csv file th...

by Communicator in

How to use two lookups in a search but exclude values from one of them?

hello splunkers, I need to exclude in my search, IP values in the second lookup file | inputlookup file1_lookup.csv |...

by Explorer in

Search using multiple earliest latest

Can someone tell me why this search returns data: index=cnr-dhcp ( ( earliest="1377036255" latest="1377082255" lea...

by Communicator in

How to convert a crosstable into a list format to use as a lookup file?

Hi, I would like to convert a crosstable into a list. Date | A | B 01.01.2014| 5 | 2 02.01.2014| 5 | 2 03...

by Motivator in

How to write a search to append multiple lookups?

Hi All, I am trying to write a search that appends multiple lookups. I have 4 lookups in a .CSV format that table ...

by Builder in

How to write regex for path in inputs.conf?

I need to configure inputs.conf for forwarding a file like below, G:\BlackBerry Enterprise Server\Logs\20140827\MC...

by Communicator in

How to search users who are logged in from 2 or more IP addresses within a span of 10 minutes?

I am looking to parse apache logs to locate all users who are logged in from two or more IP addresses within a 10 min...

by New Member in

Can I rename the Week value from strftime(_time," %W")?

Hi, I am charting counts by Week. I would like to have Wk-1 or something like that instead of a number like 34 whi...

by Contributor in

Why Sample Events returned from Interactive Field Extractor do not match my original events?

Hopefully I can explain this one effectively. I have a search that brings back 3 records. I then select the drop-...

by Path Finder in

How to search count by unique ID?

I have this string, which extracts and counts permit user per class index="mysite" sourcetype="Access" AND Pe...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to graph timechart of top 5 processes for the metric selected by the user?

How to strip leading zeros from a field and join with another set of events to create a new field?

Running a query from your machine to another machine.

How to remove duplicate values of a field inside of a row/column?

How to increase the maximum real-time concurrent searches limit?

How to count number of occurrences made of a "set diff" command, using a different time range

How to use eval or other method in calculated fields to extract values into a new field?

How to set up an alert if a user makes a change to a group?

How to write a search to merge logs with transaction where OR if?

How to write a search that sorts by field with a date format in its values?

How to find the average of columns in a timechart?

How to create transition report for a field from a 5 minute sampled input over long periods of time?

How to extract fields without regex?

'AND' operator in Regular Expressions

How to search and table count for multiple fields?

Report only if exists in external lookup

How to use two lookups in a search but exclude values from one of them?

Search using multiple earliest latest

How to convert a crosstable into a list format to use as a lookup file?

How to write a search to append multiple lookups?

How to write regex for path in inputs.conf?

How to search users who are logged in from 2 or more IP addresses within a span of 10 minutes?

Can I rename the Week value from strftime(_time," %W")?

Why Sample Events returned from Interactive Field Extractor do not match my original events?

How to search count by unique ID?

Advanced Splunk Data Management Strategies

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...