Splunk Search

Discussions

Thread Info

filter windows application event by Source

I am using windows TA app to get events from windows event log. The windows events are coming inside Indexer. But ...

by Explorer in

How to reassemble bidirectional flows with transaction

I need to assemble transactions where, depending on the direction of the traffic, the "source" might actually be the ...

by New Member in

how to get the total sum based on specific field

I have a query which runs over a month period which lists all users connected via VPN and the duration of each connec...

by Explorer in

Combination of stat and lookup?

Hi! I would like have some advice with the search command. If I have 3 records like below and each record conta...

by Communicator in

How to use the chart command optional argument "format"

hi, i'm looking at the documentation (http://docs.splunk.com/Documentation/Splunk/6.1.1/SearchReference/Chart) and I'...

by Communicator in

Stop search after events matched

Hi! I would like to ask question related to following thread. http://answers.splunk.com/answers/8107/return-onl...

by Communicator in

Count of hosts

I have a search: index="proxy" ([|inputlookup proxy.csv|rename site as query | fields query] ) NOT www.google.com | s...

by Path Finder in

REX / REGEX question

Hi all, I am new to splunk. I am trying to extract a field from a line in a record where the field will always begin ...

by Engager in

Percentage in range - numeric search?

I have a field extraction that comes back with the literal values of 'X%'. Note that the % is part of the value retur...

by Path Finder in

replace with a where clause on a null field

I seem to be having a syntactical error that I can't resolve in splunk 6.1 when I have about 3 fields that may have u...

by Contributor in

use Rex to extract second IP address from message text

I am trying to extract the IP address from the field below, I can extract the first but am not sure how to extract th...

by Explorer in

host regex does not seem to work

Hello all, I am new to Splunk and I am currently evaluating 6.1. We collect logs from a bunch of devices (routers...

by Explorer in

Clarification on the search in Form

Hi, A form was created using simple XML containing two components as two text boxes named as Filename and Status.When...

by Path Finder in

How to filter data quickly

Hi! I would like to get advice for search command. I have a search that looks like below. index=A | MySearch...

by Communicator in

Lexicographic comparison of version strings?

I have version strings in my log output, and I'd like to filter on these, like | where version < 2.3.5 But Spl...

by Engager in

Timechart avg values looking odd.

I see values like this when I do |table _time Value . 2014-05-26 16:30:28 48.438430017856341 2014-05-26 16:30:...

by Motivator in

Calculating Kill / Death ratio in a game

I'd like to calculate K/D ratio for the game Insurgency. I have two searches that can calculate #kills and number ...

by Splunk Employee in

Return values from map command?

So I have a function which takes a certain amount of time (timer_value) and I'm trying to create an alert that trigge...

by New Member in

Sort fields by date

Hello There , Basically I have some dates in this format : 01/13 700 02/13 600 ... 01/14 500 I use these f...

by New Member in

Grouping the data row based

HI All, I need to group the data row based my table looks like this. Table: DBName Region Dag count DB1 U...

by Contributor in

Database lookup not returning all matches

I have created a database lookup and have changed the maximum matches in the lookup defintion to 100, but only 1 matc...

by Builder in

XPATH functions

Hi there, Can we use the XPATH functions like fn:distinct-values(//NodeName) in Splunk XPATH command. I tried it b...

by Path Finder in

How to extract event raw size just like linecount

I frequently use the length of the raw data - more often than readily extracted fields punctuation and linecount I...

by Path Finder in

Transaction function not working with dbquery

Hi All, I tried using the transaction function on the output of a DB Connect |dbquery and it keeps showing no resu...

by Explorer in

Eval search help... can't seem to get it right.

Hello, I am somewhat new to splunk but I am having issues creating a table for a search I am doing and I need assi...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

filter windows application event by Source

How to reassemble bidirectional flows with transaction

how to get the total sum based on specific field

Combination of stat and lookup?

How to use the chart command optional argument "format"

Stop search after events matched

Count of hosts

REX / REGEX question

Percentage in range - numeric search?

replace with a where clause on a null field

use Rex to extract second IP address from message text

host regex does not seem to work

Clarification on the search in Form

How to filter data quickly

Lexicographic comparison of version strings?

Timechart avg values looking odd.

Calculating Kill / Death ratio in a game

Return values from map command?

Sort fields by date

Grouping the data row based

Database lookup not returning all matches

XPATH functions

How to extract event raw size just like linecount

Transaction function not working with dbquery

Eval search help... can't seem to get it right.

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6