Splunk Search

Discussions

Thread Info

input.conf concat host to host_regex value

Hi trying to work out if I can prefix the value returned by host_regex with the actual server name as some of the log...

by New Member in

Use lookup to retrieve query value

Good evening. I have a query that currently does what I need it to do, searching on a particular value, "foo". Thi...

by Path Finder in

Make chart value ranges and show the number of hits in that range

I have a database with two values (time and fees). It shows the fees that someone pays and the time in seconds each t...

by Engager in

Passing checkbox values to timechart

Hi i am using checkboxes module with sideview. I have to pass the values that i select in checkbox drand display grap...

by Explorer in

Search app specific to index in 6.x

Hi, I need abc search app created which is specific to index=abc I don't want to do this as user/role based. Want ...

by Explorer in

splunk6 iplocation and geostats

Hi, Is internet access required for using Splunk6 iplocation and geostats commands?

by Champion in

Subsearch only returns 1 value

The search below produces multiple values for c_ip index=proxy* | fields c_ip s_op d_ip r_host d_port cs_bytes cs...

by Explorer in

plotting date versus time chart

Hi , I have a requirement to present a report to show three jobs and what time they start every day. Eg: ...

by New Member in

create lagtime panel with average time between two string value datetime fields

I have two datetime fields that I would like to use to calculate average lagtime as each message coming contains thes...

by Path Finder in

trend data from saved search

I have a saved search that looks at the previous 24 hours of data and pulls back a simple table with 4 values. Simila...

by New Member in

splunk query for chart overlay

Is there any splunk query to combine to types of chart into 1? example timechart count by owner timechart count by...

by Engager in

Charting the 2 fields on the same chart.

I have a log of login timestamps. I would like to display the total count and total unique value count on the same ba...

by Path Finder in

Regex with multiple fields duplicated. Yet data can be different?

I have an issue with data titles that would appear to be repeated, yet in the case below, The passwordexpiry_date: fi...

by Communicator in

Combining stats search results

I run a search on a field that has multiple values. For example the field quest_name has the following values ques...

by Explorer in

sum fields with same name on transaction

Hi community, I've some kind of webserver log. i want to get the traffic per transaction.. so far I'm getting the ...

by Builder in

how to plot some count on gmaps instead of plotting count of events for given geo

Hi , I have a 23 faults in XXXX city with X as latitude and Y as longitude, Now I want to plot fault count (23) on...

by Path Finder in

Calrification on transaction command

Hi, There is a requirement to group the events that startswith"String1" and endswith "String2" as a transaction OR...

by Path Finder in

Regex question extracting user from webserver log

For this sample data: 172.21.174.78 - "/dc=com/dc=caiso/OU=people/CN=Bob User" [11/May/2012:11:27:40 -0700] "POST /AP...

by Motivator in

Getting transaction without using transaction command

Hi I am using Hunk and I am looking for a way to get transaction (grouping events by userid with start transactio...

by Motivator in

Count of users in a month who cross a threshold of usage?

Hello Splunk Community, I am trying to answer this question: How many users have logged into the system on at leas...

by Explorer in

Find All fieldnames for fields which contain a specified value

Hello, My question is whether or not I can, via sp, return a list of all fieldnames which contain a specified val...

by Path Finder in

How to set search result no expiration

Dear all I know splunk can set this with dispatch.ttl=int<\p> in savedsearches.conf or ttl in alert_actions.conf, ...

by Contributor in

Help with REGEX in transforms.conf

I have a requirement to route events to separate indexes based on two conditions. 1) must contain the string ...

by Builder in

Compare 90-day average to last 24-hour count

I am trying to compare the event count from each of my devices for the last 24 hours to the daily average of each dev...

by Explorer in

TIME_FORMAT in Epoch

Hi, My log event is in xml and the timestamp is in epoch format e.g. <timestamp>1399909145002</timestamp> How can ...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

input.conf concat host to host_regex value

Use lookup to retrieve query value

Make chart value ranges and show the number of hits in that range

Passing checkbox values to timechart

Search app specific to index in 6.x

splunk6 iplocation and geostats

Subsearch only returns 1 value

plotting date versus time chart

create lagtime panel with average time between two string value datetime fields

trend data from saved search

splunk query for chart overlay

Charting the 2 fields on the same chart.

Regex with multiple fields duplicated. Yet data can be different?

Combining stats search results

sum fields with same name on transaction

how to plot some count on gmaps instead of plotting count of events for given geo

Calrification on transaction command

Regex question extracting user from webserver log

Getting transaction without using transaction command

Count of users in a month who cross a threshold of usage?

Find All fieldnames for fields which contain a specified value

How to set search result no expiration

Help with REGEX in transforms.conf

Compare 90-day average to last 24-hour count

TIME_FORMAT in Epoch

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown