Splunk Search

Discussions

Thread Info

Counting Events?

Splunk Community, I’d like to be able to count the number of events I have per SourceFile when my sourcetype is Lo...

by Explorer in

Fetching the data from the respective index of the log statement

There is a log file which has events in the following format 0|10|434d5532|xxxxxx34|2014/06/06 04:47:54|819670|3|2014...

by Path Finder in

Windows PerfMon stats -- unable to create total_cpu field

Hi all, I'm having difficulty trying to create a total_cpu field. If I map a single variable to it, this works fin...

by Communicator in

DBX JOIN 2 databases together

I can write a search like this: | dbquery "DB1" "SELECT A.* AOS.* FROM Assets A JOIN AssetOSs AOS ON A.AssetOSID =...

by Motivator in

Doing lookup in the same index without using lookup command

Hi [index=main host=syslog status="deny"| top src_IP | table src_IP ]:::::this is my sub search. and it will produce ...

by SplunkTrust in

count by percentage

Hi, we're trying to find out windows XP users with some rules: if mod=syn, get client ip (cli)if mod=syn+ack, get ...

by Communicator in

Search time field extraction not showing in available fields

I am attempting to perform a search time field extraction via the rex command. I use the default field of _raw and gi...

by Engager in

inline stats without subsearch

This is a recurring problem for me in SPL. I want to assign some stats command results to a variable name and pop tha...

by Communicator in

metadata: how to find the most recent event for each host in each index?

i have 50 indexes and i want to find out the last most recent event for each host in each index. i can do this for...

by Path Finder in

how to get the value of field if another field has same value in particular time period

HI, I have data like below, Source_Address Event_Code Time User 10.10.10.010 4625 6/17/2014 00:12:26 Balaji 10.10.10....

by SplunkTrust in

efficient way of comparing with historic events using percentile

Hi, I have a query that is meant to compare longitudinal count of an event of a given day (e.g. today) with historica...

by Path Finder in

Extract Field

Dear All, I have oracle error data i need to extract some fields from it here is the data [EntID: ] 17-Jun-2014...

by Contributor in

How does rule based sourcetype works?

In the below stanzas , both are having same source-type names, how the priority will be in assigning sourcetype? H...

by Motivator in

how to exclude a certain field value from results

Search query: list the last known user (userid) on each host. sourcetype=syslog source=/var/log/secure "pam_unix(s...

by Explorer in

Multiline Regex trouble - Can't get fields to be associated with keys

Hi, I am in great troubles with a multilines events i'm trying to analyse, and associated required regex to extrac...

by Influencer in

Use a Function without Running a Search

Hey guys, is it possible to run an eval function in the search bar without piping a search to it? In an attempt to...

by Explorer in

How to get sum and charts of usage time values for corresponding fields?

I'm using splunk 6.0.3 When I search for: "has been closed after being in use" I have a series of hits like shown ...

by New Member in

How to display timechart as area chart over last 4 hours with span of 1 hour?

I will try my best to formulate my question as I couldn't find anything similar asked already. I am trying to disp...

by Path Finder in

Displaying the count of events over varying time spans

All, I want to create a search that will return the count of events over the last 5 minutes, 30 minutes, hour, 6 h...

by Contributor in

Report new users each month trended - large time range

Hi, I have a request to trend new users on a web application by month over a two year period and produce this repo...

by Contributor in

Field extraction for logs with slightly different field position based on the servername

Hi All Here are my sample logs _time prod-server-1234 web_access 10.11.12.13 "GET /json/some_search?asasa HTTP/1.1...

by Path Finder in

Overlapped events in summary index when using sitimechart

Hi, i'm using splunk 6.1.1 I made this si- search and scheduled it to run "every hour" at period -1h@m to "now" ...

by Path Finder in

How to sort events by number of occurances?

I'm trying to do "[Simple text search]" | top limit=50 count To so the 50 highest occurrences of my search for...

by Engager in

Error using lookup table

Hello I am running the following search with the end aim of using the 'map' functionality to plot the results but ...

by Communicator in

How to rename _time column

How to rename the _time to TIME in the below query: |inputlookup currentesdorders.csv | dedup ORDER_NUMBER | where...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Counting Events?

Fetching the data from the respective index of the log statement

Windows PerfMon stats -- unable to create total_cpu field

DBX JOIN 2 databases together

Doing lookup in the same index without using lookup command

count by percentage

Search time field extraction not showing in available fields

inline stats without subsearch

metadata: how to find the most recent event for each host in each index?

how to get the value of field if another field has same value in particular time period

efficient way of comparing with historic events using percentile

Extract Field

How does rule based sourcetype works?

how to exclude a certain field value from results

Multiline Regex trouble - Can't get fields to be associated with keys

Use a Function without Running a Search

How to get sum and charts of usage time values for corresponding fields?

How to display timechart as area chart over last 4 hours with span of 1 hour?

Displaying the count of events over varying time spans

Report new users each month trended - large time range

Field extraction for logs with slightly different field position based on the servername

Overlapped events in summary index when using sitimechart

How to sort events by number of occurances?

Error using lookup table

How to rename _time column

A Prelude to .conf25: Your Guide to Splunk University

4 Ways the Splunk Community Helps You Prepare for .conf25

Enhance Your Splunk App Development: New Tools & Support

Sometimes searches are not running on iPad

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Splunk Search

Are you a member of the Splunk Community?

Discussions