Splunk Search

Ask a Question

Discussions

Thread Info

Combining stats search results

I run a search on a field that has multiple values. For example the field quest_name has the following values ques...

by Explorer in

sum fields with same name on transaction

Hi community, I've some kind of webserver log. i want to get the traffic per transaction.. so far I'm getting the ...

by Builder in

how to plot some count on gmaps instead of plotting count of events for given geo

Hi , I have a 23 faults in XXXX city with X as latitude and Y as longitude, Now I want to plot fault count (23) on...

by Path Finder in

Calrification on transaction command

Hi, There is a requirement to group the events that startswith"String1" and endswith "String2" as a transaction OR...

by Path Finder in

Regex question extracting user from webserver log

For this sample data: 172.21.174.78 - "/dc=com/dc=caiso/OU=people/CN=Bob User" [11/May/2012:11:27:40 -0700] "POST /AP...

by Motivator in

Getting transaction without using transaction command

Hi I am using Hunk and I am looking for a way to get transaction (grouping events by userid with start transactio...

by Motivator in

Count of users in a month who cross a threshold of usage?

Hello Splunk Community, I am trying to answer this question: How many users have logged into the system on at leas...

by Explorer in

Find All fieldnames for fields which contain a specified value

Hello, My question is whether or not I can, via sp, return a list of all fieldnames which contain a specified val...

by Path Finder in

How to set search result no expiration

Dear all I know splunk can set this with dispatch.ttl=int<\p> in savedsearches.conf or ttl in alert_actions.conf, ...

by Contributor in

Help with REGEX in transforms.conf

I have a requirement to route events to separate indexes based on two conditions. 1) must contain the string ...

by Builder in

Compare 90-day average to last 24-hour count

I am trying to compare the event count from each of my devices for the last 24 hours to the daily average of each dev...

by Explorer in

TIME_FORMAT in Epoch

Hi, My log event is in xml and the timestamp is in epoch format e.g. <timestamp>1399909145002</timestamp> How can ...

by Builder in

Looking for a percent of a subset of data

Greetings, I've got a handful of API URLS, some with HTTP return status of 200, 201, and 500. I'm trying to come u...

by Contributor in

Search very slow

Hi, my search: I'm try fast mode but status the same, My Splunk OS 5.04. Please help me, thanks. index="xxx"...

by Path Finder in

Splunk indexing and time zone normalization

In absence of device time zone and props setting ...and indexer in UTC ...what time zone is applied to events timesta...

by Path Finder in

Timchart - Search queries

Hi All, I have the following search queries with me. index=XXX CISE_Failed_Attempts | timechart span=30m count ...

by Path Finder in

How to use eval on results of a search?

Let us say I have 5 unique fields in my logs (var1 thru var5), I would like to first find the mean of the individual ...

by New Member in

Search-time field extraction - Apache access_combined + additional field

I have a custom log format that is Apache's access_combined format with a custom field representing an app's version ...

by Explorer in

Cisco IPS Top Signature by top hosts

New to the splunk community and still learning the way of searches. In a nutshell i want to do a search against a cis...

by Path Finder in

Can you add a lookup table without a restart?

Is there a way to manually specify a lookup table for a search using a csv located on the server without making conf ...

by Explorer in

Monitor search peers

I have 2 servers, Splunk1 and Splunk2, setup as search peers. How can I monitor when one of the servers goes down or ...

by Explorer in

Counting the results of a Search?

Hello Splunk Community I am trying to create a Search that will count the number of users who have a passed a cert...

by Explorer in

Run searchname returned from a scheduled query as a new search

We have a a scheduled query that returns certain search names ...how do we automate such that the scheduled query tha...

by Path Finder in

Search head and indexer connectivity

We have set up alerting searches with continuous scheduling from a search head with 2 peers Soemtimes the search head...

by Path Finder in

6.1 upgrade - can't access search macros

Upgraded to 6.1 today on a RHEL system. Free Splunk. Now, when I try to hit my http:// /manager/search/adm...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Combining stats search results

sum fields with same name on transaction

how to plot some count on gmaps instead of plotting count of events for given geo

Calrification on transaction command

Regex question extracting user from webserver log

Getting transaction without using transaction command

Count of users in a month who cross a threshold of usage?

Find All fieldnames for fields which contain a specified value

How to set search result no expiration

Help with REGEX in transforms.conf

Compare 90-day average to last 24-hour count

TIME_FORMAT in Epoch

Looking for a percent of a subset of data

Search very slow

Splunk indexing and time zone normalization

Timchart - Search queries

How to use eval on results of a search?

Search-time field extraction - Apache access_combined + additional field

Cisco IPS Top Signature by top hosts

Can you add a lookup table without a restart?

Monitor search peers

Counting the results of a Search?

Run searchname returned from a scheduled query as a new search

Search head and indexer connectivity

6.1 upgrade - can't access search macros

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions