Splunk Search

Thread Info

combining distinct count and count in one table

I have two indexers that are being load balanced. I am interested to see the distribution of events from each host on...

by Communicator in

Find results based on field value of 2 events

I have a logfile in the following format: [2014-27-03 20:57:15.875 CST] [receivedSmsFileLogger] - message = "Yes",...

by Path Finder in

Events “data” field is the same for all events collected.

Hi, splunkers! Some strange search results make me stuck. There is have a Splunk cluster in customer’s environment (s...

by Explorer in

literal * in search?

Is it possible to search for a literal * character? If I had a string in a log that read "hi*there", and I wanted to ...

by Path Finder in

Detect deviations over historical query

I have a query that looks like: index=proxy filter_category="Blocked" | eval hrmarker=strftime(_time, "%H") | eval...

by New Member in

Group together different fields found on different lines, based on a common field

Hello, I would like to group together different fields found on different lines, based on a common field that is foun...

by Path Finder in

problem with addcoltotals

Hi, I have a file like : XXXX 20 YYYY 40 ZZZZ 60 I am running a query ....|addcoltotals I am getting : X...

by Contributor in

ask compatibility with R60, R65 and R75.20

Dear Support, Is the current version are also compatible with Check Point R60, R65 and R75.20 platform? Thanks,...

by New Member in

A great Charting Problem!

I do not understand why Im currently having this problem, I have never had this problem before when creating charts w...

by Builder in

trace a transaction through different fields

I've been poking around at this for a bit now to no avail. I'm sure it's something super simple and I'm just missing ...

by Builder in

field extraction not working with transforming commands

I wrote an inline field extraction like this: | rex "splunk[\s]+[\d]+[\s]+[\d]+[\s]+(?<CPUPCT>[\d]+\.[\d]+)[\s]+[\...

by Contributor in

Filtering in search.

Hi I have a search string like host=ABC "Sales Month"="March"|..... Instead of hard coding the month March can I mak...

by Explorer in

Search all fields except ____

I have a log with say 50 fields.Is there a way to search all fields except one of them? Something like ... |search...

by Path Finder in

dboutput with 65 Million Rows

I need to output 65 Million rows to a database table, I see the default per transaction is 50K. Is there a good way t...

by Motivator in

strftime format for event breaks not working

Event breaks based on strftime format for weblogic log events that are not being parsed correctly. e.g. It seems to b...

by Explorer in

how to extract the required text from the fields using rex

Hi , I have a field with VendorName Example : HOMOLOGATED-(Contrend CT 5072s) HOMOLOGATED-(DLINK-DLINK 500B C1)...

by Communicator in

Predict command

Hi, We would like to know more about lower (lower95) and upper (upper95) prediction and how th...

by Explorer in

Error with Dashboard

Has anyone ever came across this error on IE 8 "Internet Explorer has modified this page to help cross-site scripting...

by Path Finder in

How to find the redirect request along with its redirected target location?

When a request comes on domain 1 (say abc.com) we do a 301 redirect to domain 2 (def.com). These will be two separate...

by Explorer in

Get unique values from with in a field.

I have a splunk entry like this url="11111/toy/{toy_id}/part/{part_id}" Here toy_id and part_id are six digit n...

by Explorer in

Skip one hour in one day search

I wanted to search for full day except one hour from 6.30am to 7.30am. I am not able to do it. Can anyone help me in ...

by New Member in

Regex sought for consecutive-multi-line-search-joined-on-common-id display

This question is related to http://answers.splunk.com/answers/127725/consecutive-multi-line-search-joined-on-common-i...

by New Member in

How to disable autosort in a search

I wanted a field(which is pre denfined with the order I need) in a table to be displayed as such irrespective of any ...

by New Member in

How to configure access_combined_wcookie directly in the files props.conf and transforms.conf using regex ?

Hy guys, I have files in the format access_combined_wcookie, the last field called "other", has informations that ...

by Contributor in

Stats Around Events and Sources

Is there an internal search I can run that will return the number of events loaded to date and number of files (sourc...

by Communicator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

combining distinct count and count in one table

Find results based on field value of 2 events

Events “data” field is the same for all events collected.

literal * in search?

Detect deviations over historical query

Group together different fields found on different lines, based on a common field

problem with addcoltotals

ask compatibility with R60, R65 and R75.20

A great Charting Problem!

trace a transaction through different fields

field extraction not working with transforming commands

Filtering in search.

Search all fields except ____

dboutput with 65 Million Rows

strftime format for event breaks not working

how to extract the required text from the fields using rex

Predict command

Error with Dashboard

How to find the redirect request along with its redirected target location?

Get unique values from with in a field.

Skip one hour in one day search

Regex sought for consecutive-multi-line-search-joined-on-common-id display

How to disable autosort in a search

How to configure access_combined_wcookie directly in the files props.conf and transforms.conf using regex ?

Stats Around Events and Sources

Buttercup Games: Further Dashboarding Techniques (Part 7)

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Mastering Data Pipelines: Unlocking Value with Splunk

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...