Splunk Search

Thread Info

Percentage Calculation

My REGEX: | rex "\sof (?<Name>[A-Za-z0-9_]+)" | rex "\sdeposit \((?<Deposit>\d+)" | rex "\s*withdrawal \((?<Withdr...

by Explorer in

Service Downtime Duration

I am attempting to find the duration of each downtime instance that has occurred in the last 24 hours, and I am attem...

by Motivator in

Why are what I think are similar queries returning slightly different values?

I believe the following two queries are essentially the same but when I run them the former returns results with 10s ...

by Engager in

Transforms, Regex and wrong source names OH MY!

NO this is no April Fools Joke. But it feels that way to me... I'm trying to use transforms.conf and props.conf to...

by Builder in

Splitting event by column

Hi, At search time, is there any way of splitting a tabular event into multiple events by column rather than row a...

by Explorer in

How do I identify events which are part of a transaction in this case?

Hi, We have events like this Time1 8000 UserId1 Event-Launch ProcessId-10000 ... Time2 10000 UserId1 Event-Logi...

by New Member in

Specific Objectives for using Splunk in Datacenter environment

Hello Experts, We are a Corporate Data center in our Internal IT department of the company. We host intranet servi...

by Builder in

Tabs in a Dasbhaord

Hi, I have build a dashboard using adv XML but since we have so much data to visualize it people have to scroll do...

by Path Finder in

time-based inputookup

I have a search that is exported to a csv file which is also set up to be a lookup table. I can call the lookup t...

by Builder in

How do you "fillnull" a sparkline field?

I have a chart with various counts of errors and corresponding Sparklines. In this instance the null values are ju...

by Communicator in

Regex Help

Hello I need some help in fixing the regex for the below events. it works on few and it doesn't on few. The fi...

by Motivator in

Table does not display correct field spaces

When piping fields into a table, the table eliminates extra spaces inside the field. For example: person_name="...

by Communicator in

RFC 5424 and Structured Data with Splunk

Hi, I'm trying to test splunks handling of structured data using an RFC 5494 compliant message. When I netcat the ...

by Engager in

Hidden Search using Advance XML

so i have hidden search in my advance XML file in v5. works perfect until i need to modify my search to extend some r...

by Path Finder in

Timechart and Table from same query

HI! What's the easiest way to create a time-chart and stats table with same query so I can create a dashboard, ha...

by Contributor in

Help using EXTRACT to capture a custom static value by source

I am trying to find out how to create a custom field that will be available as an index field that I can set as a sta...

by Engager in

Injecting FieldValue at the end of external URL from timechart fieldvalue

Hi, I have a dashboard with time-charts... I'm trying to take the "App#" fields values that the time-chart is sourced...

by Contributor in

Select the Top 1 from a set of TopN

Using the Splunk query language how would be a splunk query that returns the Top 1 from a set of Top N? Data set s...

by Motivator in

Suggestion: Enabling connectivity to SQlite

I'm not sure if this is the correct way to put a suggestion. But it would be great to have Splunk DBConnect with SQli...

by Super Champion in

Summary incorrect on search page

The 'Search' page, which lists the number of events, the oldest and latest event is not accurate. Can anyone tell...

by Path Finder in

Lost on ASA syslog config.

I have configured the ASA to syslog directly to my splunk server(low volume) and I have set up to receive syslog on U...

by New Member in

combining distinct count and count in one table

I have two indexers that are being load balanced. I am interested to see the distribution of events from each host on...

by Communicator in

Find results based on field value of 2 events

I have a logfile in the following format: [2014-27-03 20:57:15.875 CST] [receivedSmsFileLogger] - message = "Yes",...

by Path Finder in

Events “data” field is the same for all events collected.

Hi, splunkers! Some strange search results make me stuck. There is have a Splunk cluster in customer’s environment (s...

by Explorer in

literal * in search?

Is it possible to search for a literal * character? If I had a string in a log that read "hi*there", and I wanted to ...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Percentage Calculation

Service Downtime Duration

Why are what I think are similar queries returning slightly different values?

Transforms, Regex and wrong source names OH MY!

Splitting event by column

How do I identify events which are part of a transaction in this case?

Specific Objectives for using Splunk in Datacenter environment

Tabs in a Dasbhaord

time-based inputookup

How do you "fillnull" a sparkline field?

Regex Help

Table does not display correct field spaces

RFC 5424 and Structured Data with Splunk

Hidden Search using Advance XML

Timechart and Table from same query

Help using EXTRACT to capture a custom static value by source

Injecting FieldValue at the end of external URL from timechart fieldvalue

Select the Top 1 from a set of TopN

Suggestion: Enabling connectivity to SQlite

Summary incorrect on search page

Lost on ASA syslog config.

combining distinct count and count in one table

Find results based on field value of 2 events

Events “data” field is the same for all events collected.

literal * in search?

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...

Splunk Search

Are you a member of the Splunk Community?

Discussions