Splunk Search

Discussions

Thread Info

Conditional Filter count results in chart

index=rhwindows sourcetype="WinEventLog:System" Type=Error OR Type=Warning NOT (*PrintSpooler OR *SpoolerWin32SPL) ea...

by Path Finder in

Using join in postprocess takes longer than duplicating the search

Hello I have 3 searchmanagers like so (the actual queries are longer) {% searchmanager id="s1" search="index=ab...

by Engager in

How can I subtract 2 times together/why won't the search string I'm trying work?

So I have seen an answer related to this question on Splunk Answers but the answer that was given is not working for ...

by Communicator in

Finding count of grouped data

How can we find the distinct values inside a grouped values. I use transaction to group data.Now i want to find co...

by Path Finder in

Use field A if B does not exist

Hi, in the past I used a lookup to add the field "price" to my events. Now there will be a new field "price II" in...

by Motivator in

Convert to Timechart

My search string is (host=A AND "ER"=XXW) OR (host=B AND "EMPCODE"=ABC AND ) | stats sum(field)total ,count("user") ...

by Explorer in

Automatically updating dashboard from scheduled search

This must have been asked before, but I am having trouble finding an answer. The scenario is we have a group of se...

by Explorer in

Assigning arbitrary values to a variable dependent on subsearch

I have a transaction defined where a trade goes through some stages in its lifecycle. Unfortunately, the markers for ...

by Path Finder in

Summary Index and timechart by host

I have created a saved search which runs once an hour and records to a summary index. The search allows me to determi...

by Path Finder in

Not able to find the table when creating ''New Automatic Lookup''

Hi, I'm following below tutorial (section Lookups) http://docs.splunk.com/Documentation/Splunk/latest/Tutorial/**Usef...

by Splunk Employee in

Multi value event merging and breaking

Hi there, I am trying working out a scenario with Splunk and having a hard time on it. I have got a XML which h...

by Path Finder in

Multiple "latest' statements on one table

I am attempting to get the latest status of a port scan for 5 different ports per host into a table. I am trying ...

by Motivator in

How to append search as new row?

Given the following query, how can I append the second query so that the results show up as two rows so I can graph t...

by Path Finder in

how to inform the splunk users of a maintenance in splunk ?

I have to do some maintenances in splunk and want to warn the users that splunk will be down. How to get the list ...

by Communicator in

Error dbconnect Invalid column name

My query in dbconnect DatabaseInput is: SELECT b.modifielddate AS [Modfielddate], a.name, b.amount FROM sales b in...

by Explorer in

License Usage by Host over time

We are using Splunk 6.0.1, and I found a search that generates license usage by host: index=_internal source=*lice...

by Engager in

Not getting by day results for a timechart

I'm banging my head against the wall. Here's my search: host="atlassian-stash*" sourcetype=atlassian source="/opt/...

by Path Finder in

How to combine two queries into one without using eventtypes

I have the two separate queries that I could like to combine into on query without using event types. How can I do th...

by Path Finder in

What will happen on indexed data if we revert system time?

Hi, We have a set of indexed logs from a server currently there's no new data that has been indexed. The data comp...

by Communicator in

What's the best way to get rid of a header being included in an event?

I have events in xml format. Some of the events include this header: xml version="1.0" encoding="UTF-8" standalone...

by Communicator in

Comparing Field Names and Values

Hi, I've run into a problem: Splunk ingests Window's security events in such a way that field names may occur more...

by Explorer in

Average duration only if all stages complete

I'm trying to create a search that provides me with the average duration between VALIDATED and ARCHIVED only if it co...

by Explorer in

How to query for specific string literal field

I have a filed in my logs "labeDatal" and I also have another field that I trace out called "labelDataSpec" i.e. l...

by Path Finder in

time difference issue

start_time = > 2014-02-13T22:57:15+0900 end_ time = > 2014-02-13T23:59:54+0900 how can i get the time differenc...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Conditional Filter count results in chart

Using join in postprocess takes longer than duplicating the search

How can I subtract 2 times together/why won't the search string I'm trying work?

similar searches using report acceleration

Finding count of grouped data

Use field A if B does not exist

Convert to Timechart

Automatically updating dashboard from scheduled search

Assigning arbitrary values to a variable dependent on subsearch

Summary Index and timechart by host

Not able to find the table when creating ''New Automatic Lookup''

Multi value event merging and breaking

Multiple "latest' statements on one table

How to append search as new row?

how to inform the splunk users of a maintenance in splunk ?

Error dbconnect Invalid column name

License Usage by Host over time

Not getting by day results for a timechart

How to combine two queries into one without using eventtypes

What will happen on indexed data if we revert system time?

What's the best way to get rid of a header being included in an event?

Comparing Field Names and Values

Average duration only if all stages complete

How to query for specific string literal field

time difference issue

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown