Splunk Search

Ask a Question

Discussions

Thread Info

Reporting on multiple transactions

Hi all, I want to track the duration of individual steps of a larger transaction. For example, I have : 2014-02...

by New Member in

Filed Extraction on Text File

Hi, I have Host Firewall Logs coming in a text file. The data in the text file is separated by spaces and is incon...

by Path Finder in

Adding commas to "stats sum"

Hi, I'm trying to add commas to the TotalPrints field as shown in the code below. I have tried the fieldformat=str...

by Explorer in

Using count as a field for calculation

Hi, I have a field "scanned_hosts" that has a value (say 20), and I also have a number of events, which to my und...

by Path Finder in

Mulitple indexes, sourcetypes - obtaining counts

Hi, I am hoping to use the search below, to get the counts for the categories in DIRECTION and the categories in TYPE...

by Path Finder in

Grouping and Counting the Group Values

Hello. I have a requirement of presenting a table with Countries, users and the number of users in that country.. SO ...

by Explorer in

generate external url links from search

I have a simple search with an eval that generates a valid HTML link: index=sonicwall "TemplateID=265" | eval supp...

by Communicator in

Pareto charting of sensor data

hey everyone, I'm working with a lot of sensor data and i have been trying to develop a pareto chart to look at the p...

by Path Finder in

How do I chart "number of values that are at least"/"number of values that are X or more"

Sample data: alpha 2 beta 1 gamma 4 delta 3 epsilon 10 zeta 13 eta 3 theta 8 iota 4 kappa 6...

by Explorer in

splunk.Intersplunk.outputResults to return the results in a determined order

I have a set of custom search commands that are working fine but I need splunk.Intersplunk.outputResults to return th...

by Motivator in

Radio Button default selection parameter (Advanced XML)

In a StaticSelect module, the parameter to set the pre-selected value is: All But when I try to use that for a ...

by Communicator in

Version 6 Search Dashboard?

I just upgraded to version 6 and I'm disappointed that the search dashboard from version 5 doesn't appear to be avail...

by New Member in

Extracting Logs at Whitespace

Right now, I have a name=value|name=value| format for some logs. But one problem is the Splunk auto-extract for th...

by Builder in

search & sub search to match on valu-

I'm trying to create a search to validate two files match on a given field. I want to check the all the event numb...

by Contributor in

Combine the two search commands output to get the desired result

Hi, I have one search command which gives the output in table as shown below: parameter1 value1 param1 10 ...

by Builder in

display the dropdown content as Chart title

Hi, I am using a xml code for showing a dropdown as follows:- I want to display the content of dropdown, i....

by Builder in

data filter

hello , @ props.conf [host::TheHost] TRANSFORMS-ReadData_bktfileserver = filter_ReadData [WinEventLog:Sec...

by Path Finder in

regex path without filename from source

Hallo, I fruitless tried to extract the path from the source field. My latest test is: source="C:\\Users\\...\\......

by Explorer in

Determine number of searches per day (non-scheduled).

How do I determine the number of non-scheduled searches that are run per day. We are running pooled searchheads. Runn...

by Splunk Employee in

Ironport email - list out the email errors

Can anyone provide some sample search query to list out the errors? I have the error log shown as below and I want...

by Explorer in

Cut Fields of log data file

Hi guys, I'll appreciate your help for my question. Well, I have a data file that has ten fields and I need cut on...

by Contributor in

Need help with timechart query

We have following entries in our app log: 2013-12-06 09:09:23,918 Level=INFO Thread=http-apr-45082-exec-2 Logger=...

by Engager in

Saved Searches

Hi, When I run a search query and save the job for 7 days by editing under job settings. Will the results for t...

by Path Finder in

Can't evaluate expression in query over multiple files

Here's my query in Search: host=kpidata source="*avail*" | eval Time = _time | eval days_in_month = round((relativ...

by New Member in

Subsearch with stats first not working as expected

My dataset has multiple events for a single _time. Batches get loaded whenever it's sent by a 3rd party. I have 25 un...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Reporting on multiple transactions

Filed Extraction on Text File

Adding commas to "stats sum"

Using count as a field for calculation

Mulitple indexes, sourcetypes - obtaining counts

Grouping and Counting the Group Values

generate external url links from search

Pareto charting of sensor data

How do I chart "number of values that are at least"/"number of values that are X or more"

splunk.Intersplunk.outputResults to return the results in a determined order

Radio Button default selection parameter (Advanced XML)

Version 6 Search Dashboard?

Extracting Logs at Whitespace

search & sub search to match on valu-

Combine the two search commands output to get the desired result

display the dropdown content as Chart title

data filter

regex path without filename from source

Determine number of searches per day (non-scheduled).

Ironport email - list out the email errors

Cut Fields of log data file

Need help with timechart query

Saved Searches

Can't evaluate expression in query over multiple files

Subsearch with stats first not working as expected

Enterprise Security Content Update (ESCU) | New Releases

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

StateSpaceForecast holdback and forecast_k for eva...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...