Splunk Search

Ask a Question

Discussions

Thread Info

How can I compare the average of values across all events with specific values in events?

I have the following in my query index=_internal source=*license_usage.log | eval sizemb=b/1024/1024 timechart sp...

by Path Finder in

search of user logon count using lookup table to return all users

Hi, I have a search like this to return the number of times users have logged in over a week. source="mysource"...

by Engager in

Question index csv with field contain comma

I have issue with index field which contain comma. Below is my csv input "28650096","2013-12-02 20:30:30","blocked...

by Explorer in

Query Modification

I have a search that tables project name, the group it belongs to, and the total count of deployment types: index=...

by Builder in

How to use FORMAT search command in a subsearch

Hi, I have a BlueCoat Proxy log in main index if I run index="main" sourcetype="bcoat_proxysg" cn="*" ...

by Communicator in

Timechart count roll up

To the powers that be, here is my dilemma. I have a simple query that reviews data in 15 minute blocks and prints out...

by Builder in

Summing of row in a column on condition

I have three columns ColumnA ColumnB ColumnC vin 1 1 vin 1 2 vin ...

by New Member in

Hashtable Functionality OR lookup Tables

Hi All, I have a lookup table that looks like: Key,value cat1,val1 cat2,val2 cat3,val3 this is in a lookup fi...

by Path Finder in

How can I plot bounce rate over time?

Hi  I have a search that calculates the Bounce Rate for a web site: source="web" configuration.client.comp...

by Contributor in

Function to fetch a part of a field value

A field called username has values INPUT: kesia@abc.bgf.hf:123 gefuf@ef.eff.gre:872 .I want to take the string befor...

by Path Finder in

multi_threaded_setup parameter in limits.conf

We are currently looking at improving CPU optimization on the Splunk environment. We have found that the limits.conf ...

by Splunk Employee in

Is this a linebreaking issue?

I'm collecting events from a logfile that look like this : 270929.542: [GC 270929.542: [ParNew Desired survivor si...

by Path Finder in

Query Help: Sorting Results by Group

I have a search that gives me the date and total number of projects: index=eis_continuous_integration sourcetype=e...

by Builder in

Can I use kv_mode = auto AND kv_mode = XML for sourcetype?

I have an application sourcetype that is a mix of normal informational data and also houses a subset of web requests ...

by Communicator in

Fields within fields - search time extract

Within my event data I have a file name for a data set that we move around between services. Input files are sent...

by Communicator in

dynamic lookup based upon dynamic token

When my users log into my system they are identified with a token number that follows all of their activity going for...

by Communicator in

Taking a table backup on day today basis

I have a transaction table where insert and update will be happen on every time. I need to take a copy of the table o...

by Path Finder in

how to display percentage of total

I count all my httpstatus'ses and get a neat result using: index=prd_access sourcetype="access:web:iis:project" | ...

by Engager in

How to highlight the data nodes in a Line graph

Hi, I have generated one line graph as shown below: I want to highlight the node values. So that it can be easily...

by Builder in

Attempt to workaround 10k subsearch limit -- how to combine multiple lookup files?

I'm breaking up my search and outputting the results into separate files. How can I combine these files into a single...

by Champion in

How to modify the retrun value of stats count by search using eval

I am running a search query like this index=w3c host=web-a OR host=web-b ASP_NET_SessionId=* c_ip=x.x.x.* | eval c...

by Contributor in

dealing with duplicate variables after tranaction command

I am working with IPFix data from a firewall. The first template returns the flow information. That is stuff like Sou...

by Communicator in

Index time field extraction/re-write

I currently have a custom sourcetype=vuln_scan that looks like this: response_datetime="2014-01-24 06:41:22" scan_...

by Path Finder in

How can I specify specific lines within my lookup file to search against?

I have a large resultset, lookupb.csv which consists of about 4 million lines, that I'm searching against that I need...

by Champion in

Alert if value is greater than 2xSTDEV

Hi, I am trying to find outliers by using the idea of a Bell Curve. I have a search that provides stats on mean, s...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I compare the average of values across all events with specific values in events?

search of user logon count using lookup table to return all users

Question index csv with field contain comma

Query Modification

How to use FORMAT search command in a subsearch

Timechart count roll up

Summing of row in a column on condition

Hashtable Functionality OR lookup Tables

How can I plot bounce rate over time?

Function to fetch a part of a field value

multi_threaded_setup parameter in limits.conf

Is this a linebreaking issue?

Query Help: Sorting Results by Group

Can I use kv_mode = auto AND kv_mode = XML for sourcetype?

Fields within fields - search time extract

dynamic lookup based upon dynamic token

Taking a table backup on day today basis

how to display percentage of total

How to highlight the data nodes in a Line graph

Attempt to workaround 10k subsearch limit -- how to combine multiple lookup files?

How to modify the retrun value of stats count by search using eval

dealing with duplicate variables after tranaction command

Index time field extraction/re-write

How can I specify specific lines within my lookup file to search against?

Alert if value is greater than 2xSTDEV

OpenTelemetry for Legacy Apps? Yes, You Can!

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

.conf25 Community Recap

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions