Splunk Search

Discussions

Thread Info

How to use SEDCMD to skip whole lines matching a regex pattern from being indexed?

We have a system where at times the engineers running it need to enable debug output. This naturally kills the splunk...

by Motivator in

Splunk search logs

Am having log entries as per below. In essence, we have to detect a line with “Task started. Task id - 'number' a...

by New Member in

If I have a table with daily averages, how do I display the standard deviation of these averages at the bottom of the table as a consolidated result?

Hi there, I was wondering if someone could assist with the following. I have a table built up as daily averages...

by Path Finder in

Internal Mapreduce in Splunk

Hi, I need to know how map functions and reduce functions are constructed using search string? In one of the white...

by Communicator in

Entering comments into a notable event - possible?

Hi Splunk Answers, I understand that notable events can be assigned severity as well as being assigned to differen...

by Path Finder in

Splunk DB Connect 1: How to join SQL queries from different servers?

| dbquery Server1 "SELECT value1, value2 FROM db1.table" | join type=left value2 [| dbquery Server2 "SELECT value...

by New Member in

How to read data from a CSV file and put into DB Connect’s query?

Hi, I want to pull data from a CSV file and put that all data in a SQL query. For e.g.- In CSV: 'ABC','DEF','GHI',...

by Engager in

How to display Linux and Windows CPU perf in one timechart other than appendcols method?

Currently I am using appendcols method, it seems work, but once the first search returns no result, the timechart wil...

by New Member in

Comparison of logs?

Pretty new to this - Is there a way to compare log results between two timeframes ? Consider the following scenario ...

by New Member in

Indexer performance hit, for searches with no results

I have a search like the following: "index=index_A | " If i distribute this to an indexer which do...

by Splunk Employee in

Regex Conditional Group Capture with Name

I'm trying to build 1 regex to capture multiple sets of data. Below is a sample: 1. 20110221124637|21410|SENT:0.64...

by Explorer in

Searching a single line at a time

My Search query: source="test source" "AggCd" AND "test2# " AND "TransTypeCd " AND (NOT ("test2# null")) | rex "t...

by Explorer in

extract multiple fields(number unknown) and sum it up

i have several events which look like this one (this is one event, repeating with varios values after Txxxx,) DIS...

by Path Finder in

how to configure the section of a user on splunk ?

hello I would like to configure splunk like so: When a user is inactive for 15 minutes, the session shoulds Origin Lo...

by Motivator in

extract field value

Hi, we have csv file in below format. PROJECT_NAME USER_NAME STATUS WEB_xxxx David PASSED WEB_xxxx Rapkin FAIL...

by Explorer in

Alert when host sends different data in event

Every day, a script runs on my Windows boxs that sends an event to Splunk. I'm looking for a search that will return ...

by Contributor in

timechart span starting at specified point

I want to run a timechart 'overnight'... e.g. getting the minimum values of a field between midday and midday... 12-1...

by Communicator in

Error Logs on Splunkd (Search Head)

Hi, I'm having this error logs on my search heard splunkd. 01-15-2011 00:22:06.346 WARN NetUtils - Bad select f...

by Engager in

Index time field extraction from another field

Hi, I have two fields. Let's say they are field1 and field2. I extract field2 from field1. I also remove some part...

by Explorer in

How to join data from three sources without using join?

I'm slowly digesting the posts that describe how to use stats to retrieve aligned data from multiple sources but I'm ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to use SEDCMD to skip whole lines matching a regex pattern from being indexed?

Splunk search logs

If I have a table with daily averages, how do I display the standard deviation of these averages at the bottom of the table as a consolidated result?

Internal Mapreduce in Splunk

Entering comments into a notable event - possible?

Splunk DB Connect 1: How to join SQL queries from different servers?

How to read data from a CSV file and put into DB Connect’s query?

How to display Linux and Windows CPU perf in one timechart other than appendcols method?

Comparison of logs?

Indexer performance hit, for searches with no results

Regex Conditional Group Capture with Name

Searching a single line at a time

extract multiple fields(number unknown) and sum it up

how to configure the section of a user on splunk ?

extract field value

Alert when host sends different data in event

timechart span starting at specified point

Error Logs on Splunkd (Search Head)

Index time field extraction from another field

How to join data from three sources without using join?

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...

Does splunk support Reactive Programming in Java/S...

Alerts not Finalizing- Is there a way to find out ...