Splunk Search

Ask a Question

Discussions

Thread Info

Help on construct rex expression

Hello All, From a search in Splunk I get this output from the _raw field: (I have modified a bit the output for...

by New Member in

Timechart with overall count

Hello Answers-Base, I have a timechart where i see the statistics over some softwareversions --> see example ...

by Path Finder in

Expanding rows to certain number of rows

Hi! I would like to get some help with search commands. I have a result like, string dT co...

by Communicator in

regex help - only check first occurrence

I've been attempting to create a regex in transforms.conf that will keep events that have Value1 or Value2 and send a...

by Builder in

Timechart: Unique User of the Last 7 Days

Hello, I would like to create a (time-)chart, that always counts the unique users of the last 7 Days. For Instance...

by Motivator in

For each result in a search, make a second search to extract a couple of fields from other records?

I have two types of data input login records containing at least Userid, Name, LoginDateuser records containing at...

by SplunkTrust in

timechart span offset

I have a working chart that uses "timechart span=1w". Is there any way to make the week span go from Monday-Sunday ra...

by New Member in

"sort _time" is losing days/events for timechart

Hi, i would like to sort the events by _time and create a timechart. | timechart span=1d dc(user) Here the disp...

by Motivator in

Timecharting a Ratio

All, So I have this search, whick works fine. It shows me the unique users in apache vs errors vs checkouts. Perf...

by Builder in

plot a graph

Hi, For the following search results i need to ploa a graph with starttime in y-axis and Host in x-axis. How to do...

by Contributor in

Software application best practice for logging sets of tuples for Splunk

When you have control of the logging in an application, what is the recommendation to make things as easy as possible...

by Path Finder in

trouble using regex to find a timestamp

Hi, I'm trying to use regex to define where my stamp stamp is in the data below. I have it working for some of the...

by Explorer in

Timeout error in ResultsReaderXML c# SDK example search program

When I invoke the C# SDK example search() program to retrieve the same test data I submitted, I get some of my result...

by Explorer in

Dynamic Chart from Summary Index

I'm looking to create a dynamic chart from a summary index, but I'm not sure how to go about it. Basically, I need to...

by Explorer in

Two searches combined including transaction

The below gives me the correct number of hits per external user sourcetype="iis-2" | extract auto=true | search CO...

by Contributor in

correct regex for whitelisting files

I have files that have names like this: appflow-0017c569f354.syslog-dynamic-96 appflow-0017c569f354.syslog-dynamic-97...

by Communicator in

Need Assistance with Search to Display Machines with Reoccurring Infections - Delta or Diff Command Assistance

I need some assistance with constructing a search to help identify machines with reoccurring infections. I thought th...

by Builder in

How do I use inputlookup to search a list of domains?

I have a .csv list of domains I would like to search and I've uploaded it as a lookup table file. The table is fo...

by Path Finder in

eval searchmatch with OR

I am trying to do a search match based on a number of different criteria. The below does not work. sourcetype="...

by Contributor in

Comparing fields with previous events

A logon script generates an event every time a user logs into the desktop. Here are the sample events in Splunk from ...

by Explorer in

Timechart: Returning Users

Hello, I want to achieve a timechart with a stat for returning Users, which means the number of unique users who h...

by Motivator in

Stats for exception reporting

Hi  I am trying to setup some exception reports for our capacity planners and I can construct a search that gener...

by Contributor in

Timechart with two different spans

Hi  I have a chart with one line for Usage (span=1d) and another line for 95th_Percentile (span=30d) but I am usi...

by Contributor in

REGEX and NullQueue problem

Hello, I have setup a nullqueue to drop certain types of traffic. The traffic I want to drop is dest_port=53, any ...

by Builder in

Work with dates outside of timestamp

Hello, I'm trying to keep only results where the date in a field (unix time) is earlier than the previous month. ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Help on construct rex expression

Timechart with overall count

Expanding rows to certain number of rows

regex help - only check first occurrence

Timechart: Unique User of the Last 7 Days

For each result in a search, make a second search to extract a couple of fields from other records?

timechart span offset

"sort _time" is losing days/events for timechart

Timecharting a Ratio

plot a graph

Software application best practice for logging sets of tuples for Splunk

trouble using regex to find a timestamp

Timeout error in ResultsReaderXML c# SDK example search program

Dynamic Chart from Summary Index

Two searches combined including transaction

correct regex for whitelisting files

Need Assistance with Search to Display Machines with Reoccurring Infections - Delta or Diff Command Assistance

How do I use inputlookup to search a list of domains?

eval searchmatch with OR

Comparing fields with previous events

Timechart: Returning Users

Stats for exception reporting

Timechart with two different spans

REGEX and NullQueue problem

Work with dates outside of timestamp

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...