Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to calculate interval sum for repeated event pairs

Hi, I'm a Splunk newbie. Can anyone help me with this. Thanks. For the following events, I need to calculate the s...

by Explorer in

How to count a sequence of events to track the number of consecutive SUCCESSes and FAILUREs?

Hi: I'm trying to count a sequence of events. Our events have a field status that can be either 'SUCCESS' or 'FAIL...

by Explorer in

Why can't I capture the correct timestamp for events with my current regex?

Hi guys, I'm having trouble in getting the right timestamp from my log file. Please refer to this image .. http:/...

by Contributor in

IPv6 support in iplocation

Hi, Does Splunk provide support for IPv6 addresses while looking up using iplocation? Is there any option that we ...

by Communicator in

Search unique values - from index that has 25+ million lines

Here is my usecase: log lines are comma separated and have teamname, location, and other fields I would like to ge...

by Path Finder in

How to do sum or count of all my fields one time?

hi. i have more 15 fields in my events with different field name. ex: field1 field2 field3 ... fieldn i want do su...

by Path Finder in

Why are we seeing different search results in a multisite indexer cluster when running the same search from Site1 versus Site2?

In a 2 site Indexer Cluster, the issue is that they are getting different search results when using the same search i...

by Communicator in

Is there any disadvantage to keeping certain events in separate indexes?

Everything goes into the default "main" index now. I'm thinking of moving IIS log events into a new index called "iis...

by Path Finder in

How to extract all unique values from a multivalue field in one event?

Hi I want to extract field values that are distinct in one event. I managed to extract all the field values in the...

by Builder in

How to write a search with the regex to extract strings of URL IDs and create a pie chart with this field?

Hello, I have data in Splunk Cloud which has a path=/api/versions/:version_id where version_id can be anything acc...

by Explorer in

CMD search not working

Tryin to run a quick test of a search from the command line(Putty) NOT CLI results in command not found. I know I'm p...

by Builder in

How to search the average number of transactions by hour by day?

Am doing the following trying to get the average number of transactions by hour by day: | bucket _time span=1h | ...

by Contributor in

How to pass search results to an R function?

Hi, I unsuccessfully tried the following approach: sourcesystem=ABCD earliest=1313131313 latest=1313161616 | r " s...

by New Member in

How do I create a search that dynamically finds a targeted variable in the results, then uses it to find more results?

I've been struggling with this one for about a week now. I would like to create a search on a dashboard that show...

by Explorer in

Why am I unable to apply index-time field extractions through props.conf and transforms.conf to incoming data?

I am trying to add an index-time extraction to a current data input by going to Setting > Data Inputs > TCP > [TCP PO...

by Explorer in

When is Cheryl's Bday?... According to Splunk

Well this is interesting, as you know there is a logic problem posted in many sites about the age of a girl named Che...

by Path Finder in

Fields have disappeared

I had a log file that I generated fields for and it worked fine. The log file was not updated for two weeks. When it ...

by Builder in

Examples using kvform?

Does anyone know of any examples of using the kvform search command. The kvform docs seem a bit sparse to me, and I h...

by Super Champion in

Is it possible to create an alert that depends on another alert to be triggered?

Hi Guys, I am asking this question out of curiosity (don't even know if this is possible!). The question is: Is...

by Path Finder in

IPv6 subnets and splunk searchs

Splunk today is IPv4 subnet aware so that if you do a search with something like ip_address = 10.0.0.0/24 .. splunk k...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to calculate interval sum for repeated event pairs

How to count a sequence of events to track the number of consecutive SUCCESSes and FAILUREs?

Why can't I capture the correct timestamp for events with my current regex?

IPv6 support in iplocation

Search unique values - from index that has 25+ million lines

How to do sum or count of all my fields one time?

Why are we seeing different search results in a multisite indexer cluster when running the same search from Site1 versus Site2?

Is there any disadvantage to keeping certain events in separate indexes?

How to extract all unique values from a multivalue field in one event?

How to write a search with the regex to extract strings of URL IDs and create a pie chart with this field?

CMD search not working

How to search the average number of transactions by hour by day?

How to pass search results to an R function?

How do I create a search that dynamically finds a targeted variable in the results, then uses it to find more results?

Why am I unable to apply index-time field extractions through props.conf and transforms.conf to incoming data?

When is Cheryl's Bday?... According to Splunk

Fields have disappeared

Examples using kvform?

Is it possible to create an alert that depends on another alert to be triggered?

IPv6 subnets and splunk searchs

Enterprise Security Content Updates (ESCU) - New Releases

Thought Leaders are Validating Your Hard Work and Training Rigor

.conf23 Registration is Now Open!

Need to pass the time from one query to another qu...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...