Splunk Search

Discussions

Thread Info

Compare two counter values in time

Hi, I want to write a query to compare performance counter's values over 20 min span where the counter values chan...

by New Member in

Multiline Interleaved Transactions

I have a log file that contains multiple transactions. These transactions can span multiple lines. Since this is a mu...

by Engager in

Specifying today's date in the source file on a search

Is there a way to specify today's date in the filename of the source on the search? I'm thinking in the same way you ...

by Path Finder in

Shared realtime searches possible?

I have 4 dashboards each of which use 2-3 real time searches. Now watching the dashboards with firebug I can see t...

by Builder in

Date_Hour Question

Hi All, I have a search which I am adding date_hour to a table: ...| stats count as 1week_ago_count by qos, dat...

by Builder in

Ignore List in a Macro

If you create a search to watch network traffic and you wish to ignore a listing of /32 Destination IPs, would you cr...

by Communicator in

Determining user search timeframes

Hi, Is there anyway to determine what timeframes (24 hours, 7 days, 15 minutes...) are being used for searches in ...

by Champion in

Cumulative sum of hours

Hi, I have created a chart showing the cumulative sum of hours for each host for the month of August. Here the fie...

by New Member in

Organize "Searches & Reports" and "User Interface/Views" with subfolder within apps context

Hi, I have quite a big number of searches and views within an app, and manage them within the "searches & Reports"...

by Contributor in

host_regex is not working extract host name from windows path

All, I'm trying to use host_regex to extract host names for input Background: All logs are copied to a windo...

by Communicator in

A table with fields as lines

We got some events ,with an extract we got Event 1 : Field1=VALUE11,Field2=VALUE12,Field3=VALUE13,... Event 2 : ...

by Communicator in

How to build a transaction from multiple, somewhat disparate, indexes

Hi, I have three indexes that I'm trying to build a transaction from. the first two indexes each have a field name...

by Communicator in

Indexing queues greater than 100 lines

Hi all, I would like to set the transforms.conf started indexing log files when they exceed the 100 lines per second ...

by Contributor in

cumulative sum in splunk

Hi, I have uploaded csv files for indexing and creating reports.Here is the sample entries: Date A B...

by New Member in

Parse multiple URLs in a single event, keeping key/values separate

I have log entries that look effectively like this: (I have to break the URLs so I can even post this, how annoying.....

by Engager in

Custom Condition Search for Alert for HTTP status code report

I have the following search in an alert that triggers every 15 minutes: source="C:\logs\path\*.log" | chart count ...

by Path Finder in

splunk locking libeay32.dll from wrong directory stops bit9 security app from starting

splunk is currently locking the dll libeay32.dll from the wrong directory. this is causing our main security product ...

by Splunk Employee in

Time zone difference

I have a source type where iis logs copied from another server to the forwarder are being recorded in UTC but not ind...

by Path Finder in

Trying to JOIN data, or augment results.

Hi, I'm likely going about my search in the wrong way, but I'm trying to create a table of data which draws upon a...

by Contributor in

Search index using search values from database

I want to be able to do a search of an index with search parameters returned from a database lookup. An example would...

by Explorer in

Hit URL grab data and index it

The concept seems simply yet there doesn't seem to be a straightforward way of doing it. I have URL which I want splu...

by Communicator in

select subset of hosts

Hello, splunk newbie here, I have tens of servers named like abc01, abc02 .... abc20. Now i would like to search f...

by Engager in

multiple search results on singlechart

hi, these are my searches index=tm_idx host="audit" | timechart count by Process usenull="f" index=tm_idx ho...

by Communicator in

Issue while using substr function after chart command

Hi, We are using Splunk version 5.0.4 in our application. In order to bucket our data and display the buckets in p...

by Communicator in

Function AVG() give the wrong result ?

Hi all, When I use query : mysearch | stats avg(X) It is supposed that the result is the average value of field X ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Compare two counter values in time

Multiline Interleaved Transactions

Specifying today's date in the source file on a search

Shared realtime searches possible?

Date_Hour Question

Ignore List in a Macro

Determining user search timeframes

Cumulative sum of hours

Organize "Searches & Reports" and "User Interface/Views" with subfolder within apps context

host_regex is not working extract host name from windows path

A table with fields as lines

How to build a transaction from multiple, somewhat disparate, indexes

Indexing queues greater than 100 lines

cumulative sum in splunk

Parse multiple URLs in a single event, keeping key/values separate

Custom Condition Search for Alert for HTTP status code report

splunk locking libeay32.dll from wrong directory stops bit9 security app from starting

Time zone difference

Trying to JOIN data, or augment results.

Search index using search values from database

Hit URL grab data and index it

select subset of hosts

multiple search results on singlechart

Issue while using substr function after chart command

Function AVG() give the wrong result ?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions