Splunk Search

Discussions

Thread Info

does mvzip zips wrong values? If yes, why?

Hi, I have a problem to understand mvzip. For example the query sourcetype="at-json-traces" "aGAfJ22UVSK_" | spath |...

by Path Finder in

How to remove a carriage return from a field

I have outputted events in csv format, and have a field which has carriage returns in it. How can use regex to remove...

by Explorer in

CSV lookups failing

Hi, We have a CSV file containing names and ids. Same name can be present for multiple ids. Name Id A 1 B ...

by Influencer in

If SPLUNK provides UNIQUE ID to every event indexed?

Hi Splunk base users, Do you think it will be a good idea if splunk provides a UNIQUE id to find an event like a p...

by Contributor in

Time over Time comparison

Is there a way to search over a set of data from lets say a month ago and then lay it on top of the same set of data ...

by Communicator in

Multi-value Field Help

Hi Guys, Right now I'm trying to set up a Splunk query to look for a series of Unix commands within either a multi...

by New Member in

getting a mean of all search time and sum of a single time

Hey all, So the following seems to be a problem correctly piping stats stuff. Right now mean and sum will always b...

by Contributor in

Calculated fields in an eval statement

Good Morning! I am trying to build calculated fields that will create a wireless roamer cost report. The report is ba...

by New Member in

X-axis of chart skips over values.

Hi, after a search I have a table like this: row VAL count 1 0 169 2 1 3 3 4 4 4 9 1 5 10 1...

by Engager in

Extracting individual lines from a single field

Hello, I am working with Nessus data and I am trying to pull a software list from the results. Nessus exports this...

by Path Finder in

Getting average times for user defined categories

stats count as #PlanOpen, count(eval(NumRows < 50)) as SmallPlans , count(eval(NumRows>=50 AND NumRows <200)) as Me...

by Contributor in

Help on Transaction command!!

Hi All, I want count of word "ERROR" in the group of events for which i have used transaction command! my search q...

by Path Finder in

transaction question

I use the code below, and it works.. sourcetype="splunk_page_request" | transaction session_id maxspan=3s and I...

by Explorer in

capital letter, small letter (combine)

When I put below sourcetype="splunk_page_search" | top limit=10 keyword the result.. 1 AAA 2 aaa 3 BBB...

by Explorer in

timechart problem..

When I put "sourcetype="splunk_member_info2" | timechart count" on SEARCH, the result shows monthly result. (Log i...

by Explorer in

Killing a search

I got this message after running a few searches: "The maximum number of historical concurrent system-wide searches ha...

by New Member in

user defined search time in a dashboard

I'm busy designing dashboards. I really like the ability to specify the time window which appears in the search app. ...

by Communicator in

Count of a large number of events by punct by minute

So the intent is to have a field that returns the time stamp of a large number of similar events (same punct field) i...

by Contributor in

Appendcols Invalid Timestamp of Subsearch

Hello, i have two searches: Search 1: something | timechart max(xyz) Search 2: something | timechart count by ...

by Communicator in

Where is XML

I have a view I want to edit for customization. The URL is below, but I cannot find the xml on the server. localho...

by Path Finder in

Calculating with the result of stats count.

Hi Base, I tried to calculate a ratio of the occurrence of a value in a field. F.e. the field is Rvals and the val...

by Path Finder in

How to display message related to particular fields?

page="MIR" postid="2824567904373133_10151428930538134" message="Foot stools from MI..." time="2013-01-21" likes="188"...

by New Member in

Regex to ignore [\r][\n]

Hi there, I have been trying to remove the below line which is a big part of one of the logs. Been trying with man...

by Path Finder in

Timechartの結果に閾値を設定したい

*nixを使用していると、vmstatの結果を収集できます。この結果から、例えばloadavgが継続的に2以上の時にアラートを出すということをしてみたいのですが、可能なんでしょうか？ sourcetype="vmstat...

by New Member in

services on non standar ports

I want to take a service name "HTTP" then do a dynamic lookup and pull a list of "standard ports". If the application...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

does mvzip zips wrong values? If yes, why?

How to remove a carriage return from a field

CSV lookups failing

If SPLUNK provides UNIQUE ID to every event indexed?

Time over Time comparison

Multi-value Field Help

getting a mean of all search time and sum of a single time

Calculated fields in an eval statement

X-axis of chart skips over values.

Extracting individual lines from a single field

Getting average times for user defined categories

Help on Transaction command!!

transaction question

capital letter, small letter (combine)

timechart problem..

Killing a search

user defined search time in a dashboard

Count of a large number of events by punct by minute

Appendcols Invalid Timestamp of Subsearch

Where is XML

Calculating with the result of stats count.

How to display message related to particular fields?

Regex to ignore [\r][\n]

Timechartの結果に閾値を設定したい

services on non standar ports

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!