Splunk Search

Discussions

Thread Info

Splunk as syslog --> vbs script--> security device

Hello All, I have setup splunk as a syslog receiver from a test wireless controller. this is working great. Next, I h...

by New Member in

timechart max points on x axis

I have read in a few places that the max points that can be plot using a timechart is 1000. I have the following quer...

by Explorer in

RegeEx help for Cisco logs

I am trying to create an "action" field extraction to grab "permitted/denied" from my Cisco device logs. I can get th...

by Path Finder in

Unable to extract fieds

Hi , I have data files which is generated by script(eg. xyz12.ksh) When each time a script runs a file is generated w...

by Path Finder in

conditional converion

Hi All, I have a field called "diskin" which can have two values in two measurements 1) K for kilobytes 2) M f...

by Contributor in

Query to calculate the total count and percentage

Hi, I have below query and its working fine. sourcetype="mylogs" | fields QTime |eval QTimes = case(QTime<50, "0-5...

by Explorer in

Incorrect message: minspan option has no effect when span is specified

In splunk 5.0.1 adding "minspan" to timechart results in the message "minspan option has no effect when span is speci...

by Path Finder in

Regex on search output?

Search: index=XXX source=/xxx/xxx/xxxx.log | regex 'something' How would I do this properly showing just the regex...

by Explorer in

Get full join result of two logs

How to get full join result of the below two logs: log1: ID, value1 1,aaa 1,abc log2: ID, value2 1,X1 1,X4 When jo...

by Engager in

Delta in percentage between columns in a report

Hello, I have this search (executed over last 7 days): sourcetype=access_* action=purchase | bucket _time span=1d ...

by Communicator in

Can splunk do this? Extract a portion of an event. Then, index just the value and not the key=value pairs.

I have the following log event : 2013-03-12 10:37:10,205 { "start" : 1, "returned" : 1, "count" : 1, "en...

by Motivator in

Difference between two dates

I have a log that has Start date=2003-11-20 00:00:00,End date=2079-06-06 00:00:00. I want to calculate the differenc...

by Communicator in

Compare rows within a table for duplicates

Hi, I have created a report that takes a lookup list of order references and returns all other orders that are rel...

by Path Finder in

Lookup file delimiter - can I configure Splunk to recognize | as delimiter?

Must the delimiter be "," ? Can I configure Splunk to use a "|" delimiter between fields?

by Champion in

In line rex not working once moved to Field Extraction

Sample log entry: 23:36:15 '99.999.999.999' GET /downloads//999/SomeProduct/GetComponent/Foo.exe 'Private Message'...

by Path Finder in

sum question

I would like to analyze two different sources to determine how much data is being indexed. index="_internal" sourc...

by Contributor in

Using wildcards in spath

Hi Guys, I've been playing around with the spath command in 4.3.1, and am just wondering if there's any way of using ...

by Communicator in

event options menu within table view?

index=webproxy | top 10 link I have a workflow assigned to link, that will allow me to open the link. I do not ...

by Contributor in

Actual and avg values on one timechart

I would like to draw a line time chart that shows both real values and avg values of Search Time. When I do timech...

by Communicator in

string to decimal and use where condition

I have extracted a field that represents how long a process takes. The values looks like 1.0435, 2.242, 234.23435, et...

by Communicator in

host_regex to determine IP address

I've got these logs from a number of sources that have inconsistent filenames - here are some examples: AA000-77-...

by Communicator in

Plot up or down state over time?

I have a dataset I just created using transaction that shows when a particular service is down by pulling in the "ser...

by Motivator in

Show if IP is also in another sourcetype

Hyas all I'm sure this is an easy thing for a Splunk crack, but not for me as I'm a noob (4 days Splunk experienc...

by Explorer in

Trying out on custom command search

Hello, I've entered "print 'Hello World'" in helloworld.py file for custom command. I also added authorize.conf & ...

by Engager in

Multiple independent dropdowns in a Dashboard

Creating a dashboard with 3 independent dropdowns (country,state,city). The ideas is for the user to select or more o...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk as syslog --> vbs script--> security device

timechart max points on x axis

RegeEx help for Cisco logs

Unable to extract fieds

conditional converion

Query to calculate the total count and percentage

Incorrect message: minspan option has no effect when span is specified

Regex on search output?

Get full join result of two logs

Delta in percentage between columns in a report

Can splunk do this? Extract a portion of an event. Then, index just the value and not the key=value pairs.

Difference between two dates

Compare rows within a table for duplicates

Lookup file delimiter - can I configure Splunk to recognize | as delimiter?

In line rex not working once moved to Field Extraction

sum question

Using wildcards in spath

event options menu within table view?

Actual and avg values on one timechart

string to decimal and use where condition

host_regex to determine IP address

Plot up or down state over time?

Show if IP is also in another sourcetype

Trying out on custom command search

Multiple independent dropdowns in a Dashboard

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

SignalFlow: What? Why? How?

Intermittent log data ingestion with Packetbeat JS...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...