Splunk Search

Discussions

Thread Info

Time range of timechart changed after upgrade to version 5.0.1

Hello, I have noticed a different behaviour in Splunk 5.0.1 when comparing with Splunk 4.3.x with the timechart se...

by Communicator in

How to extract tracktrace field from one search to use in another search?

I have a dashboard/form which takes two field inputs to perform a search and find an appropriate tracktrace. index=my...

by Path Finder in

how to add a sum in a top search?

Hello. I have this search: * app="youtube" | top limit=20 srcip by app showperc=f countfield=total of this l...

by Explorer in

filter inputlookup table by UI specified timerange

I've been searching and experimenting for quite a while and I suspect I'm missing something simple.... I have a CS...

by Path Finder in

Does the use of the stats command on a field clear that field's value?

I'm trying to find visitors (IP addresses) to my web site that present with more than one UserAgent. (i.e., Baidu is ...

by Contributor in

How to limit results with multiple group by conditions?

Can the limit command be used with multiple conditions? My search query is as follows | stats count as num by sear...

by Explorer in

Lookup upload Error

Hi, I have an alert set up to compare hosts with my look-up table .csv file. It was working fine in Splunk 4.3.3 b...

by Path Finder in

Lookup Table Issues

would inputs.csv be a better way to conduct this type of operation. Say i have 100 hosts comming in from my cmdb ever...

by Contributor in

proper format for lookup table files

I'm working on defining a new lookup table. I found the tutorial and example files. http://docs.splunk.com/Documentat...

by Communicator in

How to calculate the average from the result of the range function?

Hello, I am looking for a way to calculate the avg from the result of the range function. Here is the simple base sea...

by Explorer in

Why regex created with the Field Extractor utility is not working when used in a search?

Field extractor created a regex that when I use as a search string doesn't work. The search string is: index=myind...

by Influencer in

Suggestions on calculating reduction rates over a period of time

I am new to Splunk and need guidance on writing a generic search that will give me the percent increase over a two mo...

by New Member in

Bug in spath ? Not recovering every fields

Hi have a query, that try to get all the fields from an xml doc. For some reason, spath seems to ignore some of the ...

by Builder in

How do I search using an evaluated numeric field

index=xxx event="NEAT-IN" platform=apns |eval epochT=relative_time(now(), "-2d@d") | eval day= strftime(epochT,"%d"...

by Path Finder in

How to find the difference between two fields of two searches from two different times?

Hi, I would like to have the difference between two fields at two different times. So, what am I supposed to use? ...

by Path Finder in

How find hosts that are missing a particular sourcetype

My windows hosts should have 'WinEventLog:Security' and Script:InstalledUpdates. How can I search for hosts that h...

by Path Finder in

How to Bump a List with Data in Splunk to Get a Match

Hi All, I have a list of invoice numbers that I want to try and find data for in Splunk. I added the list in a CSV...

by SplunkTrust in

Does anyone know how to use the highlight command to highlight strings in a table, not just raw events?

Any idea on how to use the highlight command to highlight strings that are in a table? It only appears to work when l...

by Communicator in

How to translate a numeric field name into a readable name to use in a search?

I have a file that is indexed regulary, with several data in one line: "245614":"0","245615":"1","245616":"1","24...

by Explorer in

How to write stats query to find top 20 count records based on zipcode and split by gender?

Can you please tell us how to write stats query for this case? We have columns: zipcode gender 07809 f 0...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Time range of timechart changed after upgrade to version 5.0.1

How to extract tracktrace field from one search to use in another search?

how to add a sum in a top search?

filter inputlookup table by UI specified timerange

Does the use of the stats command on a field clear that field's value?

How to limit results with multiple group by conditions?

Lookup upload Error

Lookup Table Issues

proper format for lookup table files

How to calculate the average from the result of the range function?

Why regex created with the Field Extractor utility is not working when used in a search?

Suggestions on calculating reduction rates over a period of time

Bug in spath ? Not recovering every fields

How do I search using an evaluated numeric field

How to find the difference between two fields of two searches from two different times?

How find hosts that are missing a particular sourcetype

How to Bump a List with Data in Splunk to Get a Match

Does anyone know how to use the highlight command to highlight strings in a table, not just raw events?

How to translate a numeric field name into a readable name to use in a search?

How to write stats query to find top 20 count records based on zipcode and split by gender?

Data Preparation Made Easy: SPL2 for Edge Processor

Introducing Edge Processor: Next Gen Data Transformation

Tips & Tricks When Using Ingest Actions

How to replace all "confusable" characters in fiel...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...

Does splunk support Reactive Programming in Java/S...