Splunk Search

Discussions

Thread Info

Newbie to Splunk - Feild Extraction

I'm new to the Splunk Search and trying to learn it. I am not from Scripting BG so need help here. I have extraction ...

by New Member in

Get pattern count in a log line

Hi, I have log lines that looks like this Fetching documents "FileName1.doc", "FileName2.xls", "File...

by Communicator in

Search performance and optimization

when I search with below query sourcetype=my_log UUID="3fc5e6c2-57b4-4e59-a3c0-8115f5ec74a1" search result wi...

by Builder in

How to calculate rate of change over time for an variable

I have an input value that changes steadily (at constant rate, either increasing or decreasing), and Splunk is captur...

by Explorer in

Finding overall login time for a user

For a game, my logs log two times, a login event and a logoff event. What I want to do is calculate the total online ...

by Explorer in

Regex for getting slow query logs from mongodb

I am new to SPL. I want to get all mongo queries from my mongo logs which take more than 5 ms to execute. My mongo lo...

by New Member in

Connect nullValueMode problems with FlashChart?

Hi, I'm having some issues with the nullValueMode with FlashChart. It appears (at least with 4.3.3, have to tes...

by Communicator in

Non Clickable column in drill down table

How to set non clickable columns audittrail, linux_audit and scheduler in drill down table like for column OTHER in p...

by Path Finder in

extend a field value

hello, i want to extend a number field to a defined length like: 1324 to 001234 45678 to 045678 How could i do ...

by Path Finder in

I'm thinking index corruption, right?

Search = index=index_root*| stats first(_time) as latest last(_time) as earliest count(index) by index | convert t...

by Motivator in

Add commas to Exchange Table

Splunkers, I have been trying to add commas to all the default charts on the Exchange app. A few particular search...

by Communicator in

Establishing a direction for a connection

I have a table output that has a Source Address and a Destination Address. I would like to add a column to the table ...

by New Member in

bug with eval + isnull and field name with a numeric first character?

hi, not sure if this is a bug or i am doing something wrong, I think it has something to do with a fieldname starting...

by Builder in

Mimicing groupby & join behavior to get group aggregates

Referring to table below, If it started with only Col1 and Col2. In a relational DB I would do a groupby followed by ...

by Explorer in

Converting log time into a usable format

I am trying to use Splunk to determine if there is a delay in processing from one of the logs being consumed. The del...

by Path Finder in

Is splunk counting key/value in referer too?

Assuming I have an access log file with referer If I have 111.111.111.111 - - [.......] "GET /cart.do?action=c...

by Path Finder in

Host state change

We have 4 servers running. 2 active and 2 as offline. Doing a search similar to "hostname="MyServers*" sourcetype="st...

by Splunk Employee in

Historical Lookups

Hi, I am encountering a problem in lookups. The problem is that whenever the lookup file gets updated with new dat...

by Path Finder in

how can i format the number field?

Hi, Is it possible to format the output of the count field ?? sourcety="x" | stats count as REQ REQ 11000 ...

by Motivator in

I want to see a table of the hosts that are in the first search but not in the second.

We have firewalls sending SYSLOG into us. We also get traffic logs from the firewalls. What Im trying to do is first ...

by Explorer in

End transaction somewhere in the middle.

I have 20 records in a transaction. Each of those records has a status. Possible status are created, opened, close...

by Explorer in

Transaction displaying multivalued fields alphabetically, not chronologically

I'm creating a transaction that is displayed in the following table: table _time,src_ip,accountname,username,attac...

by Builder in

how to obfuscate some text inside a python lookup script?

Hi, in my App I have a python lookup script that do a connection with an external service. Into this script I create ...

by Communicator in

TIME FORMAT

Hi, I have got a CDR file having entires as under, and I am trying to set the RECORD_DATE as the time stamp of eve...

by Path Finder in

Splunk V5 - PDF generation of Dashboards

Hi All, I'm new to Splunk and im exploring on Dashboards. When i generate the PDF using "Generate PDF" button, ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Newbie to Splunk - Feild Extraction

Get pattern count in a log line

Search performance and optimization

How to calculate rate of change over time for an variable

Finding overall login time for a user

Regex for getting slow query logs from mongodb

Connect nullValueMode problems with FlashChart?

Non Clickable column in drill down table

extend a field value

I'm thinking index corruption, right?

Add commas to Exchange Table

Establishing a direction for a connection

bug with eval + isnull and field name with a numeric first character?

Mimicing groupby & join behavior to get group aggregates

Converting log time into a usable format

Is splunk counting key/value in referer too?

Host state change

Historical Lookups

how can i format the number field?

I want to see a table of the hosts that are in the first search but not in the second.

End transaction somewhere in the middle.

Transaction displaying multivalued fields alphabetically, not chronologically

how to obfuscate some text inside a python lookup script?

TIME FORMAT

Splunk V5 - PDF generation of Dashboards

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions