Splunk Search

Discussions

Thread Info

Efficient way to look for values across many millions (hundreds of, or, billions) of events?

Hi, I've got a sourcetype which has around 100,000 values to a field across 225,000,000 events per day, and anothe...

by Contributor in

Group by responseCode

Hi I have the following query that creates a report of the major transactions for a website with their count and aver...

by Explorer in

Need to correlate two different data sources

Alright, so I am trying to correlate a call data record (essentially the billing part of a telephone call) with a med...

by Builder in

Passing a field from a database query to another search DB Connect

Hi, I was playing around with DB connect and it is quite cool. However, when I was trying to make a dashboard out...

by Path Finder in

Local database name

Just commenting here because I'm not sure that the documentation is really clear on the point: when adding a local da...

by Splunk Employee in

troublesome double-quotes in macro/subsearch expansion

I have a complex macro that works in 4.3 (build 115073) but not 5.0.2 (build 149561). here is an example search: `job...

by Path Finder in

Creating unique file name for outputcsv

I am trying to use this. It will create a file with the correct file name, it just has no contents... Any Ideas? m...

by Motivator in

Type of Visitor (New or Returning) -> Can be done with single Splunk query?

Sampling Period = Daily MAC addresses with 1 count are considered new visitors. MAC addresses with more than on...

by Motivator in

Splunk query - update a field with first value of the field

I'm trying to write a query that converts table 1 to table 2 Basically, i want to retain first value of flower for ci...

by Contributor in

Returning a computed expression in a subsearch

I am using a subsearch to build part of a query. The query is complex so I need to build the search that I want and t...

by Builder in

Could not use strptime to parse timestamp

I have researched this error previously (and found a lot of helpful material). I am stuck with a slightly complicated...

by Builder in

No results found, I want to show other message！！！

Search : index=server1 | table processName porcessCount result A : search has a results. processName 　 proce...

by Engager in

Interactive field extractor sample data

Is there a way to control the sample data displayed in the IFX sample data? It is not selective enough for me to see ...

by Splunk Employee in

Calculating Average Time Span

I am having problems calculating an average time span. I need to determine how log it takes for a technician to "ackn...

by New Member in

Timestamp extraction issue

Hi everyone, I have the following log line which has two timestamps and we need to get the SECOND one. Mar 4 ...

by Builder in

Any other way to simplify this search?

Hello I am trying to find out a way if there is any way to use just one search to get the data for all. Can we a p...

by Motivator in

Total count per rule, combined with count per rule,ip,port combination

Hi all, I am going to try and keep this as simple as I can and explain only what I am trying to achieve and what I...

by Path Finder in

Eval command on a field with multiple words

I want to use the eval command to create another field using an existing field. However, the existing field has multi...

by Contributor in

Adding multiple sparklines in a search

I am trying to add multiple sparklines to a search. When I use this stats sparkline avg(ProcV) as ProcV sparkline...

by Motivator in

Assistance needed for a cleaner regex approach on field with variable content

Hi everyone. I am trying to parse SIP dialogs using splunk. Inside the dialog messages, there are TO and FROM lines. ...

by Builder in

Regex, Split into fields and timechart

I have several of this kind: 8/2/11 2:20:57.000 PM 2011-08-02 14:20:57 Err: DeliveryPolicy:: _deliverRequest: fai...

by Path Finder in

Extract fields from multi value fields

I am trying to create a new fields from a multi value fields. Here's an example: group_id, user_id user_address ...

by Explorer in

Find unique person count in Splunk

I've below line in my logs: INFO #add-person# #new# personId=12 isGroupMember=true INFO #remove-person# #remove# p...

by Path Finder in

Filter ip_city in timechart

Yello, Being new to Splunk and still amazed at its capabilities, I have this query and trying to filter out ip_city n...

by Engager in

Compare two periods, results shows only from today

I want to search over two periods to measure the average response time of the access data of GET requests. The period...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Efficient way to look for values across many millions (hundreds of, or, billions) of events?

Group by responseCode

Need to correlate two different data sources

Passing a field from a database query to another search DB Connect

Local database name

troublesome double-quotes in macro/subsearch expansion

Creating unique file name for outputcsv

Type of Visitor (New or Returning) -> Can be done with single Splunk query?

Splunk query - update a field with first value of the field

Returning a computed expression in a subsearch

Could not use strptime to parse timestamp

No results found, I want to show other message！！！

Interactive field extractor sample data

Calculating Average Time Span

Timestamp extraction issue

Any other way to simplify this search?

Total count per rule, combined with count per rule,ip,port combination

Eval command on a field with multiple words

Adding multiple sparklines in a search

Assistance needed for a cleaner regex approach on field with variable content

Regex, Split into fields and timechart

Extract fields from multi value fields

Find unique person count in Splunk

Filter ip_city in timechart

Compare two periods, results shows only from today

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6