Splunk Search

Discussions

Thread Info

How to get Splunk to evaluate numbers without a leading digit before the decimal?

I have my apache servers' mod_status output (/server-status?auto) being pulled into Splunk with a scripted input. The...

by Path Finder in

How to nest an eval in an if statement

Currently I can use a write an if statement in the following form: ... | eval adjusted_start=start_sum + 1 | eval ...

by Communicator in

Add a column with values based on whether or not it is a transaction starting condition or stopping condition

I want to be able to create a column on the statistic tab that has 1 if it is the start of the transaction or a 0 if ...

by Communicator in

How to remove the row if the column is same?

Such as when I using the following search: sourcetype="xyz" status=* |stats dc(ID) by ID status |sort by ID I will ge...

by New Member in

Unable to view the field created using rex

string used in the search rex "(?i) Message= (?P[^.]+)" Event log form where im trying to extract "Message=The Win...

by New Member in

Splunk Health Report

How we can monitor and genrate daily or weekly Splunk Health Reports? Can Splunk daemon status be monitored?

by Path Finder in

How to perform JOIN on large amounts of data coming from DB Connect App on different indexers?

index="xyz_order_line"|join ORDER_NUMBER_KEY[|inputlookup sample_lookup1.csv|where serial_no>0 AND serial_no<50001]| ...

by Explorer in

How to use time-base-lookup?

Hi,Splunk community. I have a question about time-base-lookup. I set following attribute to transforms.conf ...

by Communicator in

How to get searches to run automatically after a lookup is updated instead of manually scheduling reports?

Hi, I have around 50-60 searches/reports that are required to run each month after a lookup is manually updated an...

by Contributor in

How to get a search in Splunk to show results from the last 24 hours and update in real-time every minute?

I know that Splunk can show me results for the last 24 hours. I also know that Splunk can show me results in real tim...

by Contributor in

How do I exclude multiple specific fields from search results?

I have a saved search that I alert on and there is certain events I don't want the alert to trigger for when it's com...

by Explorer in

Is it possible to change the date format when running search?

Hi, when I run any search the date format is MM/DD/YEAR. how can I change the format to appear as DD/MM/YEAR ?

by Explorer in

Value to the right of the y-axis

Dear experts! Happy new year to you all.  Got a strange thing when I am creating a timechart in Splunk in the pan...

by Path Finder in

Event break regex - match 19 digit number

Happy New Year everyone! Regex n00b here - I am struggling to break events for a particular source. Any help would...

by Contributor in

Dynamic field extraction based on other field data

My apologies if this is easy - I couldn't find a good example. I've got some log data that is mostly nicely format...

by Path Finder in

TcpOutputProc - Cooked connection to ip=x.x.x.x:9997 timed out

I have seen several threads opened with this issue, but nothing that fits the situation we are facing. This is ta...

by Path Finder in

Convert java millisecond to date

Hi, I am printing current time in java milisecond in logs which i want to show in splunk by converting that into ...

by Communicator in

Help with calculating IIS access logs time spent on site by ip

Hi guys, I'm working on calculating the average time spent by a user on a internal iis site in our environment. I...

by Path Finder in

Splunk lookup and scripts

I am in need of the following requirement. Could anyone help me with this? I need to extract the users for 200+ appli...

by Communicator in

How to edit my search for a sorted and separated top error list with a top customer list per each error?

I have a search which gives a top 5 list of faults (S3_call_error2) for a customer base. Instead of just showing the ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to get Splunk to evaluate numbers without a leading digit before the decimal?

How to nest an eval in an if statement

Add a column with values based on whether or not it is a transaction starting condition or stopping condition

How to remove the row if the column is same?

Unable to view the field created using rex

Splunk Health Report

How to perform JOIN on large amounts of data coming from DB Connect App on different indexers?

How to use time-base-lookup?

How to get searches to run automatically after a lookup is updated instead of manually scheduling reports?

How to get a search in Splunk to show results from the last 24 hours and update in real-time every minute?

How do I exclude multiple specific fields from search results?

Is it possible to change the date format when running search?

Value to the right of the y-axis

Event break regex - match 19 digit number

Dynamic field extraction based on other field data

TcpOutputProc - Cooked connection to ip=x.x.x.x:9997 timed out

Convert java millisecond to date

Help with calculating IIS access logs time spent on site by ip

Splunk lookup and scripts

How to edit my search for a sorted and separated top error list with a top customer list per each error?

Platform Newsletter Highlights | March 2023

Enterprise Security Content Updates (ESCU) - New Releases

Thought Leaders are Validating Your Hard Work and Training Rigor

How to use a Lookup File with Multiple Static or D...

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...