Splunk Search

Discussions

Thread Info

What causes timechart to start drawing with recent data but change time periods, lopping off recent results?

I'm looking for unique local/foreign pairs in netstat output to track the number of tcp connections in TIME_WAIT on a...

by Splunk Employee in

Correlate extracted banned IP field with corresponding SSH log events

Hello Splunk Community, I am new to Splunk so please bear with me. My end goal is to construct a dashboard summary...

by Explorer in

How to find "non" unique users.

<--- NOOB Ok...so here is my quandry... I have a query (see below) that returns a list of users, ips and client in...

by Engager in

SPL-58292 resolved?

I see that 5.0.3 was released. Was SPL-58292 resolved? Am I supposed to infer that by virtue of it not being listed i...

by Path Finder in

Lookup Table

I am attempting to use an external lookup table against some twitter data. My Transforms.conf file reads: [HLookup...

by Explorer in

How to count equal sources

Hello, I want to count the denials from the same source ip. How can I do this? The Log looks like this: May 28 07:...

by New Member in

Splunk aggregate transaction.

My current situation is the following: There are 26 messages that can be sent between three parties. There are 3 p...

by Explorer in

Question on Search

Hi, We have devices which maintains session information of various users. These devices have a max capacity of ses...

by Influencer in

Using stats result of a field in one sourcetype to compute a values for a field in another sourcetype.

There are two sourcetypes, The first sourcetype has a field called hours_travelled. Now I have to compute mean(hours_...

by Communicator in

perl script

Hello all, I need to create multiple eval fields like this old question: create-multiple-eval-fields-with-wilcards...

by Explorer in

Search For CamelCase

Occassionally we see DNS requests that come in using CamelCase (coMpanY.com or COMpaNy.com, etc.) instead of company....

by Path Finder in

How to get argument to run a script in perl

I did a alert to run a script and it runs with fixed variable. But now i want to pass variable (argument  but I don'...

by Explorer in

Join with different fields names.

Hi, I'm trying to port some SQL queries we wrote to Splunk but whereas with SQL I can specify which columns to joi...

by Engager in

different time ranges or tricks

How can I compare an average count of events per minute in last 15 minutes (for example) and the number of events dur...

by Communicator in

correlation table between numeric fields

Hello, all I need to build a correlation table for numeric fields X_1 X_2 ... ...

by Explorer in

Does more indexers contribute to the performance of search on search head?

Does more indexers contribute to the performance of search on search head? I found when i launch a search in the sear...

by Explorer in

Sequential event mining

Hi everybody, I am new to Splunk. I have a question about Splunk query. Here are some sample logs (timestamp or...

by Engager in

Alternative of transaction ?

I have log lines that I need to group by 4 or 5 fields so that I can find the duration. I am using transaction, but i...

by Communicator in

How to limit column size in top reports

Here is my query: source="WinEventLog:Application" OR source="WinEventLog:System" |top limit=10 Type,EventCode, Sourc...

by New Member in

external lookup script on search head

I've written an external lookup script that makes a rest call to an API & returns data. The API destination requires ...

by Path Finder in

Solaris *nix Splunkd high load average

Using the Splunk App for *nix on Solair. splunkd has a very high load average. In 15 seconds it did an lstat of 6659 ...

by Explorer in

Edit an Automatic Lookup

I have an automatic lookup in which i need to rename one of the lookup fields. Right now whenever a search runs t...

by Path Finder in

How can I automatically create a view based on xml in /views folder?

How can I automatically create a view based on xml in /views folder? example: put xml file in here. $SPLUNK_HOME/e...

by Engager in

import and export date in a file's name

Hello, Is it possible to include the date in the name of an output file ? example : ... | outputlookup "myname_"+f...

by Explorer in

Unique row number in while indexing

Hi All, Is there any possibility to create a unique index number while indexing because i want to search the result o...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What causes timechart to start drawing with recent data but change time periods, lopping off recent results?

Correlate extracted banned IP field with corresponding SSH log events

How to find "non" unique users.

SPL-58292 resolved?

Lookup Table

How to count equal sources

Splunk aggregate transaction.

Question on Search

Using stats result of a field in one sourcetype to compute a values for a field in another sourcetype.

perl script

Search For CamelCase

How to get argument to run a script in perl

Join with different fields names.

different time ranges or tricks

correlation table between numeric fields

Does more indexers contribute to the performance of search on search head?

Sequential event mining

Alternative of transaction ?

How to limit column size in top reports

external lookup script on search head

Solaris *nix Splunkd high load average

Edit an Automatic Lookup

How can I automatically create a view based on xml in /views folder?

import and export date in a file's name

Unique row number in while indexing

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Customer success is front and center at .conf25

.conf25 Global Broadcast: Don’t Miss a Moment

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions