Splunk Search

Ask a Question

Discussions

Thread Info

How to count equal sources

Hello, I want to count the denials from the same source ip. How can I do this? The Log looks like this: May 28 07:...

by New Member in

Splunk aggregate transaction.

My current situation is the following: There are 26 messages that can be sent between three parties. There are 3 p...

by Explorer in

Question on Search

Hi, We have devices which maintains session information of various users. These devices have a max capacity of ses...

by Influencer in

Using stats result of a field in one sourcetype to compute a values for a field in another sourcetype.

There are two sourcetypes, The first sourcetype has a field called hours_travelled. Now I have to compute mean(hours_...

by Communicator in

perl script

Hello all, I need to create multiple eval fields like this old question: create-multiple-eval-fields-with-wilcards...

by Explorer in

Search For CamelCase

Occassionally we see DNS requests that come in using CamelCase (coMpanY.com or COMpaNy.com, etc.) instead of company....

by Path Finder in

How to get argument to run a script in perl

I did a alert to run a script and it runs with fixed variable. But now i want to pass variable (argument  but I don'...

by Explorer in

Join with different fields names.

Hi, I'm trying to port some SQL queries we wrote to Splunk but whereas with SQL I can specify which columns to joi...

by Engager in

different time ranges or tricks

How can I compare an average count of events per minute in last 15 minutes (for example) and the number of events dur...

by Communicator in

correlation table between numeric fields

Hello, all I need to build a correlation table for numeric fields X_1 X_2 ... ...

by Explorer in

Does more indexers contribute to the performance of search on search head?

Does more indexers contribute to the performance of search on search head? I found when i launch a search in the sear...

by Explorer in

Sequential event mining

Hi everybody, I am new to Splunk. I have a question about Splunk query. Here are some sample logs (timestamp or...

by Engager in

Alternative of transaction ?

I have log lines that I need to group by 4 or 5 fields so that I can find the duration. I am using transaction, but i...

by Communicator in

How to limit column size in top reports

Here is my query: source="WinEventLog:Application" OR source="WinEventLog:System" |top limit=10 Type,EventCode, Sourc...

by New Member in

external lookup script on search head

I've written an external lookup script that makes a rest call to an API & returns data. The API destination requires ...

by Path Finder in

Solaris *nix Splunkd high load average

Using the Splunk App for *nix on Solair. splunkd has a very high load average. In 15 seconds it did an lstat of 6659 ...

by Explorer in

Edit an Automatic Lookup

I have an automatic lookup in which i need to rename one of the lookup fields. Right now whenever a search runs t...

by Path Finder in

How can I automatically create a view based on xml in /views folder?

How can I automatically create a view based on xml in /views folder? example: put xml file in here. $SPLUNK_HOME/e...

by Engager in

import and export date in a file's name

Hello, Is it possible to include the date in the name of an output file ? example : ... | outputlookup "myname_"+f...

by Explorer in

Unique row number in while indexing

Hi All, Is there any possibility to create a unique index number while indexing because i want to search the result o...

by Explorer in

Return a set of events that occur after a specific event

I want to create a search that will return all of the logon failure events (based on a set of event IDs, lets say Eve...

by Path Finder in

eigenvalue and eigenvector in splunk ?

Hello all Is there a function to calculate eigenvalue and eigenvector in splunk?

by Explorer in

Regex help

can somebody help on how to import the log file of the below format to splunk ? {"Error":[{"session":abc123,"app_i...

by Path Finder in

Groupby on a name-value pair within a field

I have an oracle log file (i am pasting below one record from the log file) I intend to a table with all possible RET...

by New Member in

Rename sources in summary?

I have a few things in my summary in the search app that I'd like to change. Some of my source names are long or o...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to count equal sources

Splunk aggregate transaction.

Question on Search

Using stats result of a field in one sourcetype to compute a values for a field in another sourcetype.

perl script

Search For CamelCase

How to get argument to run a script in perl

Join with different fields names.

different time ranges or tricks

correlation table between numeric fields

Does more indexers contribute to the performance of search on search head?

Sequential event mining

Alternative of transaction ?

How to limit column size in top reports

external lookup script on search head

Solaris *nix Splunkd high load average

Edit an Automatic Lookup

How can I automatically create a view based on xml in /views folder?

import and export date in a file's name

Unique row number in while indexing

Return a set of events that occur after a specific event

eigenvalue and eigenvector in splunk ?

Regex help

Groupby on a name-value pair within a field

Rename sources in summary?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions