Splunk Search

Ask a Question

Discussions

Thread Info

Metadata Command Alerting

Here's my command: | metadata type=hosts index= | sort lastTime | convert ctime(lastTime) as Latest_Time...

by Explorer in

addcoltotal name?

Hi, I have a table that gives me connections, and I want to show those connections, plus a total. The search works...

by Champion in

Problem with the summation in chart command in SPLUNK

Hi, I want to find out how what is the total number of "Exit" and "Entry" for the particular CARD_NUMBER for a par...

by Contributor in

How does automatic key=value extraction works?

Hello, we have a logfile that contains key=value pairs. Usually Splunks automatic field extraction is working fin...

by Contributor in

Counts and sum of counts

I'm sure this is obvious but I'm not seeing it I've a search endiing in "chart count by UserName, host" which g...

by Engager in

problem with lookup command

Hi, I have a master .csv file in which I have 10 rows, now I have one more child file which contains only 4 rows, ...

by Contributor in

How do I display the average processing time after the total count?

Fellow Splunkers, I have a chart that displays my Apache processing times as such Seconds count 0 19...

by Path Finder in

Find Avg Diff two Date fields

Splunkers, I have events from our Helpdesk ticketing system that have two date fields, DateOpen and DateClosed, bo...

by Communicator in

How to add lookups that don't have matching fields on the log entries

Let's say I have log entries as follows: sourcetype-syslog: time, event_id, host I want to be able to incorpora...

by New Member in

How to display matching lookup definitions in a search

Is there a way to display lookup definition name or lookup table file name that contains matching value in a search? ...

by Explorer in

Timechart multiple events by a field

Hi, I have multiple events that I wish to timechart the top 20, the events look like this: s.d.r.rrm.0.TIME.Range[...

by Path Finder in

Timestamp Regex need help here!

Good Day Splunkers Can you help me to define this in regex format?? Sat Mar 2 01:02:02 2013 +08:00 Thanks...

by Path Finder in

Regex for multiline events

I have a file with multiline events. Though there is no structured data in the events, the events themselves can be i...

by Path Finder in

Saved Search Start and End Time

Hi, I would like to run a daily report at 3 AM and the time range should be Start Time 00:00:00 Finish Time 23:59:59...

by Builder in

Efficient way to look for values across many millions (hundreds of, or, billions) of events?

Hi, I've got a sourcetype which has around 100,000 values to a field across 225,000,000 events per day, and anothe...

by Contributor in

Group by responseCode

Hi I have the following query that creates a report of the major transactions for a website with their count and aver...

by Explorer in

Need to correlate two different data sources

Alright, so I am trying to correlate a call data record (essentially the billing part of a telephone call) with a med...

by Builder in

Passing a field from a database query to another search DB Connect

Hi, I was playing around with DB connect and it is quite cool. However, when I was trying to make a dashboard out...

by Path Finder in

Local database name

Just commenting here because I'm not sure that the documentation is really clear on the point: when adding a local da...

by Splunk Employee in

troublesome double-quotes in macro/subsearch expansion

I have a complex macro that works in 4.3 (build 115073) but not 5.0.2 (build 149561). here is an example search: `job...

by Path Finder in

Creating unique file name for outputcsv

I am trying to use this. It will create a file with the correct file name, it just has no contents... Any Ideas? m...

by Motivator in

Type of Visitor (New or Returning) -> Can be done with single Splunk query?

Sampling Period = Daily MAC addresses with 1 count are considered new visitors. MAC addresses with more than on...

by Motivator in

Splunk query - update a field with first value of the field

I'm trying to write a query that converts table 1 to table 2 Basically, i want to retain first value of flower for ci...

by Contributor in

Returning a computed expression in a subsearch

I am using a subsearch to build part of a query. The query is complex so I need to build the search that I want and t...

by Builder in

Could not use strptime to parse timestamp

I have researched this error previously (and found a lot of helpful material). I am stuck with a slightly complicated...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Metadata Command Alerting

addcoltotal name?

Problem with the summation in chart command in SPLUNK

How does automatic key=value extraction works?

Counts and sum of counts

problem with lookup command

How do I display the average processing time after the total count?

Find Avg Diff two Date fields

How to add lookups that don't have matching fields on the log entries

How to display matching lookup definitions in a search

Timechart multiple events by a field

Timestamp Regex need help here!

Regex for multiline events

Saved Search Start and End Time

Efficient way to look for values across many millions (hundreds of, or, billions) of events?

Group by responseCode

Need to correlate two different data sources

Passing a field from a database query to another search DB Connect

Local database name

troublesome double-quotes in macro/subsearch expansion

Creating unique file name for outputcsv

Type of Visitor (New or Returning) -> Can be done with single Splunk query?

Splunk query - update a field with first value of the field

Returning a computed expression in a subsearch

Could not use strptime to parse timestamp

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

Using the map command with a subsearch not working

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

StateSpaceForecast holdback and forecast_k for eva...