Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How can I rename column names after a transpose based on a field?

Hello Everyone. I have a search that uses streamstat to create a field called "answer" and "frequency" for each re...

by Explorer in

How to exract regex to my field

I am having events like below, E.g. 1 Nov 7 10:18:49 111.222.333.444 Success user=abc userid=123 account=xyz E.g.2...

by Communicator in

Align results with time differences

Good day Splunkers, I'm having a problem with my search, well this is what I am trying to achieved. I have 2 sourc...

by Communicator in

Calculate avg task duration

Thanks in advance... - My server log contains the following xxxxxxxx|xx -> Finished embeding fallback task 00:0...

by Explorer in

Example of doing an external lookup using HTTP GET or POST?

I've been looking at Splunk's external lookup features and they sound ideal for several of my logs. For example, I've...

by Communicator in

timechart: fill values in empty slots

Assuming I have the following log entries 2014-11-01 foo=bar 2014-11-02 foo=bax With the search | timechart spa...

by Path Finder in

Search Performance: Does filtering on sourcetype, source or host make a search more efficient?

My understanding is that filtering on index is necessary. Sometimes it works without, but sometimes it doesn't and I ...

by Communicator in

populatingSearch vs search?

What's the difference between <populatingSearch fieldForValue="user" fieldForLabel="user"> <![CDATA[QUERY]]> ...

by Path Finder in

How to set up an automatic lookup where a predefined value is used when there is no match in the lookup?

Hi, I would like to set up an automatic lookup, where a predefined value is used when there is no match in the loo...

by Motivator in

How to use transaction command

Im very new to splunk. Could anyone please help me with the following issue? I am in need to collect the details a...

by Communicator in

Splunk 轉發到 Syslog 的事件, 長度被限制在 1024 bytes

透過Splunk 將已經索引的事件轉發到syslog時，超過1024 bytes的部分會被截斷請問有何方法解決？ 目前使用的版本是 6.1.2 original answer: https://answers.splun...

by Splunk Employee in

How to get a specific country,state geoip results and ignore everything else

Hi im running the following query, host="x.x.x.x" XXXXXX | iplocation c_ip |geostats count by City I want to ...

by Explorer in

Create a field and then make a graph based on the different inputs to that field over time.

I am very new to both regex and splunk... If I have a particular field in the middle of a bunch of data. How do I mak...

by Path Finder in

How to find the time difference between the current and previous event per field?

Hello everyone. I'm using "eventstats" to generate the average of a certain field in every event that Splunk colle...

by Explorer in

How do hunk/hadoop searches work?

Does, for example, hunk retrieve all the data from the hadoop path, move it to a temporary location, apply the search...

by New Member in

comparing earliest of subsearch and main search

I need figure out a way to take the earliest of a search and subtract it from the earliest of a subsearch to be used ...

by Builder in

How to chart the top 3 users over many months?

Hello everyone, I have a query on how to chart top user count over a period of months. My search is such that it g...

by Explorer in

How can I generate a trending analysis into the past?

I'm working with Qualys vulnerability data in splunk. Qualys has an api call that runs once daily and collects an...

by Explorer in

How do I sum like fields from like events and show results?

I have a search that extracts the events and fields that I want. I want to sum the fields in like events. Here is a s...

by New Member in

How to search a weekly total and daily average per week for 4 weeks per IP address?

Hi, After struggling for some time now I turn to you guys for help. The community page have been a great aid but I...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I rename column names after a transpose based on a field?

How to exract regex to my field

Align results with time differences

Calculate avg task duration

Example of doing an external lookup using HTTP GET or POST?

timechart: fill values in empty slots

Search Performance: Does filtering on sourcetype, source or host make a search more efficient?

populatingSearch vs search?

How to set up an automatic lookup where a predefined value is used when there is no match in the lookup?

How to use transaction command

Splunk 轉發到 Syslog 的事件, 長度被限制在 1024 bytes

How to get a specific country,state geoip results and ignore everything else

Create a field and then make a graph based on the different inputs to that field over time.

How to find the time difference between the current and previous event per field?

How do hunk/hadoop searches work?

comparing earliest of subsearch and main search

How to chart the top 3 users over many months?

How can I generate a trending analysis into the past?

How do I sum like fields from like events and show results?

How to search a weekly total and daily average per week for 4 weeks per IP address?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Comparing data from 2 days by data type

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...