Splunk Search

Ask a Question

Discussions

Thread Info

Counting values

Hi, i have a key value pair say FTYPE=VAL1 and FTYPE=VAL2 and create a timechart with earliest=-1d@d latest=now | ...

by Explorer in

Get data from public pages like Brands, Companies etc

Hi, I have installed Facebook App in my splunk set up.Currently i am able to get the user specific data using Face...

by Communicator in

How can I divide two variables in the same search?

Here's an example of a string I'm looking for: 15:55:37.732 ( 5436:15032) G-MST: 2000001D "00020000-dff6-5032-e3c7...

by New Member in

Concurrency by minute by hour over 15 minute period

Hopefully this is not too confusing. I need to know how many concurrent calls occurred during the last hour for each ...

by Path Finder in

I have to do a special chart, but I am encoutering some troubles

Hi everyone, I'm posting here because of this: I have a csv-file like this: Thread, start_time_ms, duration 2, 136...

by Explorer in

Exclude characters within a field

Hi, right now I am having trouble exluding characters like "/, :, 0-9" from my search. I want those excluded ...

by Communicator in

Log with JSON and analyze with spath

So, I've read an article about Logging best practices: http://dev.splunk.com/view/SP-CAAADP6 One of the recommenda...

by Path Finder in

JSON Log - Search time field extraction not working on multi machine environment

I have a JSON format log file. When this is ingested by a single server installation of splunk (4.3.4), fields are...

by New Member in

Limit scheduled-search run frequency

Hi. Some of our more ... enthusiastic ... users have been scheduling great big searches far too close together and...

by Path Finder in

How to sum a field grouped by months using a date field

I'm new to splunk and I'm still struggling to grasp how it works. I uploaded data from a simple csv file. Data is as ...

by Explorer in

Calculate eval (_raw,field) stats time Field - Field = TotalTime

This is what I have ( 2222222 dest_port="*") OR (1111111 src_port="*") | eval disconnect_time=if(match(_raw,"2222...

by Path Finder in

Anonymize data

Hi, I have a log Audit:[timestamp=01-31-2013 11:51:21.164,user=admin,action=search,info=granted REST: /search/jobs/1...

by Explorer in

Retrieve all the values for a single field

I am looking for a fast way to retrieve all the values for a single field. I have been doing this index=my_index| ...

by Contributor in

Counld not find userBaserDN on the LDAP server

I am find few challenges to configure LDAP. Please help me out with this error?

by Explorer in

Finding Metrics That Fell by 10% in an Hour

Hello Splunk Community, I have a question regarding this query (excerpt from the great splunk book): earl...

by Explorer in

How do I sum by strftime day?

Hello, A simple questions I think....... I'm moving my _time by 6 hours and creating newTime then using strftim...

by New Member in

Regex for IP Address and URL

Hi, I've 2 fields 1. Host with data which looks something like this ip-10-222-98-898, ip-10-982-83-821, ip-10-233-...

by New Member in

create time range from times gleaned from one search to perform another search

I am searching some barracuda SMTP logs for some spam entries like this: source="/data/log/barracuda" someuser@som...

by Explorer in

3 dimension chart--can this be done?

I have a saved search that pipes to a chart with both an "over" and "by". Ideally, I'd like for this to go into a 3rd...

by Communicator in

Number of hosts each day?

I'm looking for a count of the number of hosts each day that have sent events to splunk. I know another department sp...

by Path Finder in

Problems with extracted fields

I have a log that looks like this: Feb 7 10:15:54 169.16.20.112 02/07/2013:15:15:54 GMT bs112 PPE-3 : SSLVPN IC...

by Path Finder in

The Join command doesn't combine results from different indexes

The search string shown below returns valid results when run in Splunk 4.3.4 but it doesn't in Splunk 5.0. index=a...

by Explorer in

How can i create a field searchable from client?

Hi, how i can turn the field client to be reconized on search? 2013-02-07 00:14:14.148056|INFO |VirtualServer | 1|...

by Contributor in

splunk to change the oracle query is a problem.

splunk to change the oracle query is a problem. Example oracle select name, phone, age from test1 minus select name, ...

by New Member in

Comparing a bunch of config files to a gold master

I know that we have diff function that allow the comparison two config files. This is working the way I want. However...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Counting values

Get data from public pages like Brands, Companies etc

How can I divide two variables in the same search?

Concurrency by minute by hour over 15 minute period

I have to do a special chart, but I am encoutering some troubles

Exclude characters within a field

Log with JSON and analyze with spath

JSON Log - Search time field extraction not working on multi machine environment

Limit scheduled-search run frequency

How to sum a field grouped by months using a date field

Calculate eval (_raw,field) stats time Field - Field = TotalTime

Anonymize data

Retrieve all the values for a single field

Counld not find userBaserDN on the LDAP server

Finding Metrics That Fell by 10% in an Hour

How do I sum by strftime day?

Regex for IP Address and URL

create time range from times gleaned from one search to perform another search

3 dimension chart--can this be done?

Number of hosts each day?

Problems with extracted fields

The Join command doesn't combine results from different indexes

How can i create a field searchable from client?

splunk to change the oracle query is a problem.

Comparing a bunch of config files to a gold master

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

Preparing your Splunk Environment for OpenSSL3

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown