Splunk Search

Discussions

Thread Info

Calculate a percentage from three events

Hi, I'm hoping you can help me I currently have a graph that have 3 events lets call them event1, event2 and event...

by New Member in

transaction group by two IDs

I have data that has two IDs for each transaction. Of course most logs have one or the other and only one has both. I...

by Builder in

Create charts by combining 2 different search outputs

I have 2 saved searches which returns single value output each index=app_1 sourcetype=app1 | stats count of errors ...

by New Member in

multiple headers

Hi, I have a couple of comma separated cisco log files which is suppose to have different set of headers or fields. T...

by Explorer in

How can I generate alerts when your laptop battery level reaches down to 20%?

I am just new with working with SPLUNK and I find it interesting to investigate this.

by New Member in

Run single search multiple times with different timeframes

I have a saved search named "myquery1". I want run this search 3 times (-60m@m, -4h@h and -12h@h). The above outputs...

by New Member in

Merging two chart together

Hi, I'm currently have 2 charts, one is the number of sms sent during office hour, the other is after office hour....

by New Member in

Lookup multiple values for one field

My lookup table contains two columns: one for the input field and one for the value which will be populated into the ...

by Path Finder in

Is it possible to rewrite the _time value for summary index events/

I'm using "collect" to send events to a summary index. Collect seems to put its execution time into the _time field o...

by Builder in

What is the Splunk ECCN classification ?

I need to know the Export Control Classification Number (ECCN) for the Splunk software.

by Communicator in

subsearch help

Not sure how to really explain this.... I would like to look in my windows logs for new installed products and lis...

by Contributor in

pipe separated instead of csv

I was wondering if it is possible to build a regex for a pipe separated file… Where the Header row carries the name o...

by New Member in

How to configure MV_ADD in the search language?

Hi I am trying to figure out how to count 'abc' string in the following string field. 2012/07/21 16:18:30 strin...

by Motivator in

Combining "stats dc(x)" with "stats dc(x) by y" in same search

I am having a ton of trouble expressing this query. Suppose I have 1,000 distinct people, and 25 cities. Over a ti...

by New Member in

How do I adjust a time calculation for results being generated in multiple timezones

I need to calculate the duration of time between events however my source does not adjust for timezones. In my ex...

by Communicator in

Ignore pairs of "matching" (not identical) events

I have a stream of events where a user has an activity={purchase, return, subscribe, unsubscribe} and product={prodA,...

by Esteemed Legend in

Timechart expression - No results found.

I'm having trouble computing an aggregate performance indicator. The following expression (which has the goal to obta...

by Builder in

Timechart of open sessions per username.

I have a file like this: Time,User-Name,Action Thu Mar 7 15:09:22,admin,login Thu Mar 7 17:46:21,admin,login Thu M...

by Explorer in

Problem with the number of column in a row

Hi, I am running a query which would produce 29 column all total, but in my SPLUNK result set it is showing only ...

by Contributor in

List events from latest log indexed?

I'm looking for help creating a search that returns all events from the last log indexed. This is what i've tried bu...

by Engager in

I need a wildcard in reg

I have an event that I want to extract the inside/outside IP Addresses and Port numbers. Mar 6 13:59:59 192.168.14...

by Path Finder in

Search-Time Field Extraction - Not Working

Hello all, We are collecting Cisco firewall logs into Splunk and have installed the "Splunk for Cisco Firewalls" a...

by Path Finder in

Using field values as paramaters for macros bis

Hi! I have the need to write a "macro" that takes field values as parameters. I have understood from this thread t...

by Contributor in

Unable to extract IP Address and Port number with reg

I have an event that I want to extract the IP Address and Port number. Mar 6 13:59:59 192.168.140.215 %ASA-4-10602...

by Path Finder in

Use "Splunk" relative times for custom fields?@

Hi, i have records like this: 2013-03-05 01:02:03.456Z foo=bar value=key start="2013-03-05 05:00:00.000Z" end="...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Calculate a percentage from three events

transaction group by two IDs

Create charts by combining 2 different search outputs

multiple headers

How can I generate alerts when your laptop battery level reaches down to 20%?

Run single search multiple times with different timeframes

Merging two chart together

Lookup multiple values for one field

Is it possible to rewrite the _time value for summary index events/

What is the Splunk ECCN classification ?

subsearch help

pipe separated instead of csv

How to configure MV_ADD in the search language?

Combining "stats dc(x)" with "stats dc(x) by y" in same search

How do I adjust a time calculation for results being generated in multiple timezones

Ignore pairs of "matching" (not identical) events

Timechart expression - No results found.

Timechart of open sessions per username.

Problem with the number of column in a row

List events from latest log indexed?

I need a wildcard in reg

Search-Time Field Extraction - Not Working

Using field values as paramaters for macros bis

Unable to extract IP Address and Port number with reg

Use "Splunk" relative times for custom fields?@

Thanks for the Memories! Splunk University, .conf25, and our Community

Data Persistence in the OpenTelemetry Collector

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions