Splunk Search

Ask a Question

Discussions

Thread Info

What is the Splunk ECCN classification ?

I need to know the Export Control Classification Number (ECCN) for the Splunk software.

by Communicator in

subsearch help

Not sure how to really explain this.... I would like to look in my windows logs for new installed products and lis...

by Contributor in

pipe separated instead of csv

I was wondering if it is possible to build a regex for a pipe separated file… Where the Header row carries the name o...

by New Member in

How to configure MV_ADD in the search language?

Hi I am trying to figure out how to count 'abc' string in the following string field. 2012/07/21 16:18:30 strin...

by Motivator in

Combining "stats dc(x)" with "stats dc(x) by y" in same search

I am having a ton of trouble expressing this query. Suppose I have 1,000 distinct people, and 25 cities. Over a ti...

by New Member in

How do I adjust a time calculation for results being generated in multiple timezones

I need to calculate the duration of time between events however my source does not adjust for timezones. In my ex...

by Communicator in

Ignore pairs of "matching" (not identical) events

I have a stream of events where a user has an activity={purchase, return, subscribe, unsubscribe} and product={prodA,...

by Esteemed Legend in

Timechart expression - No results found.

I'm having trouble computing an aggregate performance indicator. The following expression (which has the goal to obta...

by Builder in

Timechart of open sessions per username.

I have a file like this: Time,User-Name,Action Thu Mar 7 15:09:22,admin,login Thu Mar 7 17:46:21,admin,login Thu M...

by Explorer in

Problem with the number of column in a row

Hi, I am running a query which would produce 29 column all total, but in my SPLUNK result set it is showing only ...

by Contributor in

List events from latest log indexed?

I'm looking for help creating a search that returns all events from the last log indexed. This is what i've tried bu...

by Engager in

I need a wildcard in reg

I have an event that I want to extract the inside/outside IP Addresses and Port numbers. Mar 6 13:59:59 192.168.14...

by Path Finder in

Search-Time Field Extraction - Not Working

Hello all, We are collecting Cisco firewall logs into Splunk and have installed the "Splunk for Cisco Firewalls" a...

by Path Finder in

Using field values as paramaters for macros bis

Hi! I have the need to write a "macro" that takes field values as parameters. I have understood from this thread t...

by Contributor in

Unable to extract IP Address and Port number with reg

I have an event that I want to extract the IP Address and Port number. Mar 6 13:59:59 192.168.140.215 %ASA-4-10602...

by Path Finder in

Use "Splunk" relative times for custom fields?@

Hi, i have records like this: 2013-03-05 01:02:03.456Z foo=bar value=key start="2013-03-05 05:00:00.000Z" end="...

by Communicator in

Metadata Command Alerting

Here's my command: | metadata type=hosts index= | sort lastTime | convert ctime(lastTime) as Latest_Time...

by Explorer in

addcoltotal name?

Hi, I have a table that gives me connections, and I want to show those connections, plus a total. The search works...

by Champion in

Problem with the summation in chart command in SPLUNK

Hi, I want to find out how what is the total number of "Exit" and "Entry" for the particular CARD_NUMBER for a par...

by Contributor in

How does automatic key=value extraction works?

Hello, we have a logfile that contains key=value pairs. Usually Splunks automatic field extraction is working fin...

by Contributor in

Counts and sum of counts

I'm sure this is obvious but I'm not seeing it I've a search endiing in "chart count by UserName, host" which g...

by Engager in

problem with lookup command

Hi, I have a master .csv file in which I have 10 rows, now I have one more child file which contains only 4 rows, ...

by Contributor in

How do I display the average processing time after the total count?

Fellow Splunkers, I have a chart that displays my Apache processing times as such Seconds count 0 19...

by Path Finder in

Find Avg Diff two Date fields

Splunkers, I have events from our Helpdesk ticketing system that have two date fields, DateOpen and DateClosed, bo...

by Communicator in

How to add lookups that don't have matching fields on the log entries

Let's say I have log entries as follows: sourcetype-syslog: time, event_id, host I want to be able to incorpora...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What is the Splunk ECCN classification ?

subsearch help

pipe separated instead of csv

How to configure MV_ADD in the search language?

Combining "stats dc(x)" with "stats dc(x) by y" in same search

How do I adjust a time calculation for results being generated in multiple timezones

Ignore pairs of "matching" (not identical) events

Timechart expression - No results found.

Timechart of open sessions per username.

Problem with the number of column in a row

List events from latest log indexed?

I need a wildcard in reg

Search-Time Field Extraction - Not Working

Using field values as paramaters for macros bis

Unable to extract IP Address and Port number with reg

Use "Splunk" relative times for custom fields?@

Metadata Command Alerting

addcoltotal name?

Problem with the summation in chart command in SPLUNK

How does automatic key=value extraction works?

Counts and sum of counts

problem with lookup command

How do I display the average processing time after the total count?

Find Avg Diff two Date fields

How to add lookups that don't have matching fields on the log entries

Fall Into Learning with New Splunk Education Courses

Super Optimize your Splunk Stats Searches: Unlocking the Power of tstats, TERM, and ...

How Splunk Observability Cloud Prevented a Major Payment Crisis in Minutes

Role-based search filter syntax

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

Splunk Search

Are you a member of the Splunk Community?

Discussions