Splunk Search

Discussions

Thread Info

Monitoring OS parameters using Splunk

I am monitoring, couple of servers using Splunk Universal Forwarder. Hence, I would like to have CPU,MEM,Disk & Netwo...

by Explorer in

Include all Values in search results. Eliminate OTHER

Smaller values from a search get thrown into a bucket called 'Other'. I need all the values, even the small ones. ...

by New Member in

Does wildeward search in source attribute work?

I assume that searching with source=* should work? What could be the reason that this query works: index=prd_stats...

by Path Finder in

dedup on values of a field that match certain regular expressions

I have a few different values for a Status field that match a certain regular expression that I would like to dedup o...

by Contributor in

how to identify unique user entry

Log 11:34:23 http://www.rohm.com , customername="Hamilton",uuid="245209820udwdef34", customer id 5 Log 11:37:39 h...

by Explorer in

Calculating fields by groups of events

Hello, I need to group events by 3 filelds ip,login and city (one group with same login,same ip and same city), somet...

by Contributor in

How much of the time is...

I'm collecting lots of data about a large amount of machines with the linux and unix ta (but that's a bit irrelevant ...

by Engager in

Hot Spot Data

Just started using a mobile hot spot from a phone carrier, will I be able to monitor my data usage on the hot spot by...

by New Member in

Calculate a percentage from three events

Hi, I'm hoping you can help me I currently have a graph that have 3 events lets call them event1, event2 and event...

by New Member in

transaction group by two IDs

I have data that has two IDs for each transaction. Of course most logs have one or the other and only one has both. I...

by Builder in

Create charts by combining 2 different search outputs

I have 2 saved searches which returns single value output each index=app_1 sourcetype=app1 | stats count of errors ...

by New Member in

multiple headers

Hi, I have a couple of comma separated cisco log files which is suppose to have different set of headers or fields. T...

by Explorer in

How can I generate alerts when your laptop battery level reaches down to 20%?

I am just new with working with SPLUNK and I find it interesting to investigate this.

by New Member in

Run single search multiple times with different timeframes

I have a saved search named "myquery1". I want run this search 3 times (-60m@m, -4h@h and -12h@h). The above outputs...

by New Member in

Merging two chart together

Hi, I'm currently have 2 charts, one is the number of sms sent during office hour, the other is after office hour....

by New Member in

Lookup multiple values for one field

My lookup table contains two columns: one for the input field and one for the value which will be populated into the ...

by Path Finder in

Is it possible to rewrite the _time value for summary index events/

I'm using "collect" to send events to a summary index. Collect seems to put its execution time into the _time field o...

by Builder in

What is the Splunk ECCN classification ?

I need to know the Export Control Classification Number (ECCN) for the Splunk software.

by Communicator in

subsearch help

Not sure how to really explain this.... I would like to look in my windows logs for new installed products and lis...

by Contributor in

pipe separated instead of csv

I was wondering if it is possible to build a regex for a pipe separated file… Where the Header row carries the name o...

by New Member in

How to configure MV_ADD in the search language?

Hi I am trying to figure out how to count 'abc' string in the following string field. 2012/07/21 16:18:30 strin...

by Motivator in

Combining "stats dc(x)" with "stats dc(x) by y" in same search

I am having a ton of trouble expressing this query. Suppose I have 1,000 distinct people, and 25 cities. Over a ti...

by New Member in

How do I adjust a time calculation for results being generated in multiple timezones

I need to calculate the duration of time between events however my source does not adjust for timezones. In my ex...

by Communicator in

Ignore pairs of "matching" (not identical) events

I have a stream of events where a user has an activity={purchase, return, subscribe, unsubscribe} and product={prodA,...

by Esteemed Legend in

Timechart expression - No results found.

I'm having trouble computing an aggregate performance indicator. The following expression (which has the goal to obta...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Monitoring OS parameters using Splunk

Include all Values in search results. Eliminate OTHER

Does wildeward search in source attribute work?

dedup on values of a field that match certain regular expressions

how to identify unique user entry

Calculating fields by groups of events

How much of the time is...

Hot Spot Data

Calculate a percentage from three events

transaction group by two IDs

Create charts by combining 2 different search outputs

multiple headers

How can I generate alerts when your laptop battery level reaches down to 20%?

Run single search multiple times with different timeframes

Merging two chart together

Lookup multiple values for one field

Is it possible to rewrite the _time value for summary index events/

What is the Splunk ECCN classification ?

subsearch help

pipe separated instead of csv

How to configure MV_ADD in the search language?

Combining "stats dc(x)" with "stats dc(x) by y" in same search

How do I adjust a time calculation for results being generated in multiple timezones

Ignore pairs of "matching" (not identical) events

Timechart expression - No results found.

October Community Champions: A Shoutout to Our Contributors!

Community Content Calendar, November Edition

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions