Splunk Search

Discussions

Thread Info

Percentage change in event counts

I need to calculate the percentage increase/decrease in the number of events in the last 5 minutes compared to the pr...

by Path Finder in

Count Command

Hi, I'm experiencing some difficulties when using count, the below search query works by listing sip (source ip) a...

by Explorer in

Can timestamp be conditional according to data content

My csv data contains a number of timestamps. I want the timestamp field to be conditional on the result of another fi...

by SplunkTrust in

Filtering with dedup depending on number of results

I got a search that monitores my Netbackup jobs in real time. search = index=Infra_NB sourcetype="NbJobs" site=$si...

by Communicator in

Filter fields per role access?

Hi! I would like to ask question whether its possible to filter certain fields per role. For example, If I h...

by Communicator in

Webknight Field Extractions and Header Exclusions

If anybody uses WebKnight ISAPA filter in your environment you will probably have spotted that the log file formal ca...

by Explorer in

Search is truncating results to a smaller result set after completion

Hello, I'm running a fairly complex search using transactions in order to identify an error occurring in a distinc...

by Explorer in

Indexing internals

Hi, I'm planning the event sources for Splunk and I'd like to know (if someone could give an answer) how does spl...

by Engager in

dbx query timeout

Is there a flag in the dbx app that times out a query if it exceeds a certain time? We have an SLA that our queries c...

by Splunk Employee in

Sort column headers in timechart

Hi, I've got a timechart with several columns. The headers of these columns are numbers (0,1,2,3... etc) and I wou...

by Motivator in

Duration with just days (2)

source="J:\\B6 Files\\Web Logs\\Vegas\\access_logs\\star.log" INFO star | rex field=_raw "INFO (?<report>star) - (?...

by Explorer in

How to create multiple radial gauges from a singel query?

I have a query that produces 4 field values. I am looking for a way to use thae gauge command to create multiple gaug...

by New Member in

Creating Chart Overlays in Splunk 6

All, I'm trying to implement overlays for the dashboard panel I am working on. I want the exactly the same chart ...

by Contributor in

Time of Day on Y Axis

I'm trying to create a chart that has the time of day on the y axis. I have a results table that looks like this: ...

by Communicator in

Chart Android over Iphone apache logs

so I have index=apache useragent=android | timechart etc etc index=apache useragent=iphone | timechart etc etc ...

by Builder in

How to get total for line count then subtotal for another field in the same query?

Hi - Very new to splunk. I have the following query that gives me total count for a specific log: LOGGING strin...

by Path Finder in

How do you reference the value of a transaction

Does anyone know if it is possible to reference the value of a transaction? For instance transaction account s...

by Path Finder in

Extract information via regex

Hi guys, I need some help to split the field below: xyu_0987|123456:123456|123456:123456, before the first p...

by Contributor in

searchtime field extraction, ignore event prefix

Hi all, I'm using props and transforms to extract fields, all the fields are extracted properly, except the first ...

by Path Finder in

Sum max(count) from multiple hosts

Hi I have 4 hosts. Each host collects error logs. Each log consists of a Counter, like so: 2013-12-02 11:23:26,...

by Path Finder in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Splunk Search

Discussions

Percentage change in event counts

Count Command

Can timestamp be conditional according to data content

Filtering with dedup depending on number of results

Filter fields per role access?

Webknight Field Extractions and Header Exclusions

Search is truncating results to a smaller result set after completion

Indexing internals

dbx query timeout

Sort column headers in timechart

Duration with just days (2)

How to create multiple radial gauges from a singel query?

Creating Chart Overlays in Splunk 6

Time of Day on Y Axis

Chart Android over Iphone apache logs

How to get total for line count then subtotal for another field in the same query?

How do you reference the value of a transaction

Extract information via regex

searchtime field extraction, ignore event prefix

Sum max(count) from multiple hosts

Create custom command search

Help with Transforming an ingest of timestamped da...

How to generate alarm for when CPU peaks at100% o...

Difference between per_second and span=1s in timec...

Compare entry date to the selected revisit date to...