Splunk Search

Discussions

Thread Info

why is addinfo not working in my search?

I asked a few weeks ago how to get the total duration of my search timeframe and was told to use addinfo. Got it work...

by Explorer in

Calculate Percentage

I've been going around in circles on this all day and at this point figured I would post my question here: sourcet...

by Builder in

Dynamic renaming of column header in a table

How do I get timeColumnName to read as "July"? It needs to be dynamic. Keying off of the eval or something similar. ...

by Explorer in

How to get count of c-ip from IIS logs indexed by splunk

Hi All, I am using Microsoft's Log Parser tool with which I can query my IIS logs. Now I have a query to select di...

by Engager in

How to use external variables in search command?

application.js value = Splunk.util.getParameter("name"); localStorage.setItem("name",value); I saved parameter val...

by Engager in

Correctly Script SQL Queries

Hi I have a batch file that executes a sqlserver query using sqlcmd. The contents of the batch file are: sqlcmd...

by Explorer in

Field search not working?

Hello, I have records that look like this: 2012-09-24T18:31:38: ^^ AAA ^^ BBB ^^ CCC ^^^ DDD ^^^ EEE The record...

by Explorer in

Finding the earliest event by Splunk server & index

I'm trying to come up with a query that shows me the earliest (oldest) event in each index on every server that I hav...

by Path Finder in

search fails in xml file

The following search works fine in the Splunk search: index=mydata | rex "\s+IP\s+(? \d+.\d+.\d+.\d+).(? ...

by Contributor in

Splunk Server in (windows 2008 r2) is not searching data

Hi, Due to some issue the splunk server is not searching any data and getting bellow error. even I am not able to tel...

by New Member in

how to get user system ip

Hi , I am trying to track who all using splunk and ip address of there system.I found this query index=_audit acti...

by Communicator in

Add 'static' field to all events from a source (syslogs)

I have a dedicated index for syslogs that I would like to add a 'static field' to: MonFunc=sysmsgs ### Add to all ...

by New Member in

Most/More efficient way of counting incomplete transactions?

I'm using events from 2 sourcetypes to determine whether a transaction is complete. Quite simply, if there are 2 even...

by Champion in

Abstract Lookup

We have several applications that we monitor and have written dashboards for. We would like to have one lookup table ...

by New Member in

How to use transaction

Hi, User want to see 100 events after a particular event or String eg Id=987. I have used transaction for that.But...

by Communicator in

Return matching fields from two sources

I have two different sources that I need to find and return all matching instances of a field. Unfortunately, the fie...

by New Member in

How do I know if a host is not sending me data?

If I have a lookup table formatted like this: lookup_host,os host1,linux host2,linux host3,sunos And s...

by Contributor in

Extract more values for the same item in one row

Hello, I have the following output of a script: fcs1 0 0 0 1 0 1 0 1 1 1 fcs2 0 0 0 1 1 1 0 0 0 0 fcs3 0 0 0 1 1 1 1...

by Explorer in

Can one make contents of all views that are used in application? It really makes sence to have such information on th...

by Builder in

append two search result by #

I want to append two (or more) search results by event number search1: # _raw 1 a 2 b 3 c search2: # _raw 1 x 2 y 3 z...

by Contributor in

Timechart & Span

Hi, I am collecting some disk performance stats via a Splunk Forwarder from a Windows Server. I am now trying t...

by Explorer in

How to remove the VALUE attached to a word with _ before the name

I have the following search string which I use to create a line chart: ....| timechart span=1d sum(kb) by series ...

by Path Finder in

using a inputlookup on string values - regex match?

I am currently matching a list of "bad ips" with a search such as this index=someindex NOT uri="/dot_clear.gif" [|...

by Contributor in

How do I extract timings from chained events using start and end times

We have the following events (dots represent other events for clarity) and would like to extract on a per process bas...

by Explorer in

Can I set a specific link for a given field in a search table

Hi there folks, I am building a custom alerts dashboard based on a search that returns a table (see demo screen be...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

why is addinfo not working in my search?

Calculate Percentage

Dynamic renaming of column header in a table

How to get count of c-ip from IIS logs indexed by splunk

How to use external variables in search command?

Correctly Script SQL Queries

Field search not working?

Finding the earliest event by Splunk server & index

search fails in xml file

Splunk Server in (windows 2008 r2) is not searching data

how to get user system ip

Add 'static' field to all events from a source (syslogs)

Most/More efficient way of counting incomplete transactions?

Abstract Lookup

How to use transaction

Return matching fields from two sources

How do I know if a host is not sending me data?

Extract more values for the same item in one row

Table of contents

append two search result by #

Timechart & Span

How to remove the VALUE attached to a word with _ before the name

using a inputlookup on string values - regex match?

How do I extract timings from chained events using start and end times

Can I set a specific link for a given field in a search table

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

Using the map command with a subsearch not working

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

StateSpaceForecast holdback and forecast_k for eva...