Splunk Search

Discussions

Thread Info

Missing data ?

I am using the free license trying out Splunk. I've noticed that some data(events) are missing when I do a search. I ...

by Explorer in

Extract IP from TCPDUMP

How can I extract the source IP from the following log format? 16:13:40.860435 IP 192.54.112.34.domain > 61.220.8....

by Contributor in

How can I remove the 0 values for time > now in a timechart that compares today to last week?

I have a timechart that plots today's and last week's values using the following search: sourcetype="Remedy_Ticket...

by Path Finder in

Average time on only top results

I'm trying to get the top 10 uri's from our IIS logs, and get the average time taken on each of those. I can't quite ...

by Path Finder in

How to get the result set of the last sample without using head search command

Hi, Any idea how to get the result set of the last sample without using head. Let's say we have a summary index wi...

by Motivator in

Two Unrelated Searches -- One Report

Is it possible to attach two searches to a single report? SEARCH ONE (daily report by host, time ranged -1d@d to @...

by Explorer in

Flash Timeline in view for SavedSearch

I'm having trouble getting a flash timeline to populate with the results of a saved query in a view I'm trying to mak...

by Path Finder in

Combining Multivalues together inside a field

I've got a field named "User" which holds the names of all the users of our service. Some users have similar names an...

by Communicator in

Extracting information via Regex

Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: ...

by Contributor in

Conditional searches

Hi, We have gotten quite a complex search request, which we are not sure if is possible at all. If the application...

by Engager in

Spread one event across multiple bins

I need to determine peek bandwidth from IIS logs. The logs have both the amount of bytes sent and the time taken (in ...

by Path Finder in

how to add the results of two searches as two columns

I am running two different searches to get the total number of successful Logins and Unsuccessful Logins. The searche...

by Communicator in

spath xml parsing

I'm trying to extract the "user.name" field from the XML below (in pastebin). However, I can't seem to write an spath...

by New Member in

how to do distinct count over a multivalue data conditionally?

Hi, I have the following search which returns the avg number of "EnterPlace" actions in a session (a transaction = a ...

by Path Finder in

Events from new index are not showing up

I have inherited a fairly undocumented splunk deployment which looks as follows (splunk 4.3.2): Forwarders -> 2x H...

by Explorer in

HTTP Post request using REST API not returning results

I am using ASP.NET with C# to call a search job in Splunk. When I run the search in Splunk, it returns results but th...

by Engager in

Time zone question?

My logs are coming from different time zone, that is ahead 4.5 hrs. I know I can't specify the time zone in Univer...

by Builder in

How do underscores affect searches?

While performing a search for log messages that contain the string "URIBL_" I got a lot less hits than by grepping th...

by Path Finder in

graphing a logs per second value

I'm using this query to graph how many web requests are being logged per second: index="bigip_ltm" (event=HTTP_REQ...

by Path Finder in

Can we color the table cell text display by SimpleResultsTable module in Splunk

Right now I have my search like this my search..| stats list(EventID), list(Time), list(EventDescription) by CustI...

by Contributor in

Charting over column header

Hi everyone! I'm a new splunk user, and I have a quesion about chart formatting. Here is the results of a search I...

by Contributor in

Relevance of Ratings Based on Different Weights by ID

Hi, beginner here having problems trying to write a query. In my data, I have an event that records when an app is...

by Engager in

field extraction

I am able to execute the below search command using rex and retrieve the output successfully index=xyz | rex field...

by Engager in

Rex on an extracted field

Hi, I'm trying to extract the cluster name of my servers using the host name. So we have something like host=clus...

by Path Finder in

Simple Search

Sorry, I don't use Splunk much so I am sure this is an easy search for you all. I am trying to get a complete lis...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Missing data ?

Extract IP from TCPDUMP

How can I remove the 0 values for time > now in a timechart that compares today to last week?

Average time on only top results

How to get the result set of the last sample without using head search command

Two Unrelated Searches -- One Report

Flash Timeline in view for SavedSearch

Combining Multivalues together inside a field

Extracting information via Regex

Conditional searches

Spread one event across multiple bins

how to add the results of two searches as two columns

spath xml parsing

how to do distinct count over a multivalue data conditionally?

Events from new index are not showing up

HTTP Post request using REST API not returning results

Time zone question?

How do underscores affect searches?

graphing a logs per second value

Can we color the table cell text display by SimpleResultsTable module in Splunk

Charting over column header

Relevance of Ratings Based on Different Weights by ID

field extraction

Rex on an extracted field

Simple Search

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!