Splunk Search

Discussions

Thread Info

Splunk and localization of numbers

I'm currently loading some localized CSV-files into Splunk which contains numbers formatted in a localized format (co...

by Engager in

Realtime search with offset

Hi, Does anyone know if it is possible to do a realtime search with an offset? The data that comes in has a delay ...

by Explorer in

Custom Searches - 'Out of Hours' timeframe

Hi All, I am currently trying to perform some monitoring, and am having a bit of trouble with the Splunk search en...

by New Member in

Stats sum function

index=hig `sourcetype="MainframeApps" |stats sum(count)|top limit=0 app_id app_name | fields + count, total_count, ...

by Contributor in

Sourcefire Syslog Regex Query

Hello, I am trying to pull out some information from a syslog. We don't have the money to purchase a Defense Center f...

by Path Finder in

IIS log comment removal not removing

Splunk is not removing commented out fields beginning with a "#" in indexed IIS logs. Any assistance would be greatly...

by Path Finder in

have to add wildcard to end of field value to search.. strange...

I have a field defined in a transform. The field appears to work fine in a chart, whatever, but to put it in a field ...

by Path Finder in

Large eventtypes reccomendations

I am in the process of making individual event types for about 175 types of log events from routers/firewall devices....

by Contributor in

"In the last 30 Days" VS "Last 30 Days"

When I have an inline search on a dashboard where the time range is set to -30d or -30d@d, my last time on my timecha...

by Explorer in

Splunk reading data from Microsoft SQL database

Hi, Can splunk read data from Microsoft SQL Server 2008? We have an application which logs business exceptions to SQL...

by Explorer in

Reverse running total/ sum needed

I can not figure out how to get the sum of all the information at the top without changing the other fields around. I...

by Contributor in

Field Extractions page not showing sample events that match my search

I search I specify a host and a source and specific string to search on. I have the results I want to see and now wan...

by Path Finder in

Importing External Lookup Table from PostgresDB

Hi, I would like to import an external lookup table from a postgres DB. What would be the best way to do this...

by Contributor in

Sum of running total at the top not bottom.

.....|top limit=0 app_id app_name | fields + count, total_count, percent,app_name, app_id | accum count AS total_coun...

by Contributor in

Is it possible to genereate parallell time charts liks this?

IS is possible to draw charts in Splunk that can show multi-channel data in the same chart? Similar to the multi-chan...

by Engager in

Regex extracting field values, but unable to find them when added to search

Hi Splunkers & Splunkettes, I am currently defining some sourcetypes for some db2 SMF logs and have finally got th...

by Builder in

v4.1.4 REGEX works.....v4.3.2 Doesn't

I have a hostname extraction TRANSFORMS.conf that works in v4.1.4, but since our upgrade to v4.3.2 it now doesn't ext...

by Communicator in

Comparing averages and counts between different hours

Hello, I have a search that returns records like those: PivotField1 hour1 countOfCalls averageDuration PivotField1...

by Explorer in

how to change result of alert from gzip to CSV?

Hi All, I have a problem. I create a scheduler search to retrieve a list of IP access to my web server exceeds a cert...

by Explorer in

How to quickly validate the metadata files of a given index and of all its buckets?

When the filesystem that Splunk uses to store its indexes becomes unavailable, goes into read-only mode or Splunk cra...

by Splunk Employee in

Field extraction and Splunk forwarding

I have systems sending data to splunk1 in the form: k1=v1 k2=v2 I have field extraction configured for the sourcetype...

by Path Finder in

Real-time search with fixed start

I'd like to create a real-time search and chart plotting logged values since midnight. My search is below. eventtype=...

by Communicator in

Map a closed network

Hello, I am curious if there is a solution to map internal networks that do not have connections to internet. We h...

by Path Finder in

how to sum everyday result

this is my search srcipt, it will show everyday use some apps count sourcetype="acclog" app="molly" OR app="wms" |...

by Explorer in

Static map of user ID with user name

A finger print server log generates a user ID. Active directory log has user name. I have excel sheet for the user ID...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk and localization of numbers

Realtime search with offset

Custom Searches - 'Out of Hours' timeframe

Stats sum function

Sourcefire Syslog Regex Query

IIS log comment removal not removing

have to add wildcard to end of field value to search.. strange...

Large eventtypes reccomendations

"In the last 30 Days" VS "Last 30 Days"

Splunk reading data from Microsoft SQL database

Reverse running total/ sum needed

Field Extractions page not showing sample events that match my search

Importing External Lookup Table from PostgresDB

Sum of running total at the top not bottom.

Is it possible to genereate parallell time charts liks this?

Regex extracting field values, but unable to find them when added to search

v4.1.4 REGEX works.....v4.3.2 Doesn't

Comparing averages and counts between different hours

how to change result of alert from gzip to CSV?

How to quickly validate the metadata files of a given index and of all its buckets?

Field extraction and Splunk forwarding

Real-time search with fixed start

Map a closed network

how to sum everyday result

Static map of user ID with user name

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown