Splunk Search

Ask a Question

Discussions

Thread Info

Transactions that span time period are counted in stats in all time periods from start to end

I need stats on transactions (WAN outages) over a given period - 1 day, for instance - to be grouped by hour. Howe...

by Engager in

Regex - fqdn, basedomain etc. from URL in CK log

Hi there, I have taken the following regex from here... http://splunk-base.splunk.com/answers/9736/revisiting-r...

by Path Finder in

What is a good search where I can capture the last 24hrs of successful AD domain logins?

I need to identify how many authorizations (active directory domain logins) per day on average we have per domain con...

by Splunk Employee in

Splunk response time is quite slow when I use the lookup script

Splunk response time is quite slow when I use the lookup script presented below. The response time of the web service...

by Motivator in

REGEX to collect all data after final closing bracket

Hey Guys, Here are a few examples of the logs that we have. I am having trouble grabbing from the last bracket ] to t...

by Contributor in

User ID and Password

I forgot my user id and password

by New Member in

Unsure how to append additional field after stats command.

Hi all, I am trying to do the following search: sourcetype=squid 192.168.1.20 | stats sum(bytes_in) as bytes by sr...

by Path Finder in

Can both hostname and source IP be searchable?

Right now we have a lot of devices reporting syslogs into splunk. I'd really like to be able to search them by hostna...

by Path Finder in

host name from path using regex

I'm trying to learn some regex and I was hoping to get the host name from the path when entering a new data source, b...

by Explorer in

Real Time search for Today()

hi, it is possible to do a real time search for today? for the saved searches or reports, we can actually do a @...

by Explorer in

Splunk - Everyday checks to make sure everything is working fine.

Hi, I am new to Splunk. I have an environement with devices sending Syslogs and some ESX hosts. I would like check...

by Explorer in

What is this? how can I convert it?

I have exported an SQLite database in to an XML file (Using Navicat) and then indexed it in to Splunk. However Time a...

by Communicator in

What is the actual number of events?

When I look under "Manager->indexes", I see that my "main" index is about half full (240 of 500 GB), and the number o...

by Communicator in

suppression of events

We have a clustered domain controller environment and we have the same results coming though on different dc's. We on...

by Contributor in

Best way to query for multiple values in one row

Just got the splunk pdf guide, moved it to the iPad for some weekend reading, still trying to understand how | separa...

by Explorer in

Send certain fields to null queue

We are indexing logs from network devices and we need to reject or send certain fields to null queue. The logs loo...

by Explorer in

SQL Server connectivity using this connector

I have need to connect splunk infomration to sql server. What is the best way to do it? Can I use this connector to s...

by Engager in

sed replace help

I am using the following: eval link=http_referrer+uri_path | top link and I get http://www.foxnews.com//stat...

by Contributor in

position of a string in another string

I was looking through the functions available for locating the position of 1 string in another string, and couldn't s...

by Builder in

Best way to index SQLite DB file?

Hello, I need to index a SQLite DB file. However when I tell Splunk to monitor the file and I look at the indexed ...

by Communicator in

Building KV Pairs

Hi folks, I am trying to build KV pairs from some UNIX command output. The log entries look like the output below....

by Explorer in

duration of two consecutive log statement

Hi, I tried to use "transaction" command but I couldn't get what I wanted, I thought to ask the question here if s...

by Path Finder in

Return top item in a transaction, with fields appended

Greetings everyone. I am working with call records, and any particular record represents a call leg. Everything done ...

by Builder in

How splunk decide date/time in _time field?

How splunk will decide for date/time in _time field? I am getting strange date/time. In first event I don't hav...

by Builder in

Memory usage 100% stacked graphs for multiple servers?

Based on Stephen Sorkin's advice here, I'm attempting to create some 100% stacked graphs for memory usage across a nu...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Transactions that span time period are counted in stats in all time periods from start to end

Regex - fqdn, basedomain etc. from URL in CK log

What is a good search where I can capture the last 24hrs of successful AD domain logins?

Splunk response time is quite slow when I use the lookup script

REGEX to collect all data after final closing bracket

User ID and Password

Unsure how to append additional field after stats command.

Can both hostname and source IP be searchable?

host name from path using regex

Real Time search for Today()

Splunk - Everyday checks to make sure everything is working fine.

What is this? how can I convert it?

What is the actual number of events?

suppression of events

Best way to query for multiple values in one row

Send certain fields to null queue

SQL Server connectivity using this connector

sed replace help

position of a string in another string

Best way to index SQLite DB file?

Building KV Pairs

duration of two consecutive log statement

Return top item in a transaction, with fields appended

How splunk decide date/time in _time field?

Memory usage 100% stacked graphs for multiple servers?

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Building Momentum: Splunk Developer Program at .conf25

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions