Splunk Search

Discussions

Thread Info

How to display rate from field value

Very new to this pipeline way of thinking, so apologies if this is trivial... I am logging every 10 seconds the to...

by Communicator in

Bug in interactive field extractor (IFX)?

There seems to be a bug in the interactive field extractor regarding the naming of fields. If copy-pasting a regex (c...

by Ultra Champion in

Apache Traffic Server and splunk

Is there any splunk app for apache traffic server logs to provide Web intelligence?

by New Member in

Match fields in chart

I am a Splunk newcomer. Not sure if this is a good title but here is the data set (11,000 events, one for each VM): ...

by Explorer in

Min, max and average in column totals.

I have the following search: blah, blah, blah earliest=0 |eval User = UserName." --- ".UserId | convert mstime...

by Contributor in

web traffic

Hi, I'm trying to use Splunk for the first time to monitor a web traffic on a windows server with iis. I have install...

by New Member in

Large Source.data file

We have a very large Source.data file, which we think maybe causing issues. It contains around 50 million rows. Is...

by New Member in

Transaction trouble with ping events...

Hi there, I am trying to solve a problem with some ping events (not parsed, just literally the output from recurs...

by Influencer in

possible to get raw data instead of csv in script?

hi, I have a script that uses this code http://splunk-base.splunk.com/answers/45794/want-to-forward-contents-of-st...

by Path Finder in

How to change timeline's span while not changing event's span

Hi guys, I faced this problem when implemented "Export" functionality to my reports. Unfortunately, time there was...

by Explorer in

Bucketing text values

Hi I was wondering if there is a way to use the bucket command on fields that have text values. If not, is there ...

by Path Finder in

charting customization

In our search the values of transaction duration field comes in Milliseconds those could be like 41,42,50,300,500 and...

by Path Finder in

Perform stats on full data and deduplicated data

Hi I need to present a simple couple of counts on some IIS logs. One count will be raw, total hits, the other will...

by Path Finder in

Can we use conditional statements in transforms.conf ?

Can we use conditional statements in transforms.conf in case we are having different formats for the logs?? Or if we ...

by Communicator in

Machine Data same as Metadata

Are you using the term Machine Data to mean the same a Metadata? Is your software used for Metadata management? Th...

by New Member in

Comparing today's data with last week's data

Hi, I have a problem with comparing today's data with data from a week ago. Here is the query I run: sourcetyp...

by New Member in

Regex Question for Proxy Logs

I want to view all the HTTP GET Requests in the Proxy Logs to any website of the following format: http://example....

by Explorer in

Skeltalog and iis log mapping

How can do mapping between two different source type say for exp. mapping between skelta log and iis log

by Path Finder in

Conditional Statements

Hi Splunkbase, I was wondering if someone would be able to assist with a problem that I am trying to get my head ...

by Influencer in

Tomcat sum counted statistic over all 6 Log Levels

Hi, I want to create a chart for my tomcat logs. In result there should be a summarized countet statistic for the dif...

by Explorer in

Forward certain items to indexer and then split into multiple indexes.

I've got a heavy forwarder that is filtering out lines from a monitor. and the rest is being send to nullQueu prop...

by Explorer in

Combining Two Fields For Searching

So I'm trying to run a search in Splunk and have two fields combined to return one larger field. My basic search is: ...

by Path Finder in

Trouble with df script and charting

We use the "df" script to grab disk space data from one of our Linux servers. We use the following search to pull out...

by Builder in

How to show top 3 wbrs blocked domains per month

Hi, I would like to get the top 3 wbrs blocked domains with a value below -6.2 prestented by each month for the last ...

by New Member in

Make subsearch to use different timerange than main search

Hi guys, I'm looking for a solution to make a time range for my subsearch to be different from the main search (wh...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to display rate from field value

Bug in interactive field extractor (IFX)?

Apache Traffic Server and splunk

Match fields in chart

Min, max and average in column totals.

web traffic

Large Source.data file

Transaction trouble with ping events...

possible to get raw data instead of csv in script?

How to change timeline's span while not changing event's span

Bucketing text values

charting customization

Perform stats on full data and deduplicated data

Can we use conditional statements in transforms.conf ?

Machine Data same as Metadata

Comparing today's data with last week's data

Regex Question for Proxy Logs

Skeltalog and iis log mapping

Conditional Statements

Tomcat sum counted statistic over all 6 Log Levels

Forward certain items to indexer and then split into multiple indexes.

Combining Two Fields For Searching

Trouble with df script and charting

How to show top 3 wbrs blocked domains per month

Make subsearch to use different timerange than main search

Best Strategies to Optimize Observability Costs

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...