Splunk Search

Ask a Question

Discussions

Thread Info

search - generate a (time, causes, count) collums table

How can I correctly get a (time, causes, count) collums search from the following input data example? EXECUTION...

by Builder in

Preserving multi-value fields through custom search command

Hello, I'm trying to build a Python custom search command. The command is run after a transaction, and adds values...

by Path Finder in

Field extraction and regex strategy

I have log that looks like this: 2012-02-23 09:25:21 VShellSSH2 sftp 108660 172.59.56.8 62386 NESTLE - C:\SFTP\NES...

by Builder in

stats for a given time range for last 30 days

I would like to get an average of a any given value for a time range say 7:00 PM to 8:00 PM over last 30 days. Wou...

by Explorer in

order of sub searches changed when using saved search or the summary page

in 4.1.6 On the UI, I can run a search with a sub search in the condition. index="_internal" source="log" OR [ sea...

by Communicator in

Limit WMI Input

We pull in all the security event logs using WMI. However, it's pulling in WAY too much data. Is there a way to limit...

by Explorer in

Frequency Distribution charts?

How can I compute a frequency distribution chart? For example I want to take the time_taken from my IIS web-serve...

by Engager in

How to map all the fields of IIS W3C to Splunk fields

I wanted to see a detailed analysis of IIS logs in W3C (which is being fed to Splunk). I could not get all the availa...

by Explorer in

Read/convert Checkpoint log files

Hi. I have a Checkpoint firewall managed by my WAN provider, and would like to be able to do more with the logs th...

by New Member in

corrupted CSV results / Python API

Hi, I'm using the Python SDK to export some search results to a CSV file, but the results seem to be somehow corru...

by Explorer in

default umask for file creation on OS

Splunk runs as root so it has access to monitor anything on the system without managing those permissions. I ran thi...

by Communicator in

I need help with time stamp recognition

Hi. I've just started with Splunk and need help setting up file input. The log files looks like the below. A heade...

by New Member in

Running Total

I am trying to get a running total for the number of events field. I can not get a column that adds up every 'number ...

by Contributor in

Error in 'inputlookup' command

I get the following error: "Error in 'inputlookup' command: This command must be the first command of a search." ...

by Path Finder in

Events not found, even though dashboard says there are

I have a universal forwarder pulling in a log file from a linux server. It has been working just fine up until the ot...

by Path Finder in

how to create fields from _raw field

How to create a field from _raw field? my _raw field have some common pattern e.g. I0703 15:07:20.627351 3108 l...

by Builder in

Calculate time difference, then calculate average duration per severity level

This is a sample snippet from a very large log file: lastOccurrence=2012/07/05 13:56:14|firstOccurrence=2012/06/18...

by Contributor in

What's the wrong in this search?

I want to extract processid from my log and here is query eventtype=statustrace | regex _raw="^[IEWF]" | rex field...

by Builder in

Field transformation

hello, I have this following log in Splunk: RS:D2T,PAN:1/1,Req:fr18126,User:a169805,TKN:g00e29dfd883effecba,H:W...

by Communicator in

limit to case function?

Hi this is a simple case query I ran on splunk ... | eval country=case(country="US","USA",country="CA","CA","rest"...

by Path Finder in

where did result of search store?

Hi Everyone, I have one question. I have excuted searching and created alert data in splunk. I saw alert on tab alert...

by Explorer in

Extracting Report from CISCO FW Logs

We have installed Splunk recently and forwarding our Cisco FW logs through syslog. We have also installed the Splunk ...

by New Member in

How to insert static data in dashboard?

Hello Let's say there are several Excel tables and it is needed to make graphs using its data in Splunk dashboard....

by Builder in

Monitor specific set of Processes from WMI

Hi, What I'm attempting to do is monitor a specific set of processes on a machine. For this, I am obtaining data f...

by Explorer in

grouping similar field values

I have a set of events that are generated with locations in the form of xloc and yloc. (z, or height, is irrelevant) ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

search - generate a (time, causes, count) collums table

Preserving multi-value fields through custom search command

Field extraction and regex strategy

stats for a given time range for last 30 days

order of sub searches changed when using saved search or the summary page

Limit WMI Input

Frequency Distribution charts?

How to map all the fields of IIS W3C to Splunk fields

Read/convert Checkpoint log files

corrupted CSV results / Python API

default umask for file creation on OS

I need help with time stamp recognition

Running Total

Error in 'inputlookup' command

Events not found, even though dashboard says there are

how to create fields from _raw field

Calculate time difference, then calculate average duration per severity level

What's the wrong in this search?

Field transformation

limit to case function?

where did result of search store?

Extracting Report from CISCO FW Logs

How to insert static data in dashboard?

Monitor specific set of Processes from WMI

grouping similar field values

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions