Splunk Search

Discussions

Thread Info

Can we use conditional statements in transforms.conf ?

Can we use conditional statements in transforms.conf in case we are having different formats for the logs?? Or if we ...

by Communicator in

Machine Data same as Metadata

Are you using the term Machine Data to mean the same a Metadata? Is your software used for Metadata management? Th...

by New Member in

Comparing today's data with last week's data

Hi, I have a problem with comparing today's data with data from a week ago. Here is the query I run: sourcetyp...

by New Member in

Regex Question for Proxy Logs

I want to view all the HTTP GET Requests in the Proxy Logs to any website of the following format: http://example....

by Explorer in

Skeltalog and iis log mapping

How can do mapping between two different source type say for exp. mapping between skelta log and iis log

by Path Finder in

Conditional Statements

Hi Splunkbase, I was wondering if someone would be able to assist with a problem that I am trying to get my head ...

by Influencer in

Tomcat sum counted statistic over all 6 Log Levels

Hi, I want to create a chart for my tomcat logs. In result there should be a summarized countet statistic for the dif...

by Explorer in

Forward certain items to indexer and then split into multiple indexes.

I've got a heavy forwarder that is filtering out lines from a monitor. and the rest is being send to nullQueu prop...

by Explorer in

Combining Two Fields For Searching

So I'm trying to run a search in Splunk and have two fields combined to return one larger field. My basic search is: ...

by Path Finder in

Trouble with df script and charting

We use the "df" script to grab disk space data from one of our Linux servers. We use the following search to pull out...

by Builder in

How to show top 3 wbrs blocked domains per month

Hi, I would like to get the top 3 wbrs blocked domains with a value below -6.2 prestented by each month for the last ...

by New Member in

Make subsearch to use different timerange than main search

Hi guys, I'm looking for a solution to make a time range for my subsearch to be different from the main search (wh...

by Explorer in

How can I get box and whisker plot values?

I don't have any problem getting the Q1, Median, Q3, and IQR values using percX(), median and eval. What I'm having t...

by Path Finder in

Cannot search using sourcetype but can search with index

Hi, I have an app in my server, which is monitoring a directory (D:\Custom Install\Splunk_Sample_Data\Splunk_Pdn_S...

by Contributor in

Help! I cannot configure the proper search XML for a search feeding a table

This is my current idea of how a table with latency data should fit together, I am trying to mimic the "Real-Time mea...

by Engager in

Dedup in raw field

When I write searches in Splunk 90% of them is based on data this is only available in the _raw field not one of the ...

by Path Finder in

Can we use the eval command to calculate fields across different sourcetypes? What is the best approach?

Hello, I'm trying to do simple calculations with the eval command but the fields I need to calculate are spread ac...

by New Member in

Search will run in search app but not as hiddensearch

I have a search that will work fine manually in the search app, but when I try to incorporate it as a hidden search i...

by Builder in

how does search head pooling work with scheduled searches?

i like the idea of search head pooling with respect to ease of managing configs across multiple search heads. but i'm...

by Communicator in

Consequent days measurement?

Hi, Let's say "user X" visited my site on these dates: 2/3/2012 2/4/2012 2/5/2012 10/5/2012 11/5/2012 How can I co...

by Path Finder in

Splunk and Nested, time-stamped, folders

My log files are stored in nested folders of the following form: 1_1_2012 ..... 08_45_10_12 .......... logfile1 ........

by New Member in

how to delay results by a few minutes

I'm writing a search that is comparing the count of an event versus what happned one and two weeks ago. My search loo...

by Path Finder in

time lost duration format in a join search

I have a simple join search as follow, index=portal bam="audit" event="userLogout" | stats median(secSessDur) as m...

by Explorer in

timechart comparing event count

I want to create a time chart (line) based on the count of events for the past 24 hours, and one week earlier same da...

by Contributor in

Plotting 2 week moving average for response data

I am plotting reponse time data using the following search sourcetype="jboss" TOTAL SEARCH TIME CAREWEB AND NOT PM...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can we use conditional statements in transforms.conf ?

Machine Data same as Metadata

Comparing today's data with last week's data

Regex Question for Proxy Logs

Skeltalog and iis log mapping

Conditional Statements

Tomcat sum counted statistic over all 6 Log Levels

Forward certain items to indexer and then split into multiple indexes.

Combining Two Fields For Searching

Trouble with df script and charting

How to show top 3 wbrs blocked domains per month

Make subsearch to use different timerange than main search

How can I get box and whisker plot values?

Cannot search using sourcetype but can search with index

Help! I cannot configure the proper search XML for a search feeding a table

Dedup in raw field

Can we use the eval command to calculate fields across different sourcetypes? What is the best approach?

Search will run in search app but not as hiddensearch

how does search head pooling work with scheduled searches?

Consequent days measurement?

Splunk and Nested, time-stamped, folders

how to delay results by a few minutes

time lost duration format in a join search

timechart comparing event count

Plotting 2 week moving average for response data

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 3)

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Almost Too Eventful Assurance: Part 1

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions