Splunk Search

Ask a Question

Discussions

Thread Info

Inconsistency between Splunk api vs GUI search results.

Inconsistency between Splunk api vs GUI search results. I am using the Rest API. When I use a search language string...

by Explorer in

Lookup Script - REST API Calls from result set

I have the following result set: seed rovi$7389938 rovi$18133562 rovi$12759261 From this result set I need to ...

by Motivator in

Using variable in same search

Hi. I am going to set up the same search - for a lot of different hosts.(20) The result of the search is displayed...

by Communicator in

Row lookup

Is there any way to lookup row instead column cell? For example, row1: header_a, header_b row2: value_a, value_b r...

by Path Finder in

Is mappy here to stay?

I cannot lie, I love mappy. Especially for debugging/testing simple custom commands. Has there been any decision on w...

by Path Finder in

How to replace a subsearch ?

Hi, I am trying to count the number of users who receive a mail and do a particular action later sort by the date of...

by New Member in

caculating max count and time it occured

I have a query to calculate some hourly stats like index=txndata | bucket _time span=1h | stats count as Volume, m...

by Explorer in

How to seach using a concatenated string

Hi, I have a lot of sources like this: source="/u01/app/oracle/admin/AUD/audit/report/host-audit-report-2011-De...

by Explorer in

Cut the time range

In a search text is it possible to "cut" the time range selected in the "time range picker"? Exsample: Selecti...

by Explorer in

rex - multiple matches and using |

I'm trying to run several field extractions using the rex command. Here is a sample log format: ironportmail: Info...

by Explorer in

Timechart - Combining by columns

Hi All, Hoping you may be able to point me in the right direction. I have a log like this: TimeStamp="2011-12-1...

by New Member in

How to edit or delete a custom field

I have just created a field, and realized that is not what I want. I would like either delete it and create a new one...

by Engager in

Match two events that occur within certain time of each other

I am trying to perform a search that will show me when users have wireless problems. There are two events "associate"...

by Explorer in

search error message...where wrong?

my search | eval status_230=case(status < "400", "ok") | ~ error message - Encountered the following error whil...

by Communicator in

Calculate totals for disk space over time and show Top 20 disk hogs

I posted this question in the past here: http://splunk-base.splunk.com/answers/35859/timechart-command-to-calculate-t...

by Builder in

Compare today's data with yesterday's data, or today's data with last Friday's data if today is a Monday

As the title states, I'm trying to compare some data between today and yesterday. If yesterday is a Sunday, then use ...

by Communicator in

How to join multiple log streams together

We have our logs always generate a sessionid but each host has a separate sessionid with a link to the original as pa...

by Path Finder in

Searches and reports show no owner...

I have several saved searches and reports that are not working. When I view them in the searches and reports page it ...

by Path Finder in

Real time searching & transaction command

I'm running a transaction command against IP's in apache logs. If I'm running a real time search, will the transactio...

by Path Finder in

How to create a search-time field based on source port and facility

Very new to Splunk and need help. I have close to 20 syslogd/syslog-ng streams coming in on 3 ports: udp/10513, tc...

by Engager in

Lookup in range value

Can I use lookup in a range value situation ? For example, the IP address: 10.0.1.0/24 for A area 10.0.2.0/24 for B a...

by New Member in

create a simple table

hi there, I have a log like this ip=192.168.20.10, size=458372, url=http://download.microsoft.com I have a l...

by Explorer in

adding fallback ("others") to a lookup table

Hello, Following up on the excellent answer to my question about (essentially) using a lookup table, I wonder how ...

by Communicator in

Don't get eval based macros

I just can't seem to understand how the eval based macros are supposed to work I wrote a very simple macro [TES...

by Explorer in

F5 LTM: default send string

A Splunk customer of mine has set up the Irule to communicate with Splunk and take advantage of the Splunk for f5 Net...

by Splunk Employee in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Inconsistency between Splunk api vs GUI search results.

Lookup Script - REST API Calls from result set

Using variable in same search

Row lookup

Is mappy here to stay?

How to replace a subsearch ?

caculating max count and time it occured

How to seach using a concatenated string

Cut the time range

rex - multiple matches and using |

Timechart - Combining by columns

How to edit or delete a custom field

Match two events that occur within certain time of each other

search error message...where wrong?

Calculate totals for disk space over time and show Top 20 disk hogs

Compare today's data with yesterday's data, or today's data with last Friday's data if today is a Monday

How to join multiple log streams together

Searches and reports show no owner...

Real time searching & transaction command

How to create a search-time field based on source port and facility

Lookup in range value

create a simple table

adding fallback ("others") to a lookup table

Don't get eval based macros

F5 LTM: default send string

Advanced Splunk Data Management Strategies

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...