Splunk Search

Discussions

Thread Info

Subtract two timestamps in one event

Hopefully this is a simple question, but I haven't found a way to do so using either the convert or eval commands. Ba...

by New Member in

Compare timestamps

Is it possible to compare two times and get the difference in seconds? I have a field I am extracting called rec_time...

by Path Finder in

How to specify SplitMode using simple form XML

Hi there, I can create a line graph with SplitMode, however there is no configuration guide for manually adding X...

by Motivator in

How can I configure axis and series with module

Hi There, I would like to know how to configure axis. With the following XML, I got _time on Y-axis and count on X...

by Motivator in

Display field uniques in search

Hi there, What I am after is quite straight forward really. I am trying to conduct a search of a particular index ...

by Path Finder in

GeoIP app not working correctly

Hi, I downloaded (installed via Splunk GUI) and am testing out the GeoIP app on my 4.1.4 search head. I'm having an i...

by Communicator in

Realtime search question

I have splunk forwarders configured on 3 machines going to a splunk receiver. I have a request to create a real-time ...

by Path Finder in

Computing average request time with mvcount fields and numerical field values

Hello, Is it possible to compute an average of the numerical field by dividing it by the mvcount field I am defini...

by Path Finder in

Where should the tags.conf file be located?

I am beginning to work with tags and am having partial success. I have a tags.conf file that I dropped into the local...

by SplunkTrust in

Trying to identify duplicate logs

I've found some logs in our splunk environment that seem to be duplicates (they differ only by their srcip field--whi...

by Path Finder in

PDFServer cant contact appserver: Proxy Authentication Required

Hi All my PDFserver cant contact the appserver. Both are running on the same host. How do I set these kind of prop...

by Explorer in

space-delimited txt file import

I have a datasource that i export to a text file that I need to import into splunk. The file has a header that looks ...

by Communicator in

Transaction event charting question

I was wondering if it is possible to chart results on a per event basis. By this, I mean that I have defined a transa...

by Path Finder in

download specific CSV columns via the web API?

What I want to do is pull down the results of a saved search as a CSV file, which will then be loaded into a data war...

by Explorer in

Transaction Search Using different fields across multiple logs

I am facing a problem with doing a transaction search across multiple logs (11 different sourcetypes) based on the ex...

by Path Finder in

Extracted fields issues

I'm experiencing weird issues with extracted fields : I have a custom field that basically get the hostname (in bold ...

by New Member in

count rex output within one line?

if I'm want to use a rex to pull out values at want to use the ?<xcount> psuedo-field to use in a chart, is this poss...

by Path Finder in

Do you have advenced xml example file to explain "Selector" module ???

Dear Sir Does you have advenced xml example file to explain "Selector" module ??? I can't understand the explana...

by Path Finder in

Search query for multiple login done by more than one pc

Hi all, someone can tell me how to do this query on the search app? multiple login done by more than one pc ...

by Path Finder in

Complex transaction searches with varying fields

What's the recommended approach when trying to correlate events together whenever the the events themselves don't all...

by Super Champion in

Help with transforms

Hello, I have been using splunk for about 6 months and continue to be amazed at what the product can do.. Anyway,...

by Path Finder in

Iplocation Command

I tried using the iplocation command on the searchHeadUI. I was using this search: index=na1 logRecordTypeL=1 | he...

by Splunk Employee in

How to disable typeahead

How do you disable typeahead? We want this turned off for all users by default.

by Path Finder in

Generic Host search only uses "all time"

When I choose a host from the Host list it automatically starts to search......but for "all time". I don't want to se...

by Communicator in

Separate combined log entries at search time

I have an ongoing problem that I hope just goes away when I upgrade completely to v4. My current setup is v3 Forwarde...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Subtract two timestamps in one event

Compare timestamps

How to specify SplitMode using simple form XML

How can I configure axis and series with module

Display field uniques in search

GeoIP app not working correctly

Realtime search question

Computing average request time with mvcount fields and numerical field values

Where should the tags.conf file be located?

Trying to identify duplicate logs

PDFServer cant contact appserver: Proxy Authentication Required

space-delimited txt file import

Transaction event charting question

download specific CSV columns via the web API?

Transaction Search Using different fields across multiple logs

Extracted fields issues

count rex output within one line?

Do you have advenced xml example file to explain "Selector" module ???

Search query for multiple login done by more than one pc

Complex transaction searches with varying fields

Help with transforms

Iplocation Command

How to disable typeahead

Generic Host search only uses "all time"

Separate combined log entries at search time

Upcoming Community Maintenance: 10/28

Best Practices for Metrics Pipeline Management

New Case Study: How LSU’s Student-Powered SOCs and Splunk Are Shaping the Future of ...

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6

openshift_events sourcetype suddenly missing in S...

Issue with StateSpaceForecast from the MLTK app

Notepad++ SPL syntax highlighting