Splunk Search

Ask a Question

Discussions

Thread Info

New user - trying to work out a report - Followup questions

Appreciate the answer to my original question, but it leads me to a couple of additional issues: 0) As I write thi...

by Explorer in

Why do I get different results when I search my extracted field?

I have an extracted field called ruby_completed_call, that extracts the completion time from a ruby log: Processin...

by Splunk Employee in

Need help on subsearch

I have a log statement that looks list this: ipAddress=1.2.3.4,userId=42,productId=24 Currently I manually first s...

by Path Finder in

How to add a column with date field in a chart

I have this query- index=myIndex logRecordTypeX=1 (logName="abc" OR logName="def" OR logName="ghi" OR logName="jk...

by Path Finder in

tracking number of indexed events: how to chart, how to summarize

The following tells me how many events I'm indexing every 5 minutes. index="_internal" group="thruput" | bucket _t...

by Communicator in

after bucketing, how to search/look for a threshold?

The following tells me how many events I'm indexing every 5 minutes. index="_internal" group="thruput" | bucket _t...

by Communicator in

need to know a rough idea of how many times something occurred

As a system administrator, sometime I only need to know a rough idea of how many times something occurred. For exampl...

by New Member in

New user - trying to work out a report

I am a brand new Splunk user - could use a couple of pointers getting started on reporting... I have a dataset tha...

by Explorer in

Monthly event count

I'm trying to get a monthly event count for all indexed data on a splunk server. I've searched on how to do it, but I...

by Explorer in

How do I extract Key Value pairs from Ruby on Rails logs?

I am trying to extract field and key/value parameters from a ruby on rails log file. What ways can I do this? My even...

by Splunk Employee in

Trying to use FSChange for monitoring filesystem, getting a ton of sources and sourcetypes

Hello, I need to monitor a handful of application directories and system32 for changes. I utilized FSChange with r...

by Communicator in

Subsearch - what is the scope of the outer search?

When using subsearch, What is the scope of the outer search? Is the outer search executed against the result set of t...

by Path Finder in

AVG of Size by day

Hi all, i need to take the avg of Size by day. sourcetype="sophos" pmx_action="keep" fur!="none"| bucket _time sp...

by Path Finder in

Use search results for another search

Hi, I want to use the search results as an argument for another search (with different source), like this more or ...

by New Member in

Translate ID to Name

Hi I'm using 4.1 and I want to translate an ID, which came from a search result, into a Name from an importet csv ...

by Communicator in

Timechart with avg from calculated values

I am trying to build a timechart that includes the avg rate we pay our carrier per min over time. The issue is for me...

by Path Finder in

Extracting unique IP addresses by Username

Currently working on a IIS log file with standard fields. I’m looking to first determine the unique Usernames contain...

by Explorer in

Is there a method for rolling data completely out of an idex based on its age?

I have a need to automatically roll data completely out of an index so that it's no longer searchable after a number ...

by Explorer in

Report on Busiest Hour

If I have an eventtype with a duration=X seconds field, I can chart the concurrency with eventtype=ABC | concurrency ...

by Splunk Employee in

Get timerange which define by user

I would like to calculate the availability(i.e. duration/total time * 100) of device. I get the uptime time duration ...

by Path Finder in

Show time reports for a count search

Dear All, I'm doing a search with a summarize count at the end. The search is the following: (eventtype="search...

by New Member in

Conditional-ish Sums

This is killing me. I'm trying to sum the bytes crossing my boundary in each direction. For TCP sessions, I have a...

by Communicator in

tostring commas on a negative number

Hello ALL! x=-241 eval final_x=tostring(x,"commas") It shows [-,241], but it should be [-241]. How could ...

by Path Finder in

Compare values in search

Hello, I've read through some of the other questions on here to try and find an answer to my question, but i'm sti...

by Builder in

Assuming implicit lookup table with filename blah.csv

Why do I get this message? Assuming implicit lookup table with filename sidtodn.csv It seemed to me that I was...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

New user - trying to work out a report - Followup questions

Why do I get different results when I search my extracted field?

Need help on subsearch

How to add a column with date field in a chart

tracking number of indexed events: how to chart, how to summarize

after bucketing, how to search/look for a threshold?

need to know a rough idea of how many times something occurred

New user - trying to work out a report

Monthly event count

How do I extract Key Value pairs from Ruby on Rails logs?

Trying to use FSChange for monitoring filesystem, getting a ton of sources and sourcetypes

Subsearch - what is the scope of the outer search?

AVG of Size by day

Use search results for another search

Translate ID to Name

Timechart with avg from calculated values

Extracting unique IP addresses by Username

Is there a method for rolling data completely out of an idex based on its age?

Report on Busiest Hour

Get timerange which define by user

Show time reports for a count search

Conditional-ish Sums

tostring commas on a negative number

Compare values in search

Assuming implicit lookup table with filename blah.csv

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions