Splunk Search

Discussions

Thread Info

Simplifing a search

Two Splunk users have saved basically the same search: searchterms | stats count by punct | table punct,count | ap...

by Contributor in

Search Head becomes unresponsive

Our search head becomes unresponsive after a few hours of operation. We then have to physically restart the server. r...

by Communicator in

xpath command splits the result string into single-character fields

Hi. There is a query that retrieves the name of XML element. It doesn't work as intended. The expected result for the...

by New Member in

How to perform nested if conditions in Splunk

Example 1: uatoken0=Linux uatoken1=U uatoken2=Android uatoken3=en-us Example 2: uatoken0=Linux uatoken1=An...

by Explorer in

regex returns no results

Hi guys I am doing an experiment in my local splunk. I imported some http logs including attack patterns. And I am...

by Explorer in

Index Event Properly

Hi, The event in my Log always has a prefix yyyy-MM-dd hh:mm:ss,SSS e.g. 2013-07-30 07:12:11,649 To have the event i...

by Contributor in

is there a way to find if a field itself is not being sent

Hi, we have a cookie that we pass in the web logs. Sometimes some of the requests are not sending the cookie itsel...

by Contributor in

timechart span=2hを指定した時の開始時刻について

timechartコマンドで、span=2hを指定するとグラフの開始時刻が必ず23:00から始まります。これを00:00からグラフ表示することはできるでしょうか？ 以下の検索コマンドを実行しています。 earliest=-7d...

by New Member in

サーチ文の中でtime rangeを作成する方法

サーチ文の中で、グラフを作成する為に自分でtime rangeを作成する方法はございますでしょうか。例えば以下のようなサーチの場合で、結果ででてくる時間を1～10分間、11～20分間、21～30分間のようにグループ分けして、チャー...

by Contributor in

Subsearch issue with specified fields

Hi I would like to get all sourcetypes for a specific app, which have normaly one index. So I tried this search ...

by Communicator in

generate a comma delimited list

I have the following search sourcetype = "DevicesInfo" | stats values(DeviceSubType) as series | makemv delim="," se...

by Builder in

sum the number of events based on list of possible values

I have an event with a field = message_id. I have to count the number of occurrences of this id based on a input lis...

by Communicator in

text box input for decimal numbers

Hi there, I have a text box input (SearchTextSetting module) where users can enter in a number, which is then used...

by Engager in

How do you count events in groups of matching eventtypes?

Looking for the count of events matching every eventtype combination. For instance: Given 5 events (e1..e5) that mat...

by New Member in

Get list of session id's that did not get a response from web service.

We are having a problem where requests are being sent to webservices but never return. I want to get a list of sessio...

by Engager in

What is Naming convention for files in dispatch folder?

From time to time, I would need to blast the folders in the dispatch folder. Can anyone shed some light on the naming...

by Contributor in

Splunk: Extract runtime search wildcards into key value pairs for analysis

I have a log4j server log with multiple lines formatted similar to the following: "10.1.1.1" "AUTH-USER" "22/Jul/2...

by Engager in

User keyword Lookup and Replace

I'm trying to use lookups to do a keyword search and I can't grasp my brain around the right way to do this. I've ...

by Builder in

Extract fields with a regular expression

I have fields in the format of LOG_ID, DEVICE_DATA, USERNAME, that I'd like to extract, and I'd like to exclude the d...

by Explorer in

Client is not authorized to perform requested action: search/jobs

The user can search normally but cannot search real-time. It gets the following message: [HTTP 403] Client is not ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Simplifing a search

Search Head becomes unresponsive

xpath command splits the result string into single-character fields

How to perform nested if conditions in Splunk

regex returns no results

Index Event Properly

is there a way to find if a field itself is not being sent

timechart span=2hを指定した時の開始時刻について

サーチ文の中でtime rangeを作成する方法

Subsearch issue with specified fields

generate a comma delimited list

sum the number of events based on list of possible values

text box input for decimal numbers

How do you count events in groups of matching eventtypes?

Get list of session id's that did not get a response from web service.

What is Naming convention for files in dispatch folder?

Splunk: Extract runtime search wildcards into key value pairs for analysis

User keyword Lookup and Replace

Extract fields with a regular expression

Client is not authorized to perform requested action: search/jobs

Announcing General Availability of Splunk Incident Intelligence!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Find the correct scope of an IP address

How to generate query from an event?

Windows Event Log of Account Creation Search?

How to convert large bytes to human readable units...

How to convert a large number to string with expre...