Splunk Search

Discussions

Thread Info

totalCount in |metadata command: current number of events or lifetime count of events?

Is the number of events reported as totalCount in | metadata... the lifetime running total of the events for that ...

by Motivator in

search regular expressions without field extraction

I would like to perform a regular expression search without any field extraction. I know you can do asterisks for thi...

by Builder in

execute search and replace parts with result from sql query

So i have a splunk deployment that i have a saved search that is want to transform the user_id in to a related piece ...

by New Member in

How can my custom search command tell when a search is done?

I have a custom search command which uses the streaming API to retrieve query results. Here's a snippet: results...

by Splunk Employee in

use splunkd metrics eps and 7 day average

I would like start setting baselines for devices that are sending logs to splunk. An example: using splunkd metrics g...

by Communicator in

Can splunk do stats multimode(field)?

Splunk support the statistical function "mode(X)". According to the Splunk documentation this function returns the mo...

by Motivator in

Percentage in the return of a query about values ()

In the manual we have: sourcetype=access_* action=purchase [search sourcetype=access_* action=purchase | top limi...

by Engager in

Can someone please give an example on how this is done after its successfully configured?

http://docs.splunk.com/Documentation/Splunk/4.2.4/User/RealtimeSearch#Real-time_backfill Realtime backfill, how is...

by Builder in

Sorting X axis by month

I have the following search which displays amounts of records by month (X-axis). index="billing" suspededrecords ...

by Path Finder in

How to snap span with bucket

So I want use bucket to group my data by weeks that start on Mondays if I change my query to use earliest=-1w@w1 late...

by Explorer in

Looking to filter out C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan events

Once a week when Symantec runs a full scan our quota gets blown out of the water. Is there a way to filter these even...

by Engager in

Can I chain together two searches in Splunk Web?

Is it possible to chain together two searches? Basically, need to grab the IP address from my webserver logs (if it r...

by Explorer in

round funtion usage to round the decimal dgits after the precision

Hi , I have been using the stats avg(duration) as Avg_Duration in my query.But while displayin the Avg_Duration i ...

by Motivator in

Field extraction on all inputs

Is it possible to apply a search-time field extraction to all inputs? Our log files (across multiple hosts, source...

by Path Finder in

Multiple key value pair extraction

I have multiple key value pairs in a line like so: summary=" Policy Rule modified" summary=" Policy Rule number 2 mod...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

totalCount in |metadata command: current number of events or lifetime count of events?

search regular expressions without field extraction

execute search and replace parts with result from sql query

How can my custom search command tell when a search is done?

use splunkd metrics eps and 7 day average

Can splunk do stats multimode(field)?

Percentage in the return of a query about values ()

Can someone please give an example on how this is done after its successfully configured?

Sorting X axis by month

How to snap span with bucket

Looking to filter out C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan events

Can I chain together two searches in Splunk Web?

round funtion usage to round the decimal dgits after the precision

Field extraction on all inputs

Multiple key value pair extraction

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update

How to combine rows based on parent-child relation...

Outputlookup to a kvstore does not write results

How do I limit a search to everything except the t...

StatsBuffer::read: Row is too large for StatsBuffe...

Search based on a previous conditions. Or alert th...