Splunk Search

Thread Info

Getting the timestamp when the status has changed

We are getting the data from Database for every 5mins. Even the field value doesn't change the same value will be i...

by New Member in

How to reassign orphaned search in splunk light?

we use splunk light in 7.1.0. I deleted a User last week and did not recocnized that their was a sheduled search of...

by New Member in

Regex expression

prd-sso-data-science-711-3006-compute-role dev-1000-535-aibench-mlops-service-compute-role above are the fiel...

by Loves-to-Learn Lots in

Splunk dashboard single value trendinterval as dynamic

Hello, I' m currently working on how to make dashboard with our Server's VM Count logs. Our logs are being co...

by Path Finder in

Splunk Fundamentals 1 Module 5 question

In module 5, of Splunk Fundamentals 1, during the lab exercise, it asks to do a search and says to notice the host=we...

by New Member in

Display in range data based on application time taken

Hi Splunkers, I am looking to display the data Product 1Seconds Cumulative response % ...

by Path Finder in

How do I only return the first name listed under each Group and how do I count by Groups?

The following query just gives me results but I also need to count by each Group. index=Container_ship action=Decis...

by New Member in

Largest files and its sizes in each Linux host

Hi, I'm looking to enlist the largest files per Linux host, i.e. if I have 6 hosts, all running on Linux let's assume...

by Explorer in

How do I monitor & troubleshoot if all data sources are communicating with assigned Indexers?

How do I monitor & troubleshoot if all data sources are communicating with assigned Indexers? The create a report or ...

by Builder in

Adding appendcols to table to produce two curves

I'm creating demand and supply curves which use streamstats to accumulate demand and supply in order to intercept the...

by Observer in

How to show logs happened 2 min before and 2 min after certain log

Hi Splunkers, i have search like this index=pkg_prespvm host IN (*)| dedup _raw| transaction host startswith="[In...

by Path Finder in

Concurrent VPN connections.

Hi guys, I'm going crazy and I'm completely lost. I'm trying to create a query that displays concurrent connect...

by Explorer in

Combine Sub searches with different time references

Hey, right now I am a bit messed up in the mind and not sure if I try to find an overly complicated solution to...

by Explorer in

How to get counts of same field with different info

Hello, We are logging various info during job level. Message filed carries all the info. I would like to get count...

by Explorer in

How to leverage a secondary time field at scale?

I have a dataset that has both FINISHDATE and CHANGEDATE fields in text. We use strptime(CHANGEDATE) for _time but w...

by Esteemed Legend in

Where to start learning to write splunk queries

by New Member in

Read regex based data from a log file using splunk forwarder

I have log file which polls an endpoint and if new version has come then only performs the operation. All the polling...

by New Member in

COmpare or join 2 fields to 3rd output

HI All, Need help in comparing 2 fields or join 2 values to build a table for another 2 field. CODE 1: ...

by Communicator in

Help calculating error breach rate

Hi, I'm trying to build a splunk query to calculate error rate breaches. Essentially, how often in 5 minute interva...

by Observer in

Comparing field with weekly average

Hi, I am trying to compare a field (Job duration) with its weekly average. Something is wrong with my join. It is r...

by Explorer in

How can i calculate the time difference with 1 key value and 1 col of data?

Hi there Splunkers,Maybe the title is a little bit weird but the point is, We have an entity who travel between 2 loc...

by Engager in

How do I extract a substring beginning by some characters and ending by :

Hi, I have this in my message string: Errors in file /u02/app/oracle/diag/rdbms/pwein1a/pwein1a1/trace/pwein1a1_c...

by Engager in

List indexes that are being used

Hello, I am trying to bring up a search that will tell me how much each index is being used, but the search_index fie...

by Path Finder in

Need help in append

Hello all, I am facing an issue in appending an query. Here my objective is to update the kv store with the lis...

by Explorer in

JSON formatting

I have the below JSON feed that I can see from a straight search. I'm trying to get some stats especially for pools-a...

by Loves-to-Learn in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Getting the timestamp when the status has changed

How to reassign orphaned search in splunk light?

Regex expression

Splunk dashboard single value trendinterval as dynamic

Splunk Fundamentals 1 Module 5 question

Display in range data based on application time taken

How do I only return the first name listed under each Group and how do I count by Groups?

Largest files and its sizes in each Linux host

How do I monitor & troubleshoot if all data sources are communicating with assigned Indexers?

Adding appendcols to table to produce two curves

How to show logs happened 2 min before and 2 min after certain log

Concurrent VPN connections.

Combine Sub searches with different time references

How to get counts of same field with different info

How to leverage a secondary time field at scale?

Where to start learning to write splunk queries

Read regex based data from a log file using splunk forwarder

COmpare or join 2 fields to 3rd output

Help calculating error breach rate

Comparing field with weekly average

How can i calculate the time difference with 1 key value and 1 col of data?

How do I extract a substring beginning by some characters and ending by :

List indexes that are being used

Need help in append

JSON formatting

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...

Splunk Search

Are you a member of the Splunk Community?

Discussions