Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How can I sort by date? Example time format is: Sat Oct 07 2017 07:30:00 GMT-0400 (EDT)

I have a search from which I get the below result one of the columns in the statistics table : Sat Oct 07 2017 07:...

by Explorer in

How does Splunk parse german Umlauts?

Hi everyone, I've been confronted with the problem, that the case insensitive search command search, differentiate...

by Explorer in

Timecahart of unique web users including results by unique IP address or unique user name

Hello everyone. I'm trying to get a time chart of unique users from my IIS logs. Our apps are both authenticated and ...

by New Member in

How can I correlate results from two separate searches?

I have syslog formatted events that correlate together based on one value, and a search that will pull a single line ...

by New Member in

How can I create a table of my search results with a count of each matching dest_ip value?

I have this search of events: eventtype=cisco-firewall src_ip="*" (dest_ip="192.168.1.2" OR dest_ip="192.168.2.2" ...

by Path Finder in

Redrawing chart changes y axis maximum

I have a table which drills down to change a chart: <row> <panel> <table> <title>Exchanges</ti...

by New Member in

Help with writing a join command that joins a security breach to the previous login

This is the requirement. I need to join two events based on a common field “User”. The Event with EventType “Security...

by Explorer in

summing two event counts by source

so, I am trying to parse out syslog stats data, trying to get a velocity of the events to figure out which log source...

by Explorer in

Use values from two panels in a third panel

Hi, I have 3 single value panels. The first one generates total number of unique logins index=cox host="cox*" /...

by Motivator in

How to make my search more efficient? Help to remove joins

My search is running pretty slow and I am looking to edit/remove the joins to make it run faster. It looks pretty mes...

by Path Finder in

Whats the splunk equivalent of SQL IN clause

What is the Splunk equivalent of an SQL IN clause. I want to run a query where some field has a value which is presen...

by Explorer in

How to find common packages installed on many hosts?

I am indexing rpm -qa outputs and want to find all of the packages that are common throughout my infrastructure. The ...

by Splunk Employee in

How do I get my rex search to extract a string between two strings from a sample below and concat it with the fixed string "751."

Example1 Input: 352322648-1112 : DSSPP-HNWSD-AVI Output i want : "751.1112" Example2 Input: 335587620-4330...

by Explorer in

Splunk Search

Discussions

How can I sort by date? Example time format is: Sat Oct 07 2017 07:30:00 GMT-0400 (EDT)

How does Splunk parse german Umlauts?

Timecahart of unique web users including results by unique IP address or unique user name

How can I correlate results from two separate searches?

How can I create a table of my search results with a count of each matching dest_ip value?

Redrawing chart changes y axis maximum

Help with writing a join command that joins a security breach to the previous login

summing two event counts by source

Use values from two panels in a third panel

How to make my search more efficient? Help to remove joins

Whats the splunk equivalent of SQL IN clause

How to find common packages installed on many hosts?

How do I get my rex search to extract a string between two strings from a sample below and concat it with the fixed string "751."

Join with "eventstats" on a non unique field

Use query results from one panel as input to query on another panel on the same Dashboard

Applying Field Extractions across similarly named servers

Best Methods to Improve Performance of Dashboard

How can I remove colons in a field value

How to search the names of triggered alerts, their trigger time, and the events that triggered them?

Trigger alert for stats query when events are null

Trigger alert on consecutive errors

Transaction and Filldown from different hosts

deprecated 'stats' command syntax notification on ...

What data transform approach should I use with thi...

Getting the error ImportError: splunklib.modulari...