Splunk Search

Discussions

Thread Info

How to count and sum fourth column if second and third column are certain value and group by first column?

So my data structure has four columns: "Month", "Status", "Accepted", "Value". As the title suggest I'm trying to det...

by Path Finder in

Split unix commands

There is a command fields in my logs and consists of unix commands. One value is /usr/bin/ssh -q -o ConnectTimeo...

by Explorer in

How to rewrite/correspond MySQL queries in Splunk?

Hey community I have my data in both MySQL and in Splunk. I'm trying to mimic the MySQL queries in Splunk so I can ma...

by Path Finder in

Adding Event Count to Table

I am trying to get the Date (altering _time in a specific format shown below), number of events (which I am using sta...

by Explorer in

exclude certain event type from count

Hi, I have a stat on eventtype like this index=xyz | stats count by eventtype This query generates:All_logs = 14...

by Explorer in

Remove peer from Index Cluster and re-add after maintenance

I need to take one peer down for maintenance, so i do splunk stop on it. cluster handles and brings cluster back to...

by Builder in

Help with regex

Hi, I have below in column default_message 1st regex : default_message= <14>shell: cmd by abcd: mkdir test ca...

by Communicator in

Why does my token in my search query not work?

I've created a dropdown input field that shows the user accounts that are locked out And this is the sea...

by Explorer in

How to create inventory that matches user to the devices they have logged into?

Hello All, I am looking for a solution to establish a kind of IT inventory, based on logins. Is there any worki...

by New Member in

how to use transaction to Group multiple events with field values in a specific order

hello , i have many logs like: "_time1 user=A eventid =45" "_time2 user=A eventid=46" "_time3 user=A eventid=48...

by New Member in

How to perform Rolling Percentiles (e.g. P90) over a time period?

I need help on doing cumulative percentiles, such as p90, over a period of time. This is different from rolling avera...

by Path Finder in

Compare value of row'1', column'1' with row'n', column'n' and if matched then diff=(Size_In_MB_new-Size_In_MB)

I want to compare (OWNER)(TABLE_NAME) to (OWNER_New)(TABLE_NAME_New). And once the value matched then want to find di...

by New Member in

SPLUNK architecture

Hi, I am very new to SPLUNK and inherited an environment without much documentation. Can anyone help with the followi...

by Explorer in

count Events per minute but only for same users

Hi Splunkers, some examples from our logs.. [Time:11:03:01] [Function:upload] [User:aaa][Time:11:03:10] [Functi...

by Explorer in

How to check whether splunk is receiving logs from particular IP

Hi Guys, Syslog is sent to forwarder IP through TCP 514 port. I am unable to receive those syslog in forwarder or ind...

by Contributor in

Stats StatusCode error Rate

Hi There, Need help to find the status code error rate where status code is >400. I have below Query to time c...

by Explorer in

Time duration filter

Hi All, Need help in getting the data for those Downtime > 15 mins. below is the query am using. ...

by Communicator in

How to query alerts by a specific personal domains?

Hello, I'm trying to put a query together to monitor/view emails being sent externally to a personal domain. i.e...

by Explorer in

src_ip, with all dest_ips and dest_ports

The following search is not giving me what I want.. sourcetype="sidewinder" action="blocked" direction="internal" ...

by Contributor in

How to add final total count of results without adding another column?

I can't seem to figure out a way to add a bottom row for a total count of results (records) to the end of the results...

by Path Finder in

Timechart issue

I have created a dashboard panel that shows all the users with failed logins in the form of a timechart I'...

by Explorer in

How to create a search for date compare to get the exact output?

I am trying on date compare but i am unable to get the exact output The condition for Date Compare: if(Firs...

by Path Finder in

How to perform a field extraction on a field from a lookup table?

Hi, How to perform a field extraction on a field from a lookup table? I'm trying to add another field so the da...

by Explorer in

Self Join and override Values

Need some help with a query Sample Data: { id: “123”, start_time: “2020-08-01 15:00:00”, end_time: “2020-...

by Explorer in

Difference of values using single value with percentage

I would like to put together a graph with the difference of values as a percentage, so I can use the single value a...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to count and sum fourth column if second and third column are certain value and group by first column?

Split unix commands

How to rewrite/correspond MySQL queries in Splunk?

Adding Event Count to Table

exclude certain event type from count

Remove peer from Index Cluster and re-add after maintenance

Help with regex

Why does my token in my search query not work?

How to create inventory that matches user to the devices they have logged into?

how to use transaction to Group multiple events with field values in a specific order

How to perform Rolling Percentiles (e.g. P90) over a time period?

Compare value of row'1', column'1' with row'n', column'n' and if matched then diff=(Size_In_MB_new-Size_In_MB)

SPLUNK architecture

count Events per minute but only for same users

How to check whether splunk is receiving logs from particular IP

Stats StatusCode error Rate

Time duration filter

How to query alerts by a specific personal domains?

src_ip, with all dest_ips and dest_ports

How to add final total count of results without adding another column?

Timechart issue

How to create a search for date compare to get the exact output?

How to perform a field extraction on a field from a lookup table?

Self Join and override Values

Difference of values using single value with percentage

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions