Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Exclude value based on subsearch

Hello, I want to exclude some values if that have the field SPANLOSSMAX=50 between midnight to 7 a.m. This is my a...

by Path Finder in

Search Query for comparing OS from live search and from lookup and showing the differences

Hi All, I need to create a report for comparing OS versions of hosts from live search and from the lookup. Trying ...

by New Member in

In a search head cluster, how do I search users that have logged in the last 30 minutes, on what cluster member, and what kind of searches they are running?

What setup is required and what will be the search so that I can find out, Who all have logged in to the syst...

by Path Finder in

Timechart vs. Chart (_time) to figure out bandwidth?

When trying to figure out bandwidth, which search string makes more sense? | eval MBs=(bytes*8/1024/1024...

by Communicator in

Count as 1 value if TIMESTAMPs are consecutives

Hello, I have this search string index="flap" DELTASPAN>= 3 | eval TRATTA=NODOA."->".NODO_Z | stats count(TRATTA...

by Path Finder in

Slow Indexer Problems

I have a 2 TB Indexer 12 CPUs, 12GBs of memory. We didn't get a chance to have a say in the storage teir and i imagin...

by Builder in

Making zero value buckets for Left join

I have to join 3 tables each of which have a common column with each other. However the problem is that I use Time Bu...

by Explorer in

How to "loop" or repeat a search with all values of a field to generate a table?

Hello, How to "loop" or repeat a search with all values of a field to generate a table and count the values? I ha...

by Engager in

How to edit my search to find the channel connection count?

Hi All, I have CSV file read by Splunk. Here is how the data look like. The field extraction is done. APP CHA...

by New Member in

How do I use count multiple times in one search?

How do I use count multiple times in one search? For example: search * | stats count by f1, f2 count by f3, f4

by New Member in

Dashboard - Hide results until search is complete

I created a dashboard that will be used in our NOC. I have a few panels that are defined as Single Value. I apply col...

by Path Finder in

Streamstats question

index=### sourcetype=####|table Server Server AppName AppProductName _time ServerRole ServerSerialNumber ServerSite |...

by Engager in

how to call the functions using token?

How to populate the timechart based on the input dropdown (avg, max, min, perc90). looking something like ..........

by Path Finder in

Splunk Bug "fields command"

I am facing an issue with fields command as i am generating splunk queries below .....)|fields - records2,records...

by Explorer in

how to combine timechart for 2 different evals which are seperated by append?

here is my query : index="test1" sourcetype="test2" "login success" OR "login failed" | timechart span=1d dc(user) as...

by New Member in

How to generate a search for non Public Key Infrastructure (PKI) logins in Active Directory over a 90 day period?

I am a complete newbie to Splunk. I have an environment in which users are set "token mandatory" by default for PK...

by Explorer in

summarize directories in dispatch?

This morning I woke up to a "too many jobs in dispatch directory" message across my screen. After checking dispatch, ...

by Communicator in

In sort command I want to avoid limit of 10,000 rows without using attribute "count=0". Is there any setting for this in any conf file ?

When I sort my data by some field, by default its has limit of 10,000 rows. If I use attribute count=0 along with sor...

by Path Finder in

remove repetitive string in string

manipulating strings, I had a post before regarding an array, but say I have a field that has value string1+string2+s...

by Path Finder in

Data filtration at field level using SED option

Hi, I am new to splunk.. I want to filter data at fields level instead of event levels before indexing my data. data ...

by Path Finder in

Splunk Search

Discussions

Exclude value based on subsearch

Search Query for comparing OS from live search and from lookup and showing the differences

In a search head cluster, how do I search users that have logged in the last 30 minutes, on what cluster member, and what kind of searches they are running?

Timechart vs. Chart (_time) to figure out bandwidth?

Count as 1 value if TIMESTAMPs are consecutives

Slow Indexer Problems

Making zero value buckets for Left join

How to "loop" or repeat a search with all values of a field to generate a table?

How to edit my search to find the channel connection count?

How do I use count multiple times in one search?

Dashboard - Hide results until search is complete

Streamstats question

how to call the functions using token?

Splunk Bug "fields command"

how to combine timechart for 2 different evals which are seperated by append?

How to generate a search for non Public Key Infrastructure (PKI) logins in Active Directory over a 90 day period?

summarize directories in dispatch?

In sort command I want to avoid limit of 10,000 rows without using attribute "count=0". Is there any setting for this in any conf file ?

remove repetitive string in string

Data filtration at field level using SED option

Conditional cell format without JS?

ldapfilter does not return all attributes

Observing 30 mins dip in my Splunk Graph

When there is no result filed is displays as &quot...

SPLUNK ITSI (Cloud)