Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Is there a way to only search * (asterisk)?

Dear Experts , Please suggest an answer on a silly question If my log contains *(star) as a word/character . ...

by New Member in

Transfer logs between different network segments - which forwarders to use where ?

Hi, our network count ~9000 Servers. Most of them running in the separate network IP segments. I would like to ki...

by New Member in

Aggregate/subtotal the output by locations (not currently an index field) so I can produce a graph by location

I have a query below that produces the sum of bandwidth used by remote intermediate forwarders. The output give me a ...

by Communicator in

Streamstat reset_after resets for all users

I found this search from woodcock user and it basically searches for successful logins after several failed attempts:...

by Explorer in

Doing math on results of sum(duration) of transaction?

I have a search that results in showing the time a phone was in a call in seconds by using sum(duration) of the event...

by Explorer in

How can I find the difference between table rows?

I have results in following table format: half app_name dataconsumed ----------------------------------- fir...

by Explorer in

Conditional transaction

Hello, I have two types of events: clicks and searches. I want to group two searches into a transaction if ...

by Engager in

How to display calculated fields as part of same graph

Hello, I'm attempting to display three calculated fields (total_meeting_hours, total_use_no_meeting_hours, and hours_...

by Explorer in

Merging two sets of multivalue data in an order without regex

I have base search that was able to get me to this form in Splunk: Name Value A 1 B 2 C 3 I need to create a ne...

by Communicator in

chain 2 search queries and get the earliest and latest of different fields

search string1 - [ field1 ] search string2 [ field1 field2] search string3 [ field1 field2] I want the results of ...

by Engager in

How to query _TCP_ROUTING key value?

Hello all Is there a way you can query event's _TCP_ROUTING key value in a search? I would assume you should be ab...

by Path Finder in

Using variable "total_dataconsumed" how do I find biggest gainer/loser (per 24-hour period)

I have event data in below format: Sep 15 2017 07:06:07 app=yahoo dataconsumed=50 Sep 15 2017 08:16:07 ...

by Explorer in

How can I turn this JSON event into a table with various fields?

Hello, a beginner question. I've a search query that produces a single JSON event such as this: { Error/type/0 : type...

by Explorer in

Splunk - join two search queries having common field

Hi, I need to join two splunk search queries based on a common field (JoinId). All I would like to have at the...

by Explorer in

Why does subsearch throw an exception?

I'm trying to produce a subsearch based off of a rex field. The goal of this search is to find every Deserialization ...

by Engager in

How to dynamically create a custom x-axis label in a search?

how can we give a custom dynamic value for x-axis in the search? i know we can change it manually in the format ta...

by New Member in

Setting up a search head and indexer on existing machine

Hi All, Currently I have a single instance which acts as indexers as well as search head. But i am planning to inc...

by Path Finder in

Why does my drop-down say "Duplicate values causing conflict" when there are no duplicate values?

I am trying to output the CUSTOMER_NAME via a csv lookup. my lookup file (lookup_test.csv) looks like that: CUSTOM...

by Path Finder in

How to extract a string in a CSV where the field position can have multiple different values?

Hello - I'm trying to extract a field from a CSV. The problem is the 9th position can have several different value...

by New Member in

How to edit my chart to show weekly baseline of average and compare it to the daily average?

Hi all. I'm creating a dashboard for one of our systems, and am trying to create a chart that will show the previous ...

by New Member in

Splunk Search

Discussions

Is there a way to only search * (asterisk)?

Transfer logs between different network segments - which forwarders to use where ?

Aggregate/subtotal the output by locations (not currently an index field) so I can produce a graph by location

Streamstat reset_after resets for all users

Doing math on results of sum(duration) of transaction?

How can I find the difference between table rows?

Conditional transaction

How to display calculated fields as part of same graph

Merging two sets of multivalue data in an order without regex

chain 2 search queries and get the earliest and latest of different fields

How to query _TCP_ROUTING key value?

Using variable "total_dataconsumed" how do I find biggest gainer/loser (per 24-hour period)

How can I turn this JSON event into a table with various fields?

Splunk - join two search queries having common field

Why does subsearch throw an exception?

How to dynamically create a custom x-axis label in a search?

Setting up a search head and indexer on existing machine

Why does my drop-down say "Duplicate values causing conflict" when there are no duplicate values?

How to extract a string in a CSV where the field position can have multiple different values?

How to edit my chart to show weekly baseline of average and compare it to the daily average?

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >

Why does stats via python SDK export returns mult...

Problem at Encoding - Jirra Issues Collector

Insert a heading for 4 rows and give name using HT...

splitting and sending the value from drill down to...

Chart With time as the data points

Splunk Search

Discussions

Free LIVE events worldwide 2/8-2/12Connect, learn, and collect rad prizes and swag!Sign up now >

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >