Splunk Search

Ask a Question

Discussions

Thread Info

use the heat map option and highlight the max and min per each column.

hi there THis is my sample data. I want to use the heat map option and highlight the max and min per each column....

by Motivator in

Math function on stats count

I would like to do some math operation of retrieved count of each values. Eg: 318*5.5 + 418*2.5 + 54*5 + 83*2 and...

by Loves-to-Learn Lots in

Why doesn't my rename work? Error in 'rename' command: Usage: rename [old_name AS/TO/-> new_name]+.

I have this splunk search: host=app-dev-001 terminating | convert timeformat="%Y-%m-%d" ctime(_time) AS date | sor...

by Explorer in

Can someone help me with the regex for a field extraction?

Below are clamav logs, I would like to create two new fields. one called: log_level one callled: message log_le...

by Builder in

Invalid value "$week$" for time term 'earliest' ?

I am getting below error when the page first loads, after that when I manually select "Last 1 week" in the dropdown, ...

by Builder in

Unable to join two search with common field, however sub-search works

HI All, Please help me to debug the issue to join two searches based on common field. I have two indexes which ha...

by Explorer in

rex vs. extraction field

Hello! Which method is faster? It seemed to me that the rex method is very slow for a large number of events.

by Communicator in

Passing comparison operators in a variable

Is there a way to dynamically pass a comparison operator as a variable without a macro? I am looking to achieve somet...

by Communicator in

Need help of rex?

Dear Friends, Need you're help on writing a rex. As per my requirement. what ever value comes before a space need ...

by Builder in

Reading same field from multiple log files

I have 2 log files from different sources. Both log files have statements either indicating a "Transaction-Start" or ...

by New Member in

RegEx help

Hi All, need help in getting a regex code for the below message. 2020-04-04T15:08:01+00:00 usdaldc <44> %WAAS-...

by Communicator in

calculate difference between 2 dates and times with strftime

I have the below search: index=cd source=jenkins pr_number=* | stats count as Total , earliest(_time) as start, l...

by Communicator in

Subsearch produced 50000 results, truncating to 50000 - Need help!

Hi, I am dealing with a situation here. Trying to join 2 queries to find out the peak hour volume in last 90 days on ...

by Explorer in

Calculate total continuous duration when value is equal or above static threshold with resetting calculation when it goes below

I have a log that contains numerical value which is logged irregularly: I would like to calculate (and show o...

by New Member in

How to get a percentage calculation ?

I am writing a query which is going to a scheduled report. I have 3 servers/hosts (serv1, serv2, serv3) whose average...

by Contributor in

average for a field value per n number of events

How would i find the average value of a certain field per a certain amount of events Example: i have 1000 events a...

by Explorer in

インデックス別データ取り込み量確認方法

Splunk7.3.3を利用しています。複数のインデックスを持っています。インデックス毎の1日あたりのデータ取込み量を確認する方法をご教授いただきたいです。

by New Member in

How to rex field to a field

I have a rex as such: | rex field=host "(?<sydney>10-92-3[2-4])" | rex field=host "(?<melbourne>10-92-11[0-2])" ...

by New Member in

how to loop through json array based on expression and create counter

i'm hardcoding some data like names, where i will pass in a token in the future, to create a simple example of what i...

by Engager in

timechart limit: pick top 10 series with the highest peaks (of all time), not total sums

I'm looking to investigate IP addresses with highest peak loads on our service. Here's my current query: applicati...

by Explorer in

How can I change the field values to another value ?

Hello Guys! I need to change the values that are present in the field "Item Codigo" . For example: 0405...

by Explorer in

New index does not show

I have created a second index called "nagios" exclusivly to collect data from my nagios install. Nagios has populated...

by Explorer in

Timechart and Order of Operations

I am struggling with the order of operations in my timechart query. I need to show the number of Users who accessed a...

by Communicator in

can some one help me with SPL

index= xxxxxx sourcetype=xxxxxx | eval import_time=strftime(_time, "%Y-%m-%d:%H") | eval import_timeday=strftime(_tim...

by Explorer in

I want to create an app which should show all the other apps in splunk ?

Hello, I want to create an app which should show all the app as home page for admins. I have like 15 apps which sh...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

use the heat map option and highlight the max and min per each column.

Math function on stats count

Why doesn't my rename work? Error in 'rename' command: Usage: rename [old_name AS/TO/-> new_name]+.

Can someone help me with the regex for a field extraction?

Invalid value "$week$" for time term 'earliest' ?

Unable to join two search with common field, however sub-search works

rex vs. extraction field

Passing comparison operators in a variable

Need help of rex?

Reading same field from multiple log files

RegEx help

calculate difference between 2 dates and times with strftime

Subsearch produced 50000 results, truncating to 50000 - Need help!

Calculate total continuous duration when value is equal or above static threshold with resetting calculation when it goes below

How to get a percentage calculation ?

average for a field value per n number of events

インデックス別データ取り込み量確認方法

How to rex field to a field

how to loop through json array based on expression and create counter

timechart limit: pick top 10 series with the highest peaks (of all time), not total sums

How can I change the field values to another value ?

New index does not show

Timechart and Order of Operations

can some one help me with SPL

I want to create an app which should show all the other apps in splunk ?

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown