Splunk Search

Discussions

Thread Info

simple moving average and dynamic fields

This will be very interesting or boring, it can only be one! I have an extracted field: CFErrorCodeMessagesCode ...

by Communicator in

How to extract the correct date and time that are split in two different locations in my sample data?

We are getting data from a mainframe system to represent call data from our applications. Data in the events looks li...

by Communicator in

Trying to performance test my Splunk searches, but why are results sometimes returned too fast?

Hello, I have a report which generates results - useful for loading with | loadjob, as well as events into the sum...

by Communicator in

Where can you disable optimized search in Splunk 6.5.0?

Does anyone know where in the console we can disable optimized search in v6.5.0?

by Communicator in

How to add previous data to a number from another field, and put it as the current data?

I have 3 main fields: time, totalvehicle, and changes. total_vehicle is only generate periodically and I would like t...

by New Member in

How to create a pie chart or graph based on web log CSV?

I have a csv file that contains the date and time, visited url (which is a complete url, not just the domain), and vi...

by Engager in

How to edit my chart/timechart search to include the sum of events?

sourcetype=pools Fields- poolname, poolsize sourcetype=poolcomponents Fields- componentname, poolname, co...

by Communicator in

How to remove fields from appearing in my timechart panel?

i'm trying to remove field from the timechart panel eg: index=os host=xyz | timechart avg(usedMB) as DiskUsed avg(...

by New Member in

Look up in CSV date

Hi All, I have CSV with below fields and values **Login_count *** LoggingTime********* Applicationname****** **...

by Path Finder in

subsearch question

Cannot get results from query using subsearch. I would like to compare the previous percentage of used space with the...

by New Member in

Usage of Token for eval function in dashboard query

Hi All, How to use tokens in the eval function when we write query in the dashboard: I have a token with name "...

by Communicator in

How to combine my 2 reports?

I think this is simple and I think I see similar questions, but I've failed to implement them for my case and any hel...

by Explorer in

How to search for newly added hosts?

Hi we have some new hosts added in our instance. we need to built a search to check for newly added hosts. We ...

by Path Finder in

How to search for newly added servers by comparing today's log with the previous week's logs?

Hi, I have a file with hostname. I need to find out the newly added server in it. When I use the set diff command,...

by Path Finder in

Help parsing out events - need to get timestamp, host and sourcetype to rewrite metadata

I have the following event: { [-] ident: vcap.cloud_controller_ng message: {"timestamp":14894...

by Builder in

Change Row Values to Column Headings

Hi, I wonder whether someone may be able to help me please. I'm using the query below which extracts a column of f...

by Motivator in

Regular expression in Splunk for extracting fields

I have some uneven stings and I need to extract a field from all the strings. Unique thing is the required field lies...

by New Member in

how can I calculate the average of field1,field2,field3 for users and display the average of each user?

I have a splunk result as below user field1 field2 field3 A 5 8 3 B 2 3 5 Now how can I calculate the average ...

by Builder in

no data from specific data source

hi, How to find out whether a forwarder sending an events which belongs to specific data source because i don't se...

by Path Finder in

How generate a search to monitor devices that send out an unusual amount of logs?

Dear fellows， i am trying to write a search string to monitor which of my devices send out an unusual amount of l...

by Engager in

Splunk Search

Discussions

simple moving average and dynamic fields

How to extract the correct date and time that are split in two different locations in my sample data?

Trying to performance test my Splunk searches, but why are results sometimes returned too fast?

Where can you disable optimized search in Splunk 6.5.0?

How to add previous data to a number from another field, and put it as the current data?

How to create a pie chart or graph based on web log CSV?

How to edit my chart/timechart search to include the sum of events?

How to remove fields from appearing in my timechart panel?

Look up in CSV date

subsearch question

Usage of Token for eval function in dashboard query

How to combine my 2 reports?

How to search for newly added hosts?

How to search for newly added servers by comparing today's log with the previous week's logs?

Help parsing out events - need to get timestamp, host and sourcetype to rewrite metadata

Change Row Values to Column Headings

Regular expression in Splunk for extracting fields

how can I calculate the average of field1,field2,field3 for users and display the average of each user?

no data from specific data source

How generate a search to monitor devices that send out an unusual amount of logs?

ldapfilter does not return all attributes

Observing 30 mins dip in my Splunk Graph

When there is no result filed is displays as &quot...

SPLUNK ITSI (Cloud)

Alternative to mcatalog values(_value) for Metrics