Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Average between 2 fields D+HH:MM:SS

Hi, I try to realize an average enter 2 fields which appear in the form of D+HH:MM:SS so i converted with dur2sec...

by Path Finder in

How to extract and calculate the sum of a field from different searches?

Hello, i have on a dashboard with 5 different searches, where i have a common (calculated) field (let's call it a ...

by Explorer in

How to edit my configurations to perform an index time field extraction?

Hello All My current environment is as follows : Syslog/UF (Universal Forwarder) -> HF (Heavy Forwarder) -> Ind...

by Contributor in

for every command we filter fields and giving few fields to the next command, why eval gives all fields to the next command

index=* sourcetype=history browser=chrome | eval name="raj" giving output as many fields like sourecetype, browser, h...

by Communicator in

How to map the lookup conditions and get the indexed data in splunk

Hello Everyone, I have requirement where i need to search eventtype which are present in my lookup table, say in l...

by Communicator in

Translation lookup table

I have extraction of a field called Tool (Textual) The field values can be in English, German, French or Spanish. I ...

by Engager in

Real Time Monitoring Hunk Data

I got to know from the hunk documentation currently hunk does not support real time monitoring of hadoop data Can we ...

by Path Finder in

How do I create a table result with "stats count by ‘field’"?

I have a set of events which have multiple values for a single field such as: accountName=customerA result=[passed...

by Ultra Champion in

How to generate a search to find out whether indexer queues were blocked during a particular period of time?

Is there any search to find out whether indexer queues were blocked at a particular period of time? With Distributed ...

by Path Finder in

How to get my eval statement to output a certain value, even if there is no result for a certain field?

Hello, Here's my search string: index=myindex host=server1 source=mysource | multikv | search Process=process1 ...

by Builder in

Can I add REST search results to an in-line search that contains multi-value field? If so, how do I parse it?

This is a piece of a search that I have been working on: eventtype=knoob (file_name=authorize.conf) | eval zip1...

by Engager in

Using perfmon and inputs.conf, how do we pull in data for specific processes (by name)?

This is the route we are heading: [perfmon://ProcessandProcessor] object = Process.* counters = % Processor Time;I...

by New Member in

How to generate a search that will display successful login attempts by members of Domain Admin group?

Pretty new to all this. I've got a Splunk 6.5.1 environment gathering data from Windows servers/desktops and Activ...

by New Member in

search broken in splunk 6.5

This probably is partially covered by https://docs.splunk.com/Documentation/Splunk/6.5.2/ReleaseNotes/Workaroundforse...

by Path Finder in

Is my search correctly using the bucket command in order to detect brute force attempts against multiple destinations?

I have the following search and I'm not certain it's producing the correct results. The idea is to use it to detect b...

by Path Finder in

How to split count of events based on conditions?

Let's say that I have the following query: (...) | stats count AS Foo by X I would like to split Foo based on ...

by Communicator in

Question about eval if 4 arguments

Hi, i try to select on same event with different Values and they give result différent but Splunk find none result. C...

by Path Finder in

What is the best way to count the number of times a field has been changed or toggled?

Hi Everyone, I've been using Splunk for a few years but I'm looking for a nice way to capture the number of times ...

by Path Finder in

How to edit my search to find events that did not occur right before a machine restart?

I'd like to look for events of a Windows service stopping but ONLY if it did not occur while the machine was being re...

by Communicator in

Difference between stats and chart

Hi all, I have been working with Splunk for quite a while now. Still I am wondering: Whatis the difference betw...

by Path Finder in

Splunk Search

Discussions

Average between 2 fields D+HH:MM:SS

How to extract and calculate the sum of a field from different searches?

How to edit my configurations to perform an index time field extraction?

for every command we filter fields and giving few fields to the next command, why eval gives all fields to the next command

How to map the lookup conditions and get the indexed data in splunk

Translation lookup table

Real Time Monitoring Hunk Data

How do I create a table result with "stats count by ‘field’"?

How to generate a search to find out whether indexer queues were blocked during a particular period of time?

How to get my eval statement to output a certain value, even if there is no result for a certain field?

Can I add REST search results to an in-line search that contains multi-value field? If so, how do I parse it?

Using perfmon and inputs.conf, how do we pull in data for specific processes (by name)?

How to generate a search that will display successful login attempts by members of Domain Admin group?

search broken in splunk 6.5

Is my search correctly using the bucket command in order to detect brute force attempts against multiple destinations?

How to split count of events based on conditions?

Question about eval if 4 arguments

What is the best way to count the number of times a field has been changed or toggled?

How to edit my search to find events that did not occur right before a machine restart?

Difference between stats and chart

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >

Microsoft Office 365 Reporting Add-on not obeying ...

How union 2 dbxquery from 2 different tables

How do I create a time field?

Tagging Network Logs for Kubernetes Containers

Number of events not stable in time

Splunk Search

Discussions

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.Find out what your skills are worth! Read the report >

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >