Splunk Search

Discussions

Thread Info

How can I convert "2016-12-17T00:30:00.000+0000" to epoch time?

How can i convert 2000-12-17T00:30:00.000+0000 to epoch time? I tried using 1.) eval _time= strptime(_time,"%Y-%m...

by New Member in

How to extract a string that starts with certain words or letters?

I'd like to use rex to extract the event string that starts with certain words or letters, possibly ends with certain...

by New Member in

Tracking down Regex Errors

I have what I think should be a simple question.... how can I find in Splunk why a regex extraction failed? I bring i...

by Explorer in

How to generate a search of unique URI and all the client IP's hitting in a commas field and total count of the IP's hitting the URI?

Am in a process of creating a report, in which i have URI's from many different hosts hitting from multiple IP's . ...

by New Member in

How to plot a delta timechart of average response time

I have data like: timestamp, serviceName, responseTime(in ms) I want to plot the per minute delta of avg. resp...

by Motivator in

How to create a timechart that takes the remainder of a field value and add it to the previous bucket?

I have the following metrics: date:01 yada yada yada total 80 date:02 yada yada yada total 120 date:03 yada yada y...

by Communicator in

How to pause a dashboard panel's real-time search?

I've built a dashboard panel that looks for blocked web traffic in real-time. Everything works great except I cannot ...

by Path Finder in

How to edit my table to plot transactions?

I was trying to create a table like below. We have a log with below fields, [Date][PreciseTime][Pid][Tid][Transact...

by Path Finder in

How to generate a search that finds events that are older than 90 days?

Hi, Below is my sample event. I want to create a search base which would return all such below events where FirstO...

by New Member in

How to do a time based search for router logs?

Hello, I am new to Splunk, so trying to get familiarize with it. I want to do a time based search for router logs, fo...

by New Member in

How to generate a conditional search based on time?

I need to figure out a way to execute one of two different search strings based on the time range in a first search. ...

by Path Finder in

How to list all the saved searches, macros, tags which contains a source=ABC?

Is there any way to list out all the saved searches, macros, tags,etc which have a source=ABC in a search? Is ther...

by Builder in

Why are some events not summarized in a data model?

I have an accelerated datamodel configured, and if I run a tstats against it, I'm getting the results as expected. Ho...

by Communicator in

Is there a way to create a token from search results in simple XML similar to $results[0].fieldname$ in advanced XML?

I want to be able to use my search for a few things, i.e. a table then further search or html display based on certai...

by Path Finder in

How to create table with two variables? Regex

Hi, I am very rusty with my splunk. I have this query: index=nitros_prod_stores_servers sourcetype=_json OR source...

by Contributor in

Why are the values on y-axis of my bar chart different than what I have set?

I have a bar chart, I need values on the y - axis like 0, 1000000, 2000000, 3000000, .... ,7000000. I did this by usi...

by New Member in

How to use if condition along with count in a where condition?

Hi All, I need to build a search that to show result as below. I have grouped the events based on the id which is uni...

by New Member in

Regex to match two fields in transforms.conf

I'm looking to match against two fields in transforms.conf. I would like to match against a customer _meta field and ...

by Explorer in

For a field user, which has precedence: an eval defined in local folder or a regex defined in default folder?

Hi, I am having the following issue/conflict when resolving the field user from events (coming with sourcetype Win...

by Contributor in

Is it possible to create a data model lookup attribute that is based on a CSV file that contains a name column and a CIDR column?

Is it possible to create a data model lookup attribute that is based on a CSV file that contains a name column and a ...

by Explorer in

Splunk Search

Discussions

How can I convert "2016-12-17T00:30:00.000+0000" to epoch time?

How to extract a string that starts with certain words or letters?

Tracking down Regex Errors

How to generate a search of unique URI and all the client IP's hitting in a commas field and total count of the IP's hitting the URI?

How to plot a delta timechart of average response time

How to create a timechart that takes the remainder of a field value and add it to the previous bucket?

How to pause a dashboard panel's real-time search?

How to edit my table to plot transactions?

How to generate a search that finds events that are older than 90 days?

How to do a time based search for router logs?

How to generate a conditional search based on time?

How to list all the saved searches, macros, tags which contains a source=ABC?

Why are some events not summarized in a data model?

Is there a way to create a token from search results in simple XML similar to $results[0].fieldname$ in advanced XML?

How to create table with two variables? Regex

Why are the values on y-axis of my bar chart different than what I have set?

How to use if condition along with count in a where condition?

Regex to match two fields in transforms.conf

For a field user, which has precedence: an eval defined in local folder or a regex defined in default folder?

Is it possible to create a data model lookup attribute that is based on a CSV file that contains a name column and a CIDR column?

How to filter ipv6 addresses and keep only ipv4?

Jump multiple links at the same time

How are AWS logs get ingested into Splunk Enterpri...

Transaction ends and begins with same code

Predict command