Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to edit my regular expression to extract the URL from both of my sample log entries?

Hi, I have these two entries in the same log. I'm try to extract out the URL in bold below For the first one I ...

by Motivator in

How to write a search to only keep a certain type of value for a multivalue field?

Hello Splunkers, I have a question about data I am trying to draw from Splunk. If you look at the fields, I am am ...

by Communicator in

How do I create a transaction when not all fields are present?

Hi! I am a Splunk beginner and have the following question. I have some events I would like to transact, but n...

by New Member in

How to edit my search to identify utilization of devices, then categorize them into buckets of utilization?

I need to get my search to identify the utilization of devices, and then categorize them into buckets of utilization ...

by New Member in

After running a top 10 search, is it possible to increase how many results are displayed in the left navigation?

Can I increase the display of results on the left nav after a search from the top 10? For example, when I do a search...

by New Member in

How to edit my search to extract this value from my sample syslog data, and assign it a certain field name to display in my stats table?

Hi, Take a look at this Sophos UTM syslog entry 2016:09:06-12:28:48 portal-1 aua[21251]: id="3005" severity="wa...

by Communicator in

How to edit my search to match a field in events to a field in a CSV lookup table, and output all corresponding results?

Lookuptable = C360_USERS.csv Fields: USERID,EMPLOYEEID,AVAYAID,FIRSTNAME,LASTNAME,LOCATIONNAME,JOBCODE,JOBTITLE I ...

by Communicator in

Clean dispatch folder automatically in Splunk 6

Please let me know, if their is provision to clean up dispatch folder ( job already completed) automatically. Can ...

by Engager in

grouping search results by hostname

We need to group hosts by naming convention in search results so for example hostnames: x80* = env1 y20* = prod L* = ...

by Path Finder in

Creating a REST endpoint to allow csv lookup files to be uploaded/updated?

I would like to create a REST endpoint that will allow me to to automate the uploading and updating of a csv lookup f...

by Path Finder in

Set earliest and latest time using a variable

Hi! I'm trying to set the earliest and latest for a sub-search using a variable from the main search. The code bel...

by New Member in

Group events that occur continuously and contain a common name

I would like to group continuous events that occur in order over time, and have a common name. For example: _t...

by Path Finder in

How to count events with specified id, if there are three events successively

Hello I would like to make a search for a SLA who does the following: (id 700 is ok, 702 is nok) Count num...

by Path Finder in

Remove duplicate keywords (values) returned from field

Hi All, I am splitting a Description field with "space" using Split command and generating list of keywords ( doin...

by Builder in

stats count issue, mismatch with search query results

Hello, i'm using a query to find all traffic hitting a singe firewall rule. it's something like this: host=fw_host...

by Engager in

How to edit my search to chart the count of how many sources were indexed in the last hour?

I want to create a scheduled report that would count how many log files we’ve received in last hour. This is what I’v...

by Path Finder in

How to find the most matching result?

Dear all Splunkers I'm a newbie for splunk and quite frustrated any method can do somekind of compare/find the mos...

by New Member in

Change TableElement option in Javascript

Hi, I would like to create a "results per page" dropdown in a table I display in a dashboard. First I create a dro...

by Path Finder in

Average Count doesn't show?

Hi, I have this query earliest=-4d index=wls OR index=main "ServletRequestImpl.java:2768" OR "rest path:/rest ...

by Motivator in

How to create a time chart on response times for multiple services?

I want to display the response time of 2 different transactions (or 2 events). Let's say, first transaction/event is ...

by New Member in

Splunk Search

Discussions

How to edit my regular expression to extract the URL from both of my sample log entries?

How to write a search to only keep a certain type of value for a multivalue field?

How do I create a transaction when not all fields are present?

How to edit my search to identify utilization of devices, then categorize them into buckets of utilization?

After running a top 10 search, is it possible to increase how many results are displayed in the left navigation?

How to edit my search to extract this value from my sample syslog data, and assign it a certain field name to display in my stats table?

How to edit my search to match a field in events to a field in a CSV lookup table, and output all corresponding results?

Clean dispatch folder automatically in Splunk 6

grouping search results by hostname

Creating a REST endpoint to allow csv lookup files to be uploaded/updated?

Set earliest and latest time using a variable

Group events that occur continuously and contain a common name

How to count events with specified id, if there are three events successively

Remove duplicate keywords (values) returned from field

stats count issue, mismatch with search query results

How to edit my search to chart the count of how many sources were indexed in the last hour?

How to find the most matching result?

Change TableElement option in Javascript

Average Count doesn't show?

How to create a time chart on response times for multiple services?

Fetching logs via Splunk SDK on index time and eve...

Excluding Events Based Off CSV Lookup

splunk predict period limit 2000 ??

Splunk Add-on for microsoft cloud services not get...

Scheduling the training set in MLTK