Splunk Search

Ask a Question

Discussions

Thread Info

help on basic table

Hello I use the search below : [| inputlookup host.csv | table host] index="x" sourcetype="PerfmonMk:Proce...

by Motivator in

Search top 4 destinations based on usage by IP and put remaining in others for each IP

I am bit new to splunk. I want to search top 4 destinations downloads and total ‘Other’ traffic for each source ip...

by Explorer in

Field extraction is working for one server but not for other by defining stanzas in props.conf.

I added the data into Splunk after changing the configuration in props.conf for breaking the event as per the need an...

by Loves-to-Learn in

Show IP addresses not matching CIDR ranges in lookup table

I have a list of CIDR ranges in a single column with name Prefix in a csv file. I only want to show events with sourc...

by Path Finder in

Prediction algorithm in splunk

Hi , I am trying to predict cpu load for 10 days ahead for that I am using LLP algorithm in my query, so in visual...

by Path Finder in

how to change time in summary index i want _time not which is having in data i have used eval _time (now ) but it is not working its same showing event date not _ time

Now 6/1/19 12:31:03.763 AM 2019-06-01 00:31:03.763, wanted 6/1/19 12:31:03.763 AM 2019-06-01 00:31:03.763

by Engager in

help to display a subsearch result after a tostring function

HI I use the search below which works fine [| inputlookup host.csv | table host] index="x" sourcetype="win...

by Motivator in

How to Span=2w but starting every firts monday of the month and so on?

I have a metric that want to trend on a timechart but I need to span every 2 weeks, starting the 1 monday of each mon...

by Path Finder in

How to combine a set of values as 'Other' in a pie chart?

I'm trying to display a pie chart like so: chart count by transaction.inputSource | lookup transaction_input_sourc...

by Engager in

What is this error in dispatch process?

0400 ERROR DispatchProcess - String not found in literals.conf: DISPATCHCOMM:FAILED_TO_START_PROCESS I need help ...

by New Member in

How to print results excluding the last line in Splunk like "head -n -1" in LInux?

Hi all, I want to print results excluding the last line. In Linux, I can use head -n -1 but in Splunk, the head co...

by Communicator in

how to do a line breaking after a string

hello I need to do a line breaking after "%" and after " on a total of " | eval Perc=round((NbTOUCHNGOCrashByHost...

by Motivator in

Does anyone know how to monitor all running searches on a search head and their memory usage in real-time?

I use one of the S.O.S. queries to get top 20 memory usage queries every 5 minutes, however, it might be easier for u...

by Explorer in

How do I plot crash rate over _time by app_name?

Hi, I am trying to plot the Crash rate over _time on a graph and that has to be distributed by app_name. On a high l...

by Explorer in

How to get a percentage out of 2 queries?

I've got 2 search queries that are working for me (Thanks to @harshpatel) Query #1 returns the average # of succes...

by New Member in

regex operator in Splunk is not working to match results

I am writing a code to simply match a regex in my search to match index field which matches app1_, app2_, etc Howe...

by New Member in

Where do I find the Query that created 'Identitiies_expanded' in SA_IdentityManagement app?

We have a identities_expanded.csv file in our SA_IdentityManagement app under lookups. It contains our AD data but I ...

by Path Finder in

HELP ON EVAL FOR CALCULATING A NUMBER OF DAYS

hello I use the search below in order to calculate a last logon date and a last reboot date by host now I need to add...

by Motivator in

Using the GUI, how can I search for events related to a specific host?

I'm in the process of creating a troubleshooting guide for our networking team. I would like to be able to look up ev...

by New Member in

Can you help me do an eval for a percentage of two values in an Xyseries?

I have my derived tables | stats count by breached region | xyseries region breached count REGION NO YES US ...

by New Member in

Dropdown input panel: Search is not changing as per dropdown selection

So I created a dropdown input panel for weekwise but my search is not changing as per dropdown selection - ... ...

by Path Finder in

Charting percentage of a total over time?

I'm working with some HTTP access logs that have a status code in them. Most are successful messages, naturally. I wo...

by Motivator in

playing with data II

q1- how can i get c4 where c4 will always be difference of values in c3 against first of c2 - next of c2 for example ...

by Contributor in

How to create difference of two values

Q1: How can I get c4 where c4 will always be the difference of values in c3 against max of c2 - min of c2 For exam...

by Contributor in

Calculating percentages based on counts

I'm trying to get percentages based on the number of logs per table. I want the results to look like this: Table C...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

help on basic table

Search top 4 destinations based on usage by IP and put remaining in others for each IP

Field extraction is working for one server but not for other by defining stanzas in props.conf.

Show IP addresses not matching CIDR ranges in lookup table

Prediction algorithm in splunk

how to change time in summary index i want _time not which is having in data i have used eval _time (now ) but it is not working its same showing event date not _ time

help to display a subsearch result after a tostring function

How to Span=2w but starting every firts monday of the month and so on?

How to combine a set of values as 'Other' in a pie chart?

What is this error in dispatch process?

How to print results excluding the last line in Splunk like "head -n -1" in LInux?

how to do a line breaking after a string

Does anyone know how to monitor all running searches on a search head and their memory usage in real-time?

How do I plot crash rate over _time by app_name?

How to get a percentage out of 2 queries?

regex operator in Splunk is not working to match results

Where do I find the Query that created 'Identitiies_expanded' in SA_IdentityManagement app?

HELP ON EVAL FOR CALCULATING A NUMBER OF DAYS

Using the GUI, how can I search for events related to a specific host?

Can you help me do an eval for a percentage of two values in an Xyseries?

Dropdown input panel: Search is not changing as per dropdown selection

Charting percentage of a total over time?

playing with data II

How to create difference of two values

Calculating percentages based on counts

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...