Splunk Search

Discussions

Thread Info

How can I perform a count and then average that count?

I am investigating failed logins. I need to perform a count of all failed logins by user, take an average of that cou...

by New Member in

How to convert an invalid field to a date?

index=pltwg_shopflex | eval Time=typeof(event.InventoryEventCarpet.InventoryEventCreateDateTime) "http://cimsplunk/en...

by New Member in

How to filter on DC after applying stats?

I have the following search in which I am looking for a list of each source IP, the list of websites they hit, the co...

by Motivator in

Timechart Span problem

Hi , Question regarding splunk timechart if i ran the command : index=_internal earliest=-1@d latest=now() | time...

by Builder in

Math function return only 17 most significant digits

Hello everyones, Every math operations or functions seem to round the number to the 17th most significants digits....

by Engager in

Best Practice for saved searches and own APPs / TA

Hi there, we have a SH-cluster and index-cluster (and Dextra deploy-server). We defined some automatic lookup and ...

by Path Finder in

Calculate average count by hour & day combined

Hi, I am wanting to calculate the average count of "incidents" per hour/day (i.e. Mon-07:00, Mon-08:00) over a 12 ...

by Explorer in

using a lookup file to populate a search query

I have a lookup table containing a list of building names - which I think may be useful in creating the query I need ...

by New Member in

Best query to check who modified an AD group

smtp address for the AD group was changed by an admin.Would like to check who made the changes in AD by renaming the ...

by New Member in

Search for regimented connections

Hey Guys, So i'm looking at multiple methods for detecting command and control connections, obviously 1 method alo...

by Communicator in

field value invalid

I have used "typeof" to know the Types for fields for the data set in splunk web version, but I get the Value column ...

by Explorer in

How to construct columns with the same data, and then use these pseudo columns to calculate

I want to get data ,as following How to construct columns with the same data, and then use these pseudo colu...

by Explorer in

How to create an eval column in a table that says "match" or "no match" if the value of all columns is the same/or not for each row?

test host1 host2 host3 temp test1 x1 x1 x1 Match test2 y1 y2 y1 No match test3 z1 z1 z3 No ma...

by New Member in

I need help joining two cvs (customers and purchases) that shows what was purchased and if certain products were not purchased

The two csv files I have are customers (fields= customerName,customerID,region,IsActive) with one row per customer an...

by Explorer in

Splunk Search

Discussions

How can I perform a count and then average that count?

How to convert an invalid field to a date?

How to filter on DC after applying stats?

Timechart Span problem

Math function return only 17 most significant digits

Best Practice for saved searches and own APPs / TA

Calculate average count by hour & day combined

using a lookup file to populate a search query

Best query to check who modified an AD group

Search for regimented connections

field value invalid

How to construct columns with the same data, and then use these pseudo columns to calculate

How to create an eval column in a table that says "match" or "no match" if the value of all columns is the same/or not for each row?

How to exclude fields from LinearRegression command/use subsearch to generate fields for LinearRergession ?

Extract string from text based on character position

Splunk support telecom protocols

filtering search to exclude all instances of field 1 for when certain results in field 2

I am using the code for date but this is the time the event was created, not when it really happened. See Details

"Exception - com.splunk.mr.JobStartException: Failed to start MapReduce job."

I need help joining two cvs (customers and purchases) that shows what was purchased and if certain products were not purchased

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>

Deployed Apps Search

Filter out pan_traffic_start eventtype

timechart limit=0 useother=false span=2d count by ...

trace and span in enterprise splunk

Did my search work or not?

Splunk Search

Discussions

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>