Splunk Search

Thread Info

Splunk logs dedup/consolidation

Hi Splunkers! Do any of you know if there is a built-in feature or mechanism in Splunk that aggregates similar lo...

by Contributor in

(While) Loop function in search

I'm currently facing an issue where I would solve it with a loop function in any programming language. But I'm no...

by New Member in

query help with chart

Hi, I have a csv file with inputs like this : Time,Device,Interface,Duration,Bits In/sec,Bits Out/sec,BW 3/22/2...

by Communicator in

Join command not matching on username properly

I'm trying to join the two queries together one which queries the total number of accesses by a student and then the ...

by New Member in

Help me to Format date

Hi I want to format the date field with the following format Ex: 20190401 Expected: 01 Apr 2019 Mon ...

by Engager in

How to check the gradual increase of the value of a field which crosses 3 time increment

I have a requirement, where I need to display name of an queue, for which the size of the queue is keep on increasing...

by Communicator in

How do you remove remote data with configure file?

Hi, Splunkers: Recently, I've migrated my indexer to search head, but I'm not very familiar with configure files. ...

by Path Finder in

How do you create a timestamp field?

I'm inputing a txt file into Splunk, and I need assistance with timestamp format and prefix. Example event: 05:...

by New Member in

How can I run the extract command on field extracted by the rex command

Cog in a larger machine, I have asked my Splunk team to improve the parsing on some of our logs, but it hasn't happen...

by Explorer in

Scheduled search in a dashboard

Hello Everyone, I have created a dashboard and wants the result for last 7 days; and want to schedule it and run ...

by Path Finder in

How do you perform a mathematical calculation on the results of two queries?

Hello, I have two queries: 1. index=abc slice_played slicer=Latency externalUserID="$ext$" assetID="806d682119ac46...

by Path Finder in

Why is my lookup with a single column not working?

I have a CSV of filenames. The column header name in the CSV is indicator_F. Index=main has a field = file, which ...

by Builder in

How do you group by substring of URI?

I have raw data like below: /?AID=10654946&PID= 40 /test_main.jsp 232 /topic1.jsp?redirectPage=/main/word/un...

by Explorer in

Can you help me chart a statistics table on a month by month basis?

Hello, I have a search that generates a statistics table based on the timerange I select. How can I select, let...

by Explorer in

tstats summariesonly=t gets no results on accelerated data models

I have installed the CIM app done all of the event typing and tagging to get my data into the data models relevant to...

by Builder in

Can you help me to extract a date field?

Hello Splunkers, I need to extract only the date with the below logs in format mm/dd/yyyy. Could you please assist...

by Explorer in

How to parse my JSON data with spath and table the data?

I am trying to parse this json using spath, { "Class": "11", "date": "05/16/2016", "Student": [ { ...

by Explorer in

How do you make a Splunk Dropdown based on a field from a string result?

I have a Splunk search that returns a string with the format A;B;C I want to create a dropdown in a Splunk dashboard ...

by Explorer in

Using appendcols to get percent success in one time range vs another

I have the following search that I'd like to schedule to run after changes. The goal is to detect a change in success...

by Explorer in

How to generate a regular expression to extract the email from my _raw event?

Help me with regular expression in search to pick hello2017@gmail.com from _raw event below <string>hello2017@gma...

by Communicator in

How can I get UsePct

Please tell me know how can I get UsePct data? I must get the UsePct data which the MountedOn="/tmp" . Already typ...

by New Member in

How do you extract a field value with regex?

Hello, I have an event that looks like : > <18> 20/02/19 22:23:59 : Maintenance counter "Digital Materials Mod...

by Communicator in

Can you help me with a question about a search using the loadjob command and an earliest time modifier?

i have a saved query that can show data up to 90 days. But, when i run the search using the loadjob command, i wou...

by Builder in

Drilldown tokens earliest and latest for a timechart that is set to Global

Hi, I have a timechart that shows the status of tickets per month. index="_internal" | where _time >= $timep...

by Path Finder in

Can you help me get an HTML link of a timechart?

I have to get an HTML link of a specific timechart to have an opportunity to embed this link to another foreign site....

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Splunk logs dedup/consolidation

(While) Loop function in search

query help with chart

Join command not matching on username properly

Help me to Format date

How to check the gradual increase of the value of a field which crosses 3 time increment

How do you remove remote data with configure file?

How do you create a timestamp field?

How can I run the extract command on field extracted by the rex command

Scheduled search in a dashboard

How do you perform a mathematical calculation on the results of two queries?

Why is my lookup with a single column not working?

How do you group by substring of URI?

Can you help me chart a statistics table on a month by month basis?

tstats summariesonly=t gets no results on accelerated data models

Can you help me to extract a date field?

How to parse my JSON data with spath and table the data?

How do you make a Splunk Dropdown based on a field from a string result?

Using appendcols to get percent success in one time range vs another

How to generate a regular expression to extract the email from my _raw event?

How can I get UsePct

How do you extract a field value with regex?

Can you help me with a question about a search using the loadjob command and an earliest time modifier?

Drilldown tokens earliest and latest for a timechart that is set to Global

Can you help me get an HTML link of a timechart?

Buttercup Games: Further Dashboarding Techniques (Part 7)

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Mastering Data Pipelines: Unlocking Value with Splunk

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...