Splunk Search

Discussions

Thread Info

How to display the difference between the results from two different searches?

I display two different graphs by using the following strings. "Sending" earliest=-7days | eval gigabytes=((bytes/...

by Explorer in

How to set up an alert to trigger if EventB from IndexB happens within 1 minute after EventA from IndexA?

I had a previous thread open, but since then I worked on the alert and refined some criteria. The alert is running of...

by Communicator in

How to include the time of each calculated "stats max()" in a table?

If I have a search of search|stats max(duration) by Action When I run the search, how can I add the time for ...

by Builder in

Why is my search producing error "Error in 'eval' command: The expression is malformed..."?

When I enter this search: sourcetype=win* (EventCode=4624 OR EventCode=4634)| stats latest(eval(if(EventCode=4624...

by Communicator in

Why am I unable to get a running total using the streamstats command in my search?

When I try the search to create a running total out of the streamstats documentation, it doesn't work. Nothing change...

by Path Finder in

How do I get Cache Hit ratio?

I have cache hit as well as cache miss reports, How do i get the ratio of cache hit i.e, cache hit / (cache hit + cac...

by Engager in

Why am I unable to convert a PerfmonMK memory value in bytes to kilobytes using eval?

I am collecting a PerfmonMK dataset that includes a memory value in bytes. I would like to display the value in KB. N...

by Path Finder in

How to create a search to find expected hosts that are not reporting to Splunk?

I'm looking to create a report that finds expected hosts not reporting to Splunk without using the Macro. Anyone have...

by Explorer in

How do I combine my two searches to get expected results?

Hi, Can someone help me? I have the searches below and need to be combine the two to display the expected results:...

by Explorer in

Python oneshot query to search for many values via API

I'm trying to run a search where I will get results if a field matches one of many predetermined values and I'm worri...

by Explorer in

How to disable search in a specified index for certain groups of users?

Hello. I have a simple question: I would like to have a specified index with sensitive data in it, however, I ...

by Explorer in

How to create a search to find a percentage using my data set and display this in a timechart?

First of all I am very new to splunk!  My data can be simplified to look something like this. Employee = (Unique...

by New Member in

How to use rex to extract Linux directory sizes and names?

I run a daily script on the server, du -sk, against a certain directory that contains 200 subdirectories and write th...

by Explorer in

Aggregating fields in JSON array

I'm relatively new to Splunk queries. I have an event that contains JSON and within the JSON data is an array. There'...

by Explorer in

I am able to extract a field with rex in a search, but why does it not appear in Interesting Fields when I save it as a field extraction?

Hi all, I'm using the Splunk Field Extractor in order clean up the my search a bit, and I'm using the following re...

by Path Finder in

I have a graph displaying how many workstations have out of date virus definitions. How can I exclude certain systems from the count?

On my dashboard, I have a graph displaying how many workstations have out of date virus definitions. Several of these...

by New Member in

How can I recreate this chart in Splunk?

http://imgur.com/MbH4w37 Trying to recreate this chart in Splunk - can anyone assist, as I'm a bit uncertain where...

by Builder in

Can you use stats count() on each value in a mvfield that was just created in the same stats command by the stats values() function?

I might be going to deep here but I figured I'd give it shot... I have a stats command keying off of a domain name...

by Builder in

Join only returning values from one side of the search!

I need to join data from two (or more, ultimately) different sourcetypes based on the shared "host" field. Just a sub...

by Builder in

How to combine 2 search results and calculate error rate?

I am trying to determine the error rate. Total Count per URI: index=applogsprd java_class="*content.common.spr...

by New Member in

Splunk Search

Discussions

How to display the difference between the results from two different searches?

How to set up an alert to trigger if EventB from IndexB happens within 1 minute after EventA from IndexA?

How to include the time of each calculated "stats max()" in a table?

Why is my search producing error "Error in 'eval' command: The expression is malformed..."?

Why am I unable to get a running total using the streamstats command in my search?

How do I get Cache Hit ratio?

Why am I unable to convert a PerfmonMK memory value in bytes to kilobytes using eval?

How to create a search to find expected hosts that are not reporting to Splunk?

How do I combine my two searches to get expected results?

Python oneshot query to search for many values via API

How to disable search in a specified index for certain groups of users?

How to create a search to find a percentage using my data set and display this in a timechart?

How to use rex to extract Linux directory sizes and names?

Aggregating fields in JSON array

I am able to extract a field with rex in a search, but why does it not appear in Interesting Fields when I save it as a field extraction?

I have a graph displaying how many workstations have out of date virus definitions. How can I exclude certain systems from the count?

How can I recreate this chart in Splunk?

Can you use stats count() on each value in a mvfield that was just created in the same stats command by the stats values() function?

Join only returning values from one side of the search!

How to combine 2 search results and calculate error rate?

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >

Filtering mstats data using eventtypes and tags

Extracting fields from nested JSON event

Join field form inputlookup failed

Eval Input Token with Backslashes

Lookup time-based not working with tstats

Splunk Search

Discussions

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.Find out what your skills are worth! Read the report >

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >