Splunk Search

Ask a Question

Discussions

Thread Info

How do you calculate the total and average duration of the session length for unique users?

I am relatively new to Splunk so please forgive my naivety. I have been tasked with calculating the session length...

by New Member in

Appendcols or other options for searching a sub-search on port ranges

Here is the example in the Splunk documentation: specific.server | stats dc(userID) as totalUsers | appendcols [ s...

by Loves-to-Learn in

graph of active sessions per hours

Hello, I ingest in Splunk enterprise the following log file about end user sessions (only one record is sent at t...

by New Member in

Help required regarding lookup

I have a lookup(search_query.csv) with data as below. Name Subcategory Query Get Vehicle index=abc I...

by Engager in

get rid of this awful other column

I want to do a " | stat count by host " or a " | timechart span=1d count by host". I need the detail for each host...

by Communicator in

Order of columns after xyseries is unexpected

I am trying to arrange one of my column into rows. So I am using xyseries which is giving right results but the order...

by Explorer in

How to generate smaller time frame events from a given event ?

Hi everyone, I have this current situation, I receive events that each one contain a start time and end time, the du...

by Explorer in

Breakdown _time into date and time and then transpose

Hello, I have a table like this: +---------------------+-------+ | _time | value | +---------------------+----...

by Explorer in

Get loginID correlating to another event

Hi everyone, I'm currently struggling getting the results I want to receive. I have a different set of logs, bu...

by New Member in

Using bin command can you put all values above a cutoff into the last bin?

I'm using the bin command to get a distribution of values, and each grouping is in increments of 10,000. I have a fe...

by Path Finder in

Why am I getting "The lookup table does not exist. It is referenced by configuration" error though I haven't used in my dashboard?

I haven't used any lookup table in my dashboard. But still I am facing "The lookup table XXX does not exist. It is re...

by Path Finder in

How do you convert numeric JSON arrays to comma separated strings?

I have a JSON with the following format: { "TestSplunkLog" : { "TestFailureLog" : { "appName" : "***",...

by Path Finder in

Help with the Splunk settings to localize dates and numbers from English to Italian -- doc instructions didn't work

I followed the document to translate splunk to a specific language http://docs.splunk.com/Documentation/Splunk/6.5.2/...

by Explorer in

Stats Count Eval If

Hi, I wonder whether someone can help me please. I'm using number the following as part of a query to extract data...

by Motivator in

Can you help me with the following query?

Hello, I am trying to calculate the RTT time of a host where the IP is in a different source, and the rtt time is ...

by Builder in

Is there a way to display Count per hr for last 24hrs with Average per hr for the last 30 days as an overlay?

Hi Splunk Gurus, Hoping someone out there might be able to provide some assistance with this one. I have a requ...

by Path Finder in

How do you trigger an alert using stats count to return 0 when value is 0?

I have an alert that is not triggering because there are no events occurring for one of my search parameters. I would...

by Path Finder in

Compare and filter table results

Given the table below: VIP Group State Primary_VIP Group1 Down Backup_VIP Group1 Down Primary_VIP Group3 Down Back...

by Engager in

How to use NOT in Transaction command

i have query like below and got result index=ABC host=xyz123 | transaction startswith="failure" endswith="success"...

by Motivator in

I need to group events that have the same date and the same ip address

HI folks! I need to group by two variables but am having trouble figuring it out. time ip_address user eventid ...

by New Member in

How do you get the yearly count data?

Hi, index="os" sourcetype="Service" CaseNumber="Test-2018*" (Group="Secure" OR Group="health") AND (Section="Conne...

by Explorer in

How to expand macros in a Splunk search?

I have a search as follows: index="x" search_name="`Y`" (status=Z) | `A` |`B` where A and B are macros Now ...

by Builder in

How to create a table in which mandatory and optional fields are correctly aligned

Hello, I have a problem extracting data from a log with format not fixed. I explain: each row of my log contains a...

by New Member in

How do you merge events by _time field and add new fields?

Hi everyone, My data is as flowing. The cnt is events count of scanner_type by day. I want to show everyday`...

by Communicator in

How to display Current group ?

Hi, index="os" sourcetype="Service" status=* (Group="Data/Config" OR Group="Secure") AND (Section="Site Problem" O...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you calculate the total and average duration of the session length for unique users?

Appendcols or other options for searching a sub-search on port ranges

graph of active sessions per hours

Help required regarding lookup

get rid of this awful other column

Order of columns after xyseries is unexpected

How to generate smaller time frame events from a given event ?

Breakdown _time into date and time and then transpose

Get loginID correlating to another event

Using bin command can you put all values above a cutoff into the last bin?

Why am I getting "The lookup table does not exist. It is referenced by configuration" error though I haven't used in my dashboard?

How do you convert numeric JSON arrays to comma separated strings?

Help with the Splunk settings to localize dates and numbers from English to Italian -- doc instructions didn't work

Stats Count Eval If

Can you help me with the following query?

Is there a way to display Count per hr for last 24hrs with Average per hr for the last 30 days as an overlay?

How do you trigger an alert using stats count to return 0 when value is 0?

Compare and filter table results

How to use NOT in Transaction command

I need to group events that have the same date and the same ip address

How do you get the yearly count data?

How to expand macros in a Splunk search?

How to create a table in which mandatory and optional fields are correctly aligned

How do you merge events by _time field and add new fields?

How to display Current group ?

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!