Splunk Search

Discussions

Thread Info

Modify values for timechat based on aggregation function

There is metric which accumulative counter of some event. Timechart of this metrics look like monotonic function. I c...

by New Member in

How to create a search with dynamic changing host values

index=wineventlog sourcetype=WinEventLog* earliest=-2d host=a OR host=b OR host=c OR host=d OR host=e OR host=f host=...

by Builder in

Use same query for all the panels with different search value for just one field

Problem to solve: we have say 500 servers. out of 500 servers some servers have older versions of software installed...

by Explorer in

field extraction very long field

I have a log file that sometimes has very long field. A row of my log is: 018-07-31 10:22:38.8701 inoutLogger level="...

by Explorer in

Create index when forward event

Is it possible to create index when forward event to the indexer, by extracting value of the field. And this value to...

by Engager in

How do I create a list of unique IPs from an access log file to compare to a Audit log event?

I have some web access logs that look like this: 10.0.0.134 - - [31/Aug/2017:08:07:40 -0600] "GET /images/MXALogin...

by New Member in

How to make the search time faster when including a timechart of total servers (Windows and NIX) in a leadership dashboard?

Hi everyone, Would appreciate your input on a challenge. For our leadership's dashboard we've been asked to includ...

by Path Finder in

Percentages display

If I want to display percentages as well as a count for a table and I want the percentages out of the total count of ...

by Explorer in

How can I report on incomplete transactions?

I am using the following search to report on successful transactions in our password checkin/checkout system : (in...

by Splunk Employee in

Forecast Time series

Hi Ninjas, I have a query that looks like this: sourcetype="x" index=y source="z" host="S" | bin _time span=1...

by New Member in

Improving Search Speed in Stats Query

I'd like to run search to look at average and max values for every server over an extended period of time. Currently ...

by Explorer in

want to compare two fields and add new column for result

I have gone through so many posts but have not found what I am looking for. here is what I am looking for. I a...

by New Member in

How to search on each entry in a text box input where entries are comma-delimited?

I have users entering usernames separated by commas into a text box input. I want to run a search on this input that ...

by Explorer in

How to do fields extractions from multiline fields that have more than 600 characters?

I am using Splunk Enterprise on Windows machines and extract several fields from multiline events. Everything works f...

by New Member in

How to write a transaction restricting time of start event?

I want to create an alert which will find requests which have not received a response. I have created the followin...

by Explorer in

How to show index in the table when we use metadata?

I have a scenario that i have to trigger alert when splunk forwarder is not running i have query that working fine.in...

by Builder in

Splunk Query using transaction

Hi Team, Would like to design the query for the below requirement where we wanted to capture 2 dash boards as belo...

by New Member in

How to monitor log time from 22.00 to 8.00?

Dear all. Please support me about monitor and statistics log from 22.00 to 8.00 Thanks

by New Member in

data masking via transforms.conf and props.conf wont work?

After indexing the data, i've done some transforms.conf and props.conf configuration. The configuration masks the fir...

by Explorer in

Convert date field given in dd(numeric)-mmm(text)-yyyy(numeric) into mm/dd/yyyy

Hi In one of my log reports a date field (not the deafult _time field) has data as 06-Mar-2018 and not as 03/06/2018...

by Explorer in

How to do a firewall search for all src ips and match those ips to a subnet range that is in a lookup table?

Hello, I am trying to do a firewall search for all src ips and match those ips to a subnet range that is in a loo...

by New Member in

Using multiple values in a field to compare to the values in another field

Hi, I am looking to using all the values from one field and see if they partially appear in another from a set of ...

by New Member in

Using AVG function with count

I'm a brand new Splunk user, so I apologize if this is an extremely basic question. This is the query I'm running: ...

by New Member in

Rescan Splunk raw data in one search

Looking for some ideas. I have a search that runs fine. I was given the task of modifying it so, under certain condit...

by Builder in

Can I join fields output from two extensive search queries to create a list of fields on which I can run my final query to get desired result

I am new to splunk and right now trying to create a dashboard for IT. I have different csv file for AV, PAtch, Softwa...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Modify values for timechat based on aggregation function

How to create a search with dynamic changing host values

Use same query for all the panels with different search value for just one field

field extraction very long field

Create index when forward event

How do I create a list of unique IPs from an access log file to compare to a Audit log event?

How to make the search time faster when including a timechart of total servers (Windows and NIX) in a leadership dashboard?

Percentages display

How can I report on incomplete transactions?

Forecast Time series

Improving Search Speed in Stats Query

want to compare two fields and add new column for result

How to search on each entry in a text box input where entries are comma-delimited?

How to do fields extractions from multiline fields that have more than 600 characters?

How to write a transaction restricting time of start event?

How to show index in the table when we use metadata?

Splunk Query using transaction

How to monitor log time from 22.00 to 8.00?

data masking via transforms.conf and props.conf wont work?

Convert date field given in dd(numeric)-mmm(text)-yyyy(numeric) into mm/dd/yyyy

How to do a firewall search for all src ips and match those ips to a subnet range that is in a lookup table?

Using multiple values in a field to compare to the values in another field

Using AVG function with count

Rescan Splunk raw data in one search

Can I join fields output from two extensive search queries to create a list of fields on which I can run my final query to get desired result

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions