Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Delayed log ingestion

Hi Splunk, Having a problem with one of our ingestion in splunk. The logs are delayed and cant seem to find the ca...

by New Member in

Problem with tokens and earliest/latest

Hi everyone! So, I have this search: index=XXXXX sourcetype=XXXXX earliest="$time_token.earliest$" latest="$tim...

by Path Finder in

Equivalent of '$' of bash in splunk

Query: search...| eval earliest=relative_time(strptime("01-February 2017","%d-%B %Y"),"+0mon"), latest=relative_ti...

by Explorer in

Issue with regex

This is the event : 02OCT2017_16:46:47.212 130880:140149567481600 INFO event.py:177 root event = {"hopTrace": {"ho...

by Explorer in

How can I sort by date? Example time format is: Sat Oct 07 2017 07:30:00 GMT-0400 (EDT)

I have a search from which I get the below result one of the columns in the statistics table : Sat Oct 07 2017 07:...

by Explorer in

How does Splunk parse german Umlauts?

Hi everyone, I've been confronted with the problem, that the case insensitive search command search, differentiate...

by Explorer in

Timecahart of unique web users including results by unique IP address or unique user name

Hello everyone. I'm trying to get a time chart of unique users from my IIS logs. Our apps are both authenticated and ...

by New Member in

How can I correlate results from two separate searches?

I have syslog formatted events that correlate together based on one value, and a search that will pull a single line ...

by New Member in

How can I create a table of my search results with a count of each matching dest_ip value?

I have this search of events: eventtype=cisco-firewall src_ip="*" (dest_ip="192.168.1.2" OR dest_ip="192.168.2.2" ...

by Path Finder in

Redrawing chart changes y axis maximum

I have a table which drills down to change a chart: <row> <panel> <table> <title>Exchanges</ti...

by New Member in

Help with writing a join command that joins a security breach to the previous login

This is the requirement. I need to join two events based on a common field “User”. The Event with EventType “Security...

by Explorer in

summing two event counts by source

so, I am trying to parse out syslog stats data, trying to get a velocity of the events to figure out which log source...

by Explorer in

Use values from two panels in a third panel

Hi, I have 3 single value panels. The first one generates total number of unique logins index=cox host="cox*" /...

by Motivator in

How to make my search more efficient? Help to remove joins

My search is running pretty slow and I am looking to edit/remove the joins to make it run faster. It looks pretty mes...

by Path Finder in

Error in 'where' command: The 'in' function is unsupported or undefined.

Hi I tried to search as below, with where in(VALUELIST) function as described in: http://docs.splunk.com/Documentatio...

by Path Finder in

Whats the splunk equivalent of SQL IN clause

What is the Splunk equivalent of an SQL IN clause. I want to run a query where some field has a value which is presen...

by Explorer in

Splunks equivalent to the SQL "IN" () function

I'm trying to create a search form that can take a comma separated list. In sql I would use the 'IN' command. If t...

by Path Finder in

How to find common packages installed on many hosts?

I am indexing rpm -qa outputs and want to find all of the packages that are common throughout my infrastructure. The ...

by Splunk Employee in

How do I get my rex search to extract a string between two strings from a sample below and concat it with the fixed string "751."

Example1 Input: 352322648-1112 : D_SSPP-HNW_SD-AVI Output i want : "751.1112" Example2 Input: 335587620-43...

by Explorer in

Join with "eventstats" on a non unique field

Hello there, I have 2 indexes [customer_id, datetime] and [customer_id, date_of_creation, motive] with a common fi...

by Explorer in

Splunk Search

Discussions

Delayed log ingestion

Problem with tokens and earliest/latest

Equivalent of '$' of bash in splunk

Issue with regex

How can I sort by date? Example time format is: Sat Oct 07 2017 07:30:00 GMT-0400 (EDT)

How does Splunk parse german Umlauts?

Timecahart of unique web users including results by unique IP address or unique user name

How can I correlate results from two separate searches?

How can I create a table of my search results with a count of each matching dest_ip value?

Redrawing chart changes y axis maximum

Help with writing a join command that joins a security breach to the previous login

summing two event counts by source

Use values from two panels in a third panel

How to make my search more efficient? Help to remove joins

Error in 'where' command: The 'in' function is unsupported or undefined.

Whats the splunk equivalent of SQL IN clause

Splunks equivalent to the SQL "IN" () function

How to find common packages installed on many hosts?

How do I get my rex search to extract a string between two strings from a sample below and concat it with the fixed string "751."

Join with "eventstats" on a non unique field

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>

Why does my set union command result in two datase...

Search types and bloom filters

Improve Speed of Correlation Search

"StatsFileWriterLz4 file open failed" error after ...

Several subsearch with metrics index

Splunk Search

Discussions

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>