Splunk Search

Discussions

Thread Info

How do you create an alert for different cron schedules?

We have 4 tasks that run on different schedules and log an event in the application logs when the job starts. The tas...

by Contributor in

How do I "OR" two regexs for two different fields?

I need to be able to do: ... | regex fieldA="<regex>" OR regex fieldB="<regex>" | ... All of the other rex ans...

by Motivator in

aggregate url calls , ignoring number in the route

HI Guys, I have a url like this: https://localhost/Client/V2/clients/23423/acc/view https://localhost/Client/V...

by Explorer in

Will someone help me with my REGEX in this Transforms.conf?

8/30/18 9:38:51.000 AM **rec_type=71** dns_query=s3.amazonaws.com dns_record_name=A src_tos=0 ssl_expected_action=Unk...

by Path Finder in

How do I group fairly unstructured events by specific words that they contain?

I have data that doesn't contain many useful fields. I have an initial query that returns a large set of events, and ...

by Explorer in

How to embed a timechart visualization from a Splunk query into a web app?

I have the following Splunk query that produces the following visualization: I would like to embed this ex...

by Explorer in

How to find the earliest event in a query that can search in an index?

My understanding is Splunk will purge old data in an index when the disk limit is reached. What is the easy/fast way ...

by Path Finder in

What is the function of host_regex?

In our Splunk forwarder, in the path: /opt/splunk/etc/apps/app01/default we have many stanzas such as: [monitor://...

by Path Finder in

Is there an alternate to join?

I am trying to create a join with a subsearch, but the subsearch results are getting truncated. is there a better way...

by Path Finder in

How do I display values of two fields in a stacked column chart?

My intent of this panel is to show the proportion of Compliant IPs (a field) to their respective Total IPs (another f...

by Communicator in

How do I perform math against two searches?

I have two searches that use the same index and each return a numerical total, differing only in the period of time o...

by New Member in

Using chained eval or separate eval statements, any performance gains?

Is there any performance benefit in : using one eval with several chained statements v/s using separate eva...

by Contributor in

How do I create a new column with incremental change based on another column?

Hello everyone, I am new to Splunk world and stuck with a query. Can you please help me find the solution for followi...

by Explorer in

common sql query to have for multiple sites dashboard with same metrices

I have a server in 30 sites in which each site has the same dashboard with the same metrics. But, the host will be in...

by Builder in

How to rewite a query to change the columns to rows and the rows to columns?

How to convert below query such that rows are converted to columns index=data earliest=-1w@w latest=now |eval requ...

by Communicator in

How to find the request per second by organization?

Hi I have an event which is comprised of OrgName, RequestName and others. How do i find the the average & max req...

by Communicator in

How to extract fields in a file?

I need to extract each filed in "monitoringdata" in file. belo is sample of data: {"@timestamp":"2018-07-27T16:06:...

by Contributor in

Alert suppression

What is the best way to run a search to be alerted/emailed between 4pm-6am M-F, weekend and holidays? Should the sear...

by New Member in

Why is _time is NULL when using JOIN?

I have this search query: | inputlookup "asset-list" | SEARCH PROD_CAT_2="Database" PROD_CAT_3="SQL Server" STATU...

by Path Finder in

How to search with a fixed time span timechart everyday?

I am trying to find my average response time of everyday events (not avg of all the events of that day , but the even...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you create an alert for different cron schedules?

How do I "OR" two regexs for two different fields?

aggregate url calls , ignoring number in the route

Will someone help me with my REGEX in this Transforms.conf?

How do I group fairly unstructured events by specific words that they contain?

How to embed a timechart visualization from a Splunk query into a web app?

How to find the earliest event in a query that can search in an index?

What is the function of host_regex?

Is there an alternate to join?

How do I display values of two fields in a stacked column chart?

How do I perform math against two searches?

Using chained eval or separate eval statements, any performance gains?

How do I create a new column with incremental change based on another column?

common sql query to have for multiple sites dashboard with same metrices

How to rewite a query to change the columns to rows and the rows to columns?

How to find the request per second by organization?

How to extract fields in a file?

Alert suppression

Why is _time is NULL when using JOIN?

How to search with a fixed time span timechart everyday?

Splunk APM & RUM | Upcoming Planned Maintenance

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

How to extract field names against values in one (...

How to compare data between two business weeks usi...

Help with non eng word rex search?

Cannot export search results- How to fix error?

How to remove null values then add fields?