Splunk Search

Discussions

Thread Info

Roman date parsing

Hi, I have a log with the following datetime format: 03 IV 2018 23:03:53.014 I am trying to parse it, but I am fai...

by Path Finder in

Subtracting between two _time (And get result in days)

My log contain some events that we call 'bonus_events'. And 'bonus_events' happen once or twice a week. I am calculat...

by Contributor in

How to search against index with network device log and find and combine ospf link down?

Hi, I would like to search against index with network device log. I would like to know how i could find and comb...

by Explorer in

Field results

Hi everyone, I'm new in Splunk and I want some help from you (please). Here is an image to explain what i'm trying...

by New Member in

Get Latest event per month?

I am trying to show a graph of the latest events per month. My search query is: | timechart span=1month latest(av...

by Communicator in

How to display the delta value in percentage

I have a requirement to show the monthly growth percentage of an object. Basically need to find out the growth of an ...

by Communicator in

How do I get the 1st day on the current year ?

Hello, I would like to visualize data starting from the 1st of January of the current year. I see how to get the curr...

by Path Finder in

Find differences in time between events with some shared field values in a subsearch

We have our logs in JSON structured data. Events contain the following fields Time, ID, Client I am trying to comp...

by Communicator in

number of user Daily named and anonymous users (last month) and Monthly named and anonymous user (last 6 months)

so I have 4 summary indexes - source=summary_user That contains this query: (host=pnr-proxy-prod* OR host=maste...

by Path Finder in

How to count when there are 'no results found'

I have a very simple query and can't believe I can't get this to work... The os index should have 5 sourcetypes fo...

by Engager in

Use stats to show multiple values resulting from fields generated by eval command

Sorry, for some reason I cannot post my code, so attaching photo instead (please post my code if you can). Result ...

by Communicator in

extract top ten values

hi i use this code index="wineventlog" sourcetype="wineventlog:" SourceName="" Type="Critique" OR Type="Avertissement...

by Explorer in

How do I search for events that do not have another specific event occurring within a certain time?

I want to search for events that do not have a specific other event occurring within a certain time. For example, ...

by New Member in

can you please provide me a query to find out the outdated splunk universal forwarders list in our environment

i want to check the versions of all the splunk universal forwarders which are before 4.2 version in my existing envir...

by New Member in

Calculating the average time between start and stop jobs for a service

Hi, i've asked this question before and never got it to work.maybe it was my fault that i was not clear on what i ...

by Contributor in

How to custom field extract for the field "ending with"?

My sample log (Modified to remove confidential data) looks like following. Apr 9 13:54:13 10.195.247.77 04/09/201...

by New Member in

How to search a query based on the result of another query?

I have list of events that have IP address { USERID: system01 browser: Chrome, ip: 192.168.10.10 ...} { USERID: syste...

by Explorer in

How to collapse variable part of url to get a list of urls?

Hi, I'm trying to get a list of urls that users are visiting for each of the customer sites that we manage. I ...

by Path Finder in

How to get the month name for selecting previous month via date_month?

We've got the following search: tag=PeopleCounters earliest=-13mon@mon latest=@mon date_month=March | chart sum(co...

by Path Finder in

Visited website duration

Hi Everyone, I have the query below and it works, however I would like to add the time spend on each website/domai...

by New Member in

Getting values from a field and comparing them

I have the following query: index=source sourcetype=type_example | bin _time span=5m| eval TIME=strftime(_time,"%...

by Explorer in

Is it possible to combine multiple rows in a lookup table?

Hello, I use a dbxquery to import asset’s tags which includes information about asset’s category, business unit an...

by Communicator in

How can I display my data in a bubble chart?

I am running the following search: "authentication failed" | stats count by user, sourceip | sort -count | head 10...

by Explorer in

How to count stats for two different field logs coming from the same device by using the OR command?

I have two different fields in logs coming from the same device. I want to count that stats for both fields by using ...

by Explorer in

rex to extract field from csv

Hi, I want to extract below fields First 5 fields are automatically extracted by splunk witihout any issues. But ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Roman date parsing

Subtracting between two _time (And get result in days)

How to search against index with network device log and find and combine ospf link down?

Field results

Get Latest event per month?

How to display the delta value in percentage

How do I get the 1st day on the current year ?

Find differences in time between events with some shared field values in a subsearch

number of user Daily named and anonymous users (last month) and Monthly named and anonymous user (last 6 months)

How to count when there are 'no results found'

Use stats to show multiple values resulting from fields generated by eval command

extract top ten values

How do I search for events that do not have another specific event occurring within a certain time?

can you please provide me a query to find out the outdated splunk universal forwarders list in our environment

Calculating the average time between start and stop jobs for a service

How to custom field extract for the field "ending with"?

How to search a query based on the result of another query?

How to collapse variable part of url to get a list of urls?

How to get the month name for selecting previous month via date_month?

Visited website duration

Getting values from a field and comparing them

Is it possible to combine multiple rows in a lookup table?

How can I display my data in a bubble chart?

How to count stats for two different field logs coming from the same device by using the OR command?

rex to extract field from csv

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

SignalFlow: What? Why? How?

eval in stats with max

Fuzzy Match Between Two LARGE Lookups

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown