Splunk Search

Discussions

Thread Info

Create folders in "Searches & Reports" drop down menu

Does any one know how to create folders in "Searches & Reports" drop down menu to organize the searches?

by Explorer in

are postprocess searches counted against the search quota for a given role?

seems that the quota for searches includes postprocess searches, can someone confirm this? If, so can I get a link to...

by Path Finder in

Filter search results based on return value of subsearch

Hello Splunk Community, I am attempting to restrict search results based on the return value of a subsearch. My en...

by Explorer in

statistic by week days

How do I get an average count of operations during current minute using last 3 weeks, for example? I need to know how...

by Communicator in

Creating A Graph from summed HTML responses

Hi, I have a log with entries returning something such as [2013-05-29 12:29:08:893 GBT] RESULTS 200=19 400=0 401=1...

by Path Finder in

Is it possible to strip text out of a field for better reporting

I am looking to strip out some text from a field in my log file and have no knowledge of regex to do it. What I would...

by Engager in

Query Correlation

I was hoping that someone could help me out with a query. I am trying to correlate a DNS request to the firewall IP t...

by Engager in

removeコマンド実行時の挙動について

GUI上でインデックスをデフォルトで作成し、インデックス内のデータ有無に関わらず以下のパターンで削除を実行した場合に挙動に違いがありました。【インデックスの作成】「Search」app以外のappの管理画面(例：htt...

by Path Finder in

DB Connect Oracle timezone region not found

Hi everyone, When I try and connect to my oracle database with Splunk DB Connect I get the following error: er...

by Explorer in

Custom Query

I look for all strings as shown below. I need to calculate the number of such calls (8 in this case) and the average ...

by New Member in

XML Specific colors for each column inside the column chart

Hi, How can I put specific colors for a column chart I tried this {"Existing":0xFF0000,"Not E...

by Explorer in

What causes timechart to start drawing with recent data but change time periods, lopping off recent results?

I'm looking for unique local/foreign pairs in netstat output to track the number of tcp connections in TIME_WAIT on a...

by Splunk Employee in

Correlate extracted banned IP field with corresponding SSH log events

Hello Splunk Community, I am new to Splunk so please bear with me. My end goal is to construct a dashboard summary...

by Explorer in

How to find "non" unique users.

<--- NOOB Ok...so here is my quandry... I have a query (see below) that returns a list of users, ips and client in...

by Engager in

SPL-58292 resolved?

I see that 5.0.3 was released. Was SPL-58292 resolved? Am I supposed to infer that by virtue of it not being listed i...

by Path Finder in

Lookup Table

I am attempting to use an external lookup table against some twitter data. My Transforms.conf file reads: [HLookup...

by Explorer in

How to count equal sources

Hello, I want to count the denials from the same source ip. How can I do this? The Log looks like this: May 28 07:...

by New Member in

Splunk aggregate transaction.

My current situation is the following: There are 26 messages that can be sent between three parties. There are 3 p...

by Explorer in

Question on Search

Hi, We have devices which maintains session information of various users. These devices have a max capacity of ses...

by Influencer in

Using stats result of a field in one sourcetype to compute a values for a field in another sourcetype.

There are two sourcetypes, The first sourcetype has a field called hours_travelled. Now I have to compute mean(hours_...

by Communicator in

perl script

Hello all, I need to create multiple eval fields like this old question: create-multiple-eval-fields-with-wilcards...

by Explorer in

Search For CamelCase

Occassionally we see DNS requests that come in using CamelCase (coMpanY.com or COMpaNy.com, etc.) instead of company....

by Path Finder in

How to get argument to run a script in perl

I did a alert to run a script and it runs with fixed variable. But now i want to pass variable (argument  but I don'...

by Explorer in

Join with different fields names.

Hi, I'm trying to port some SQL queries we wrote to Splunk but whereas with SQL I can specify which columns to joi...

by Engager in

different time ranges or tricks

How can I compare an average count of events per minute in last 15 minutes (for example) and the number of events dur...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Create folders in "Searches & Reports" drop down menu

are postprocess searches counted against the search quota for a given role?

Filter search results based on return value of subsearch

statistic by week days

Creating A Graph from summed HTML responses

Is it possible to strip text out of a field for better reporting

Query Correlation

removeコマンド実行時の挙動について

DB Connect Oracle timezone region not found

Custom Query

XML Specific colors for each column inside the column chart

What causes timechart to start drawing with recent data but change time periods, lopping off recent results?

Correlate extracted banned IP field with corresponding SSH log events

How to find "non" unique users.

SPL-58292 resolved?

Lookup Table

How to count equal sources

Splunk aggregate transaction.

Question on Search

Using stats result of a field in one sourcetype to compute a values for a field in another sourcetype.

perl script

Search For CamelCase

How to get argument to run a script in perl

Join with different fields names.

different time ranges or tricks

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Stats tables showing empty cells

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas