Highest Voted 'splunk-query' Questions

11

votes

1 answer

How to calculate duration between logs in Datadog?

Splunk has transaction command which can produce duration between logs grouped by id: 2020-01-01 12:12 event=START id=1 2020-01-01 12:13 event=STOP id=1 as it is described on Query for calculating duration between two different logs in…

asked Jul 07 '20 at 19:52

Justinas Jakavonis

8,220
10
69
114

8

votes

2 answers

How to get url to specific splunk event?

How can I get a url to a specific splunk event from a list of splunk events returned by a search? If it's not possible, and I need to create a search that only returns that event, is there some unique id for each event that I can use in the query?

splunk splunk-query

asked Nov 07 '17 at 01:25

Rob Bednark

25,981
23
80
125

7

votes

1 answer

Group event counts by hour over time

I currently have a query that aggregates events over the last hour, and alerts my team if events are over a specific threshold. The query was recently accidentally disabled, and it turns out there were times when the alert should have fired but did…

splunk splunk-query

asked Aug 08 '18 at 15:14

jjohnson8

321
1
3
12

6

votes

1 answer

Splunk query for matching lines that do not contain text

To find logging lines that contain "gen-application" I use this search query : source="general-access.log" "*gen-application*" How to amend the query such that lines that do not contain "gen-application" are returned ? source="general-access.log"…

splunk splunk-query

asked Nov 29 '19 at 15:32

blue-sky

51,962
152
427
752

6

votes

2 answers

how do i pass a result from one search into IN clause of another search in splunk?

i run a query and get list of custId in form of table. how do i pass this result into another search query inside IN clause. eg: search 1: index=* "successful login for"|table custID this gives me table with column custID. Then i have to…

splunk splunk-query

asked May 15 '18 at 12:35

saurabh choudhary

73
1
1
6

5

votes

1 answer

Splunk - Stats search count by day with percentage against day-total

The use-case I have is to provide the count of a certain error (searched by a certain pattern) by day and provide a percentage of such 'errored' requests against the total number of requests (searched without the error pattern) handled every day.…

splunk splunk-query

asked Sep 24 '19 at 19:46

nocturno

73
1
7

5

votes

1 answer

splunk check if message contains certain string

In Splunk search query how to check if log message has a text or not? Log message: message: 2018-09-21T07:15:28,458+0000 comp=hub-lora-ingestor-0 [vert.x-eventloop-thread-0] INFO com.nsc.iot.hono.receiver.HonoReceiver - Connected successfully,…

java devops splunk splunk-query splunk-calculation

asked Sep 21 '18 at 09:54

Pratap A.K

4,337
11
42
79

5

votes

2 answers

Splunk how to combine two queries and get one answer

I am very new to Splunk and basically been dropped in the deep end!! also very new to language so any help and tips on the below would be great. The out come i am trying to get is to join the queries and get Username, ID and the amount of…

splunk splunk-query splunk-calculation splunk-formula splunk-sdk

asked Aug 16 '18 at 10:51

James

51
1
1
3

4

votes

1 answer

Splunk base search on dashboard and post processing the results

I have a dashboard that is using a base search, along with 4 other panels that reference this and format the results differently depending on the chart I want to use. When I run the base query by itself, it returns the data as expected. Base…

splunk splunk-query splunk-formula

asked Sep 16 '20 at 21:14

SBB

8,560
30
108
223

4

votes

1 answer

How to use/do where in column of a lookup in Splunk Search Query

I want the search with a field which match with any of the values in look up table. For now, I have used below where in query. But, I still want to query with Look up table instead of manually putting all those values in double quotes using the…

where-clause lookup splunk splunk-query in-operator

asked Jun 17 '19 at 07:41

omkar sirra

696
10
28

4

votes

2 answers

Splunk: Trying to split multiline event at search time

2018-06-20T00:04:35.000+00:00 (980) WAL Autocheckpointing, name=C:\Program Files\PriceService\data\documents.db 2018-06-20T00:07:16.000+00:00 (980) WAL Autocheckpointing, name=C:\Program…

regex splunk splunk-query

asked Jun 20 '18 at 13:41

L-Samuels

2,712
9
34
42

4

votes

1 answer

How to parse JSON metrics array in Splunk

I receive JSON from API in the following format: [ { "scId": "000DD2", "sensorId": 2, "metrics": [ { "s": 5414, "dateTime": "2018-02-02T13:03:30+01:00" }, { "s": 5526, …

splunk splunk-query splunk-calculation

asked May 23 '18 at 09:14

Max Zhylochkin

79
1
5

4

votes

1 answer

How To Calculate Exact 99.9th Percentile in Splunk

Does anyone know how to exactly calculate the 99.9th percentile in Splunk? I have tried a variety of methods as below, such as exactperc (but this only takes integer percentiles) and perc (but this approximates the result heavily). base | stats…

splunk percentile splunk-query splunk-calculation

asked Jul 31 '17 at 15:58

user1763328

301
2
3
11

3

votes

2 answers

Splunk : How to figure out replication Factor

If this sound silly to you I apologise in advance, I am new to splunk and did udemy course but can't figure out this. If I check my indexes.conf file in cluster master I get repFator=0 # # By default none of the indexes are replicated. # repFactor =…

splunk splunk-query splunk-dashboard

asked Dec 02 '21 at 08:03

ankit singh

111
6

3

votes

1 answer

Splunk: List indexes and sources to which one has access

Using this search command | eventcount summarize=false | dedup index | fields index I get a list of all indexes I have access to in Splunk. Is it also possible to get another column besides this within which the source for the index is visible…

splunk splunk-query

asked Jan 20 '21 at 13:12

Tobitor

1,388
1
23
58

Questions tagged [splunk-query]