Highest Voted 'splunk-query' Questions

0

votes

1 answer

Specific field values extraction with single value only

Need to extract customers msisdn (From) who have sent only one SMS (Received) and that too "STOP". Logs are below - 5/27/18 11:38:29.598 PM [2018-27-05 23:38:29.598 UTC] INFO pool-1-thread-3 [receivedSmsFileLogger] - Received = "JE S8…

splunk splunk-query splunk-calculation

asked May 28 '18 at 05:48

Sumit Pandey

19
3

0

votes

1 answer

How do I find first occurence of a particular event for the list of users in splunk

i have to first occurence of a particular event for the list of users in splunk. eg: i have list of user say 10 from another query. i am using below query to find date of first mail sent by customer 12345. How do i find the same for a list of…

splunk splunk-query splunk-calculation

asked May 16 '18 at 11:41

saurabh choudhary

73
1
1
6

0

votes

1 answer

How can I break two Splunk logs in same row?

I am trying to break two logs which are logged in the same row because of which the next log is not getting published in the result while extracting, while it is showing in the event log. 02:09:50.296 64785434 [http-bio-8085-exec-156] INFO …

splunk splunk-query

asked May 15 '18 at 09:31

ravi

45
1
4
10

0

votes

1 answer

Splunk: Get a count of all occurrences of a string?

My log files log a bunch of messages in the same instance, so simply search for a message id followed by a count will not work (I will only count 1 per event when I want to count as many as 50 per event). I want to first narrow down my search to the…

splunk splunk-query

asked Apr 24 '18 at 17:12

marchocolate

53
1
2
10

0

votes

1 answer

Splunk search a pattern for log like "Response Elapsed: 00:00:00.0594215"

There are some information like as following in my log: " .....Response Elapsed: 00:00:00.0194215.... .....Response Elapsed: 00:00:05.0174875.... .....Response Elapsed: 00:00:11.5434871.... .....Response Elapsed: 00:00:01.342283.... " I want to…

splunk splunk-query

asked Apr 13 '18 at 07:01

AdvancingEnemy

382
3
20

0

votes

1 answer

Set up Splunk alert based on average of a field

I am new to Splunk so pardon me if my question is too naive. I want to set up a Splunk alert if the average of a field is above a threshold. My search is as follows: sourcetype="somesourcetype" search phase | stats avg(f1) as Average If I use…

splunk splunk-query

asked Apr 11 '18 at 15:22

fhcat

971
2
9
28

0

votes

1 answer

Merging multiple Splunk results

I need to write a Splunk query to get the status when given pid, last status should be printed,wrote individual queries to fetch the status but dnt know how to merge the queries.referred few docs but couldn't find a way. "##payto"|rex field=msg…

splunk splunk-query

asked Apr 09 '18 at 07:21

KVL

95
1
14

0

votes

1 answer

Finding transactions where a specific field has changed

I'm trying to find out-of-order events in Splunk. This example is analogous to what happens in our system: ... Time=15:40.09 Id=11 ScenarioId=7 Event=BlockChange Block=A-A Time=15:40.11 Id=12 ScenarioId=7 Event=BlockChangeConfirmed…

splunk splunk-query

asked Mar 29 '18 at 16:17

ilitirit

16,016
18
72
111

0

votes

1 answer

Splunk query substract time

I have a Splunk search query like this: ...earlier query..... | eval sTime=mvindex(sTime,1), eTime=mvindex(eTime,1), TotalTime = strptime(sTime, "%Y-%m-%dT%H:%M:%S%z") - strptime(eTime, "%Y-%m-%dT%H:%M:%S%z") | table sTime eTime TotalTime I have…

splunk splunk-query

asked Mar 15 '18 at 21:59

AKB

5,918
10
53
90

0

votes

0 answers

splunk workflow actions not working

I am trying to create an incident using splunk POST workflow action. From event when i try to trigger the workflow action a new window is opened and the query string is getting appended to URL but the values are not filled in the fields. how to…

splunk splunk-query splunk-formula splunk-calculation splunk-sdk

asked Mar 06 '18 at 18:07

jack

43
11

0

votes

2 answers

How to produce rows for non-existing time buckets?

I have produced a table like this: +----------+---------+---------+-------+ | _time | field_1 | field_2 | count | +----------+---------+---------+-------+ | 08:00:00 | A | 1 | 2 | +----------+---------+---------+-------+ |…

splunk splunk-query splunk-formula

asked Mar 05 '18 at 13:32

Yong Li

607
3
15

0

votes

1 answer

How do I retain table fields in Splunk after a chart pipe? Tried concatenating the values into 'over' parameter, but get 'No results found'

I've got a search where basically I want to show the number of user types per workspace per customer, but I can only get Customer Name and the user types into the table. This is what I have that gives me that: |…

charts splunk splunk-query

asked Mar 03 '18 at 02:41

Cdhippen

615
1
10
32

0

votes

1 answer

Splunk Tomcat Data Report

I started working on splunk recently. I have couple of Apache tomcat servers and I want to analyze the logs and create the reports using the splunk tool. I went through all the basic documentation required for Splunk but still was not able to figure…

tomcat splunk splunk-query

asked Feb 14 '18 at 11:31

Rohan Kadu

1,311
2
12
22

0

votes

1 answer

Splunk: Removing all text after a specific string in a column

I have a field where all values have the following format: Knowledge:xyz,id:2907129 The id number always changes, however, all I want is the value of xyz. I used the following to remove "Knowledge:"e eval url=replace (url, "Open_KnowledgeZone:", "")…

splunk splunk-query

asked Feb 14 '18 at 11:11

wra

237
4
7
18

0

votes

1 answer

Splunk search no subsearch

I have events something like: { taskId:5a6d category:created when:1517131461 ... } { taskId:5a6d category:started when:1517131609 ... } { taskId:5a6d category:ended when:1517134657 ... } For each…

splunk splunk-query

asked Feb 02 '18 at 08:24

Renbo Jiang

13
3

Questions tagged [splunk-query]