Stack Overflow
Stack Overflow

Questions tagged [splunk-query]

697 questions
-1
votes
1 answer

Summary Index In splunk

can you please help me with time stamp of summay index.. we having disk space issue and we are clearing the old logs . but we want keep some field data so if will schedule a SI then does it will add the data from last 1 month at one time ..then why…
supriya
  • 21
  • 1
  • 6
-1
votes
1 answer

Splunk command to check if current search is greater than x% of previous search

I want to know how to write search query in Splunk in order to check if the current search is greater than 20% of previous search. I am getting events on a particular count every 10 min. I want to check if my current count (for the last 10 min) is…
Geethu Thomas
  • 1
-1
votes
1 answer

how to make a dashboard and query in splunk

I am new in splunk and only have a basic knowledge in querying. I need to create a dashboard that will count the total number of policy for each server. I have an example data, it shows the different host and policy. Example data: I want to…
hannah
  • 41
  • 7
-1
votes
2 answers

Extract Values from a field

I need to extract the whole value from a field I have tried different Regex patterns and it did not work and was wondering if there was a simple way to do this. Here's an example Splunk Event HelloSample=My tool is too picky and has a hard…
Prozac
  • 1
-1
votes
1 answer

Splunk query to filter results in IIS log to identify CRYPT_Protocol values less than 400

I am trying to find a regex expression to help filter splunk results from ingested IIS logs such that when the CRYPT_PROTOCOL response is less than 400 it is displayed.
Patrick H.
  • 1
-1
votes
2 answers

Regular expression splunk query

I have a line containing [India,sn_GB] Welcome : { Name:{Customer1},Place:{Mumbai},} I want to print the entire line after sn_GB] in splunk, which is Welcome : { Name:{Customer1},Place:{Mumbai},} I used the below regular expression:…
Chinchan
  • 19
  • 1
  • 11
-1
votes
1 answer

how can I find all dashboards in splunk, with usage information?

I need to locate data that has become stale in our Splunk instance - so that I can remove it I need a way to find all the dashboards, and sort them by usage. From the audit logs I've been able to find all the actively used logs, but as my goal is…
stuck
  • 2,264
  • 2
  • 28
  • 62
-1
votes
1 answer

How to run Splunk stats command to get answers

Anyone please tell me how to execute commands - stats to produce a report on the numbers of times the GAMES equals to FOOTBALL?
Akshray Kc
  • 1
-2
votes
0 answers

Splunk: Long running events

Each call in my application contains a unique identifier. Want to list down all the current calls which are running for more than 100 seconds in the system.
moovon
  • 2,219
  • 1
  • 17
  • 15
-2
votes
1 answer

How to create a report in splunk when searching with a specific keyword

I have an API onboarded to splunk and the API logs are streamed to Splunk as well. I need to create a report for the time taken by the external APIs. With this basic search command I'm able to get list of external API calls but when I try to use rex…
Spartan
  • 339
  • 1
  • 3
  • 14
-2
votes
1 answer

Not able to render a Splunk Table for events

I am currently writing a Splunk Query to pull a report over the events and I am using this now to do it and it has to be using table only index=1234 source="/apps/logs/*.log" AND "logType=API_RESPONSE" | spath input=request | spath input=response |…
Pavan_Yalamanchili
  • 1
-2
votes
1 answer

Splunk :find percentage of top 1000 in splunk

How can we get percentage of top 1000 values along with some more field .. i have tried below but its not working .. |eval percent=round(count/total*100,1000) | eventstats count(src) as total | iplocation src| stats count by src , dest , msg ,…
supriya
  • 21
  • 1
  • 6
-2
votes
1 answer

Splunk generate a random events

I'm a rookie in Splunk. I am using it for the first time. I noticed that if the interval value is 60, it generates 2 events every minute. This confused me. Is it a known situation?
sisodo8186
  • 1
-2
votes
1 answer

Need table o/p with each FROM_IP its related uid

index=name conn "connection from" [search index=name [| inputlookup UIDlist.csv |rename UID AS uid | fields uid ] "BIND" | fields conn ] | rex field=_raw "connection from (?\d+\.\d+\.\d+\.\d+):" …
Misrty vib
  • 9
  • 6
-2
votes
2 answers

Splunk get inner Query results with in the time frame provided by outer Query

Successfully scheduled PushNotification in UserMessageChanelMap LINK_MORE_ACCOUNTS |eval fields=split(raw,"|") | eval messageKey =mvindex(fields,2) |eval num=mvindex(fields,5) | table messageKey_, num | eval scheduledDate = replace(num,…
Sahithi Mamidi
  • 53
  • 4
1 2 3
46
47