Questions tagged [splunk]

Splunk is a tool for collecting, monitoring, visualizing and analyzing machine data from any source. You may receive faster responses at answers.splunk.com which is actively monitored by Splunk employees

Splunk

You may receive faster responses at community.splunk.com which is actively monitored by Splunk employees

Splunk is a tool for collecting, monitoring, and analyzing log files from servers, applications, or other sources. The primary features of Splunk include:

Collecting logs from multiple sources into a single location to allow for use without needing to access individual servers.
Parsing of logs with arbitrary formats, including free-form logs with no defined fields
Advanced querying of logs, including
- combining results from different sources
- filtering based on identified field values and pattern matching
- analyzing records using statistical and mapping functions
visualizing real-time data
the ability to create dashboards of various visualizations

The name "Splunk" comes from a rewriting of spelunking, a cave exploring hobby.

Splunk is available as both an enterprise application that runs on your servers (with a free tier) and a hosted service known as Splunk Cloud.

Useful links

2246 questions

votes

1 answer

Separate multiple search values with an OR clause with Splunk?

I have a text box in a Splunk dashboard, and I'm trying to find out how I can separate values entered into the text box that are separated by commas with an OR clause. For example: values entered into text box: 102.99.99, 103.99.93,…

splunk splunk-query splunk-dashboard

asked Oct 25 '22 at 14:52

YouKnowWhyImHere

votes

1 answer

Splunk: Use output of search A row by row as input for search B, then produce common result table

In Splunk, I have a search producing a result table like this: _time A B C 2022-10-19 09:00:00 A1 B1 C1 2022-10-19 09:00:00 A2 B2 C2 2022-10-19 09:10:20 A3 B3 C3 Now, for each row, I want to run a second search, using the _time value…

splunk splunk-query

asked Oct 19 '22 at 09:42

rikinet

votes

2 answers

Exclude string from matched result in regex

I am trying to capture subject from following string but excluding \r\n from the matched result using regex. The string: Sep 20 02:00:00 127.0.0.1 TestHost: Info: MID 123456 Subject "[Notification] - System 1234 [hostname] -\r\n SERVICE_STARTED…

regex regex-group splunk

asked Oct 19 '22 at 09:21

Splunkerdot

votes

1 answer

Splunk how to display multiple stats queries in table?

I am new to Splunk and don't quite manage to formulate a Splunk query in order to get the exact results I want: I have server logs that are something like this: clientIP instanceID serviceType error I have three queries that I would like to display…

splunk splunk-query

asked Oct 19 '22 at 07:49

Ric Had

votes

1 answer

Splunk - Displaying addcoltotals into its own column

I have a report where I am working with event logs. I have created a table with fields that are extracted from the event logs. This is my splunk query: | stats count as Total_by_Requester values(*) as * by Requester_Id | table Type_of_Call LOB…

splunk splunk-query splunk-calculation

asked Oct 18 '22 at 18:39

ashu mallik

votes

0 answers

Create Custom Alert Action on Spkunk

I want to create custom alert action on Splunk that will ingest saved searches from splunk to my software. I have gone through the documentation: https://docs.splunk.com/Documentation/Splunk/latest/AdvancedDev/ModAlertsIntro My issue is I want some…

api splunk

asked Oct 10 '22 at 05:48

Mushk Nizam

votes

1 answer

Why doesn't splunk convert log in json format to json

I set up a cluster on AWS EKS and use cloudwatch to send its stdout logs to a Splunk service. I want to do complex search on the log and draw dashboards in Splunk. I got splunk output k8s container's stdout in the following message. The kubernetes…

json amazon-cloudwatch splunk

asked Oct 10 '22 at 04:31

Mike

1,841
2
18
34

votes

1 answer

Alert setting, in case of a large interval between messages

Good afternoon! I receive messages from systems on splunk, several messages from one system line up in a message chain. As a rule, six messages from one system line up in a chain of six messages. By message chain, I mean that splunk receives six…

splunk splunk-dashboard

asked Aug 30 '22 at 13:49

Andrew Metelkin

votes

1 answer

Filter a result set to include only the top 99.9% of values in Splunk, preferably without a subquery

I am querying the access logs to a service. I want to build a scatter plot where the X axis is the total number of requests in that hour, and the Y axis is how many times a particular request (category) was made in that hour. To do this, my output…

splunk

asked Aug 16 '22 at 21:33

John Arrowwood

2,370
2
21
32

votes

0 answers

How can I update the value in a multiselect or checkbox when the related token value is updated? (Splunk-Enterprise)

I have a Dropdown token being used as the in a Multiselect input. The Multiselect seems to only set the tag's value during dashboard initialization. I can get a change in the dropdown to take effect on the Multiselect when refreshing the page in…

xml splunk splunk-dashboard

asked Aug 08 '22 at 20:25

triscut

votes

1 answer

Splunk join two query to based on result of first query

In Splunk query I have two query like below Query 1- index=mysearchstring1 Result - employid =123 Query 2- index=mysearchstring2 Here I want to use employid=123 in my query 2 to lookup and return final result. Is it possible in Splunk?

splunk splunk-query splunk-formula splunk-cloud

asked Jul 21 '22 at 01:38

Java hunger

votes

1 answer

SignalFX detector data().count() based on condition

Is it possible to implement count() MTS based on condition? For instance: We need to monitor the amount of time RDS CPU picks the point of 95% for the last 3 days. A = data('CPU_Utilization').count(...when point > 95%). detector(when(A >…

splunk signalfx

asked Jun 22 '22 at 10:47

calm27

votes

1 answer

How to extract the data present in {} in Splunk Search

If the data present in json format {[]} get extracted, however when data present in {} as shown below doesn't behave same. How fields and values can be extracted from data in {} _raw data: {"AlertEntityId": "abc@domai.com", "AlertId":…

splunk splunk-query splunk-dashboard

asked Jun 13 '22 at 06:33

zen29d

votes

1 answer

Split the graph containing multiple records in Splunk

Hi everyone I have problem with visualising the graph with my data. Here's my example that works fine because I guess the time range is the same (date + time) while my actual log data on Splunk is just the date. | makeresults | eval raw="10, 2,…

graph charts splunk

asked Jun 01 '22 at 14:34

Dragan

votes

1 answer

How to format splunk graphs to show multiple lines (one line for each method)?

I am new to splunk reports, I am trying to achieve the following: I want to generate splunk logs report (graphical) for API performances with execution time on x-axis and method names on y-axis. I am trying to run following…

splunk splunk-formula

asked May 30 '22 at 11:15

avani kothari

Prev 1 2 3

…

99 100 Next