Questions tagged [splunk]

Splunk is a tool for collecting, monitoring, visualizing and analyzing machine data from any source. You may receive faster responses at answers.splunk.com which is actively monitored by Splunk employees

Splunk

You may receive faster responses at community.splunk.com which is actively monitored by Splunk employees

Splunk is a tool for collecting, monitoring, and analyzing log files from servers, applications, or other sources. The primary features of Splunk include:

Collecting logs from multiple sources into a single location to allow for use without needing to access individual servers.
Parsing of logs with arbitrary formats, including free-form logs with no defined fields
Advanced querying of logs, including
- combining results from different sources
- filtering based on identified field values and pattern matching
- analyzing records using statistical and mapping functions
visualizing real-time data
the ability to create dashboards of various visualizations

The name "Splunk" comes from a rewriting of spelunking, a cave exploring hobby.

Splunk is available as both an enterprise application that runs on your servers (with a free tier) and a hosted service known as Splunk Cloud.

Useful links

2246 questions

votes

1 answer

Set priority in Splunk OpsGenie App that is accessible in OpsGenie

I have created some Splunk alerts and triggers OpsGenie succesfully via Opsgenie App, Now I would like to set priority in the alert. However a field related to priority is missing. These are the ones returned from the REST…

splunk opsgenie

asked Apr 06 '20 at 17:41

selle

votes

2 answers

Can I use splunk timechart without aggregate function?

https://docs.splunk.com/Documentation/Splunk/8.0.2/SearchReference/Timechart I tried several syntaxes but none is working. they all require aggregate function. My goal is to display a line chart, representing the value of an event field over…

splunk

asked Apr 04 '20 at 15:20

yww325

votes

1 answer

Splunk Universal Forwarder not sending data to Indexer

I am reading different logs from same source folder. But not all files are getting read, one stanza works other don't. If i restart the UF, all stanzas work, but changed data is not capturing by one stanza. files i am planning to monitor below…

splunk

asked Apr 02 '20 at 21:11

skv

votes

1 answer

Equivalent of Splunk's lookup in Kusto Query Language

I am trying to find the equivalent of Splunk Query Language's lookup command in Kusto Query Language. Please help.

azure splunk splunk-query kql

asked Mar 31 '20 at 16:15

Yatharth Dholakia

votes

2 answers

[splunk]: Obtain a count of hits in a query of regexes

I am searching for a list of regexes in a splunk alert like this: ... | regex "regex1|regex2|...|regexn" Can I modify this query to get a table of the regexes found along with their count. The table shouldn't show rows with 0 counts. regex2…

devops splunk

asked Mar 27 '20 at 09:36

user674669

10,681
15
72
105

votes

1 answer

getting the average duration over a group of splunk transactions

So I have some data in the format of Time | UUID | event_name_status | actual_important_log_time…

splunk splunk-query splunk-calculation splunk-formula

asked Mar 26 '20 at 16:46

splunkLearner

votes

1 answer

Splunk count consecutive events based on value?

I am facing an availability monitoring issue here. We do have a heartbeat set up in splunk which tells whether the app is up or not with status = 0 or 1 every minute. The thing is, that sometimes a fail occurs for one event (for no reason, since the…

count splunk

asked Mar 26 '20 at 11:41

Mari

votes

1 answer

How to authenticate an on demand API call made via splunk?

I am thinking of developing an API in Python using Flask library. I learnt the below. It has a /auth to just take any username and password and save it in database i.e. for registration. It has a /login to take username, password and validate it…

python api splunk

asked Mar 26 '20 at 08:06

SmiP

votes

2 answers

Can I use Splunk to analyse events from a Rails application?

Looking at Splunk, http://www.splunk.com, it looks like a very nice platform for analysing how a system is performing in relation to the actions users are taking. A Ruby on Rails implementation is provided, but it would seem to only offer…

ruby-on-rails ruby-on-rails-3 analytics splunk

asked May 21 '11 at 17:42

thomasfedb

5,990
2
37
65

votes

1 answer

regular expression, take first three lines or all lines less than 3 lines in splunk

In java, how to write a regex to take first 3 lines if there is more than 3 lines OR take all lines if there is less than or equal to 3 lines? I used the https://regexr.com/ to verify my own solution, failed. Then I asked the online chat group IRC…

regex splunk

asked Mar 24 '20 at 03:19

user84592

4,750
11
55
91

votes

1 answer

Splunk nested queries

I have the following query on splunk index="cusomerIndex" source=*client-api* "pending customer approval" This query gives me the following result msg: pending customer approval for customer1` I have another query on splunk index="orderIndex"…

splunk

asked Mar 23 '20 at 03:04

pandith padaya

1,643
1
10
20

votes

1 answer

regex parse multiple expressions

I have a requirement to parse part of url with multiple expressions using regex, expressions are like /abc/def (or) /z/a (or) /v/g. I have a regex that satisfies single expression, but not sure how to do for multiple expression.…

regex splunk

asked Mar 22 '20 at 22:53

Vipul

votes

1 answer

Splunk Query to update a query

I am working on a Splunk requirement, which is like the splunk script is scheduled to run every 15 mints from Mon-Fri for 30m. However they have a new requirement to run this script for 60m on Sat and Sunday alone. What are the changes to be done…

splunk splunk-query splunk-sdk splunk-calculation splunk-formula

asked Mar 22 '20 at 19:43

venkat

votes

1 answer

Splunk error specify atleast one named group

I am executing below splunk query. index=api sourcetype=api-warn environ::api-prod* | bin _time span=1h | rex mode=sed field=service_name "s#\..*$##" | rex field=requestPath "https://api.com.org.net/(abc)/(def)" | stats count(service_name) by…

splunk splunk-query

asked Mar 20 '20 at 14:21

Vipul

votes

1 answer

splunk query to concatenate status code for every hour

index=abc sourcetype=firststream-* env=* module=API type=Error error_level=fatal serviceName=MyService |bin _time span=1h | stats count by _time,serviceName,httpStatusCode output is displayed for every httpStatuscode in that hour. Instead, I want…

splunk splunk-query

asked Mar 18 '20 at 19:27

Vipul

Prev 1 2 3

…

99 100 Next