Splunk Search

Splunk query to list the events without date ?

pavanae
Builder

Also it would be great if anyone can lgive a search query to list out the top 10 hosts with those events?

Thanks in advance

0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

as already asked renjith.nair, Splunk always gives a timestamp to every log, you cannot have logs without timestamp.

I assume that you are using Splunk to create reports on non-event data probably from a DB (we sometimes used Splunk to do this).
In this case you have to know the period in which you ingested the data and use this time in the timerange to use in the the search.
After this you have to create a normal search like

index=my_index | top 10 host

Bye.
Giuseppe

View solution in original post

0 Karma

gcusello
SplunkTrust
SplunkTrust

as already asked renjith.nair, Splunk always gives a timestamp to every log, you cannot have logs without timestamp.

I assume that you are using Splunk to create reports on non-event data probably from a DB (we sometimes used Splunk to do this).
In this case you have to know the period in which you ingested the data and use this time in the timerange to use in the the search.
After this you have to create a normal search like

index=my_index | top 10 host

Bye.
Giuseppe

0 Karma

renjith_nair
SplunkTrust
SplunkTrust

Sorry but what you mean by events without date? Splunk assigns timestamp while it index data even though you haven't provide any timestamp. Could you please provide an example ?

http://docs.splunk.com/Documentation/Splunk/6.4.3/Data/HowSplunkextractstimestamps

Happy Splunking!
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...