Splunk Search

Discussions

Thread Info

Comparing version number for multiple hosts in index

I have an index that ingests scan files and assigns a sourcetype based on the folder location. There are several scan...

by Path Finder in

Splunk Regex help

Hi, I have the search returning the event Nov 10 23:45:3 8888888 Tra[9100]: { EventName: "Error Occurred", BatchId...

by Loves-to-Learn in

Email from Splunk

I have splunk search - index=cloud EventName: "Error Occurred" XChangeToSalesForce | rename message as "Message" _tim...

by Loves-to-Learn in

Can streamstats reset_before (or reset_after) be used with a by clause?

Hi, I have a search similar to this one: index=* login user=* (result="Success" OR result="Failed") | reverse |...

by Communicator in

Filter Events that show value x and y by one that have matching z

I am searching a source that has events that have FieldA and FieldB. I need to find which events that have specific...

by New Member in

How do i create a 3-event transaction, starting with event A, ending with event A, but always has event B inbetween?

I have 2 types of events that come in the following, random, format: AAAAAAABAAAAAABAAAAAAAAABAABAAA B's never r...

by Engager in

join replacement with stats

OK, I'm trying to improve performance by replacing some join queries with stats, but struggling on a filter.I have th...

by Path Finder in

search for a string containing any substring that is typed in the text input

Hi all, I have a text input for a table header. My requirement is , by default the table should show all the values...

by Path Finder in

Timechart based on max count of 3 fields

I was given a base search to manipulate and create Timechart accordingly. base search| eval file_line = file.":".li...

by New Member in

Need Help with lookup using variable

Hi,I have index data as below and i have kvstores per each account which has additional info. Example Scenario (accou...

by New Member in

Trellis Search

Splunk's VisualizationTrellis documentation page shows example searches for things like count by sourcetype, and late...

by New Member in

Compare field with column of lookup table

Hi all, I have this need, compare a field with a series of error codes. I would not like to write in the search, any ...

by New Member in

Tracking failed logins followed by successful logins using the transaction command

Hello, I am trying to track failed logons followed by a successful one using the transaction command and the follow...

by Engager in

Search types and bloom filters

Hi there,I'm sitting here trying to make sense of the different search types in Splunk (i.e. Dense, Sparse, Super-spa...

by New Member in

Need help in extraction

Hello team, I am facing an issue while trying to extract the below events. Please help in this. Event: ...

by Path Finder in

Combinding two searches into one

Hello all, I do appreciate this question has been asked several times, but I am struggling to understand how to lin...

by Observer in

Join two data sets to report their event times

want to report a pattern for each day and grab event times from different logs for that pattern , tried something lik...

by Engager in

Search for a specific pattern and report earliest and latest occurence of that each day

Team - looking for ideas how to achieve the below scenario Query 1 - get list of unique patterns for each day Q...

by Engager in

How to show markers on a map?

I have many different machines that move around the country (USA), each with its own GPS lat and long coordinates. I'...

by Engager in

Add value from sub search into the result set of the main search

I've a sub search on an SMTP log to get all TO and FROM values together with the status. Unfortunately TO and FROM ar...

by Engager in

Splunk Search

Discussions

Comparing version number for multiple hosts in index

Splunk Regex help

Email from Splunk

Can streamstats reset_before (or reset_after) be used with a by clause?

Filter Events that show value x and y by one that have matching z

How do i create a 3-event transaction, starting with event A, ending with event A, but always has event B inbetween?

join replacement with stats

search for a string containing any substring that is typed in the text input

Timechart based on max count of 3 fields

Need Help with lookup using variable

Trellis Search

Compare field with column of lookup table

Tracking failed logins followed by successful logins using the transaction command

Search types and bloom filters

Need help in extraction

Combinding two searches into one

Join two data sets to report their event times

Search for a specific pattern and report earliest and latest occurence of that each day

How to show markers on a map?

Add value from sub search into the result set of the main search

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>

Need Help with lookup using variable

Search types and bloom filters

Improve Speed of Correlation Search

"StatsFileWriterLz4 file open failed" error after ...

Several subsearch with metrics index

Splunk Search

Discussions

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>