Splunk Search

Discussions

Thread Info

How to create flexible search strings?

Hello Experts, I am wondering is there any ways to make the search strings flexibly? Like I have multiple queries a...

by Explorer in

Subtract the Results of one search from another search

Search 1 : index=index_123 (msg="*xyz*") | rex field=msg "results\":{\"(?<abc1>.*)\" *" | stats values(_time) as abc1...

by Observer in

create an alert from two diffrent events

We are looking to create an alert that will trigger if two distinct events happens. The first event is a DB health ch...

by New Member in

Lookup table help

Hello all, Looking for some help integrating a lookup table into my failed login search. What I am trying to achiev...

by New Member in

Remove additional timestamp from the logs

Hi All i have onboarded linux logs from S3--> Splunk . I found additional timestamp is getting attached to the even...

by New Member in

List all Splunk Servers with a REST search command

I know this has been probably asked before, but I didn't found an answer yet. Is there any way to know which are al...

by Communicator in

append or multi search

Trying to make search more efficient. Any tips? Would multi search work more efficiently?index=<myindex> sourcetype=...

by Engager in

How to set span for 1day and 2 hours?

This my query i have some challenge in the log.The thing is my daily job will start at 11PM.If the job runs succesful...

by Communicator in

Splunk savesearch expires but still running

Hi I would like to ask why is the Splunk Realtime Savesearch still running even it's expired. Also whats...

by Builder in

find other results using search results from first query

its been a while since I've worked with splunk I have an error detail that I can search in splunk: index=* er...

by New Member in

Timechart count by a changing field name

I receive a new csv file every day in the following format: color 1/22/20 1/23/20 1/24/20 1/25/20 yellow 1 ...

by Path Finder in

external_lookup.py is missing

Hi, I'm trying to setup a DNS lookup following the instructions her: https://docs.splunk.com/Documentation/Sp...

by Explorer in

How to exclude the private ip range

I try to exclude the private ip range with command | search NOT ( src=10.0.0.0/8 OR src=192.168.0.0/16 OR src=172.16....

by Engager in

How to use makemv with tokenizers while keeping non-matching events?

Hi, I have events similar to this example: 1) date1, id1, misc 2) date2, id2, misc 3) date3, , misc 4)...

by Engager in

How do you use regex to escape a backslash?

Hi, I have the following regex which works on regex101, but gives me an error when I try and use this within a Spl...

by Path Finder in

Event Spliting

How to split the combined events into each row of that combined event? The data that I got is from FTP Inputs using...

by Engager in

Can i display panel with Even or Odd Click on chart ?

Hi all, Can i display left and right panel based on Even or Odd Click ? For example, I have a chart. And a row ...

by Loves-to-Learn in

How can we compare two dynamic field values from two lookups

Hi All, I am urgently looking for a help . I have one field object_name which is present in lookup X1.csv and has v...

by Observer in

How to timewrap using the last 1 hour and check the same hour for previous 7 days

Hi everyone, I want to create an alert which runs every hour, checks the last 60 minutes of events to get the count...

by Explorer in

Stuck yet again. percent difference between two searches

So i have this search: index="sense_power_monitor" | where 'usage_info.solar_w'>=0 | bin _time span=1h ...

by Path Finder in

Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.

Splunk Search

Discussions

How to create flexible search strings?

Subtract the Results of one search from another search

create an alert from two diffrent events

Lookup table help

Remove additional timestamp from the logs

List all Splunk Servers with a REST search command

append or multi search

How to set span for 1day and 2 hours?

Splunk savesearch expires but still running

find other results using search results from first query

Timechart count by a changing field name

external_lookup.py is missing

How to exclude the private ip range

How to use makemv with tokenizers while keeping non-matching events?

How do you use regex to escape a backslash?

Event Spliting

Can i display panel with Even or Odd Click on chart ?

How can we compare two dynamic field values from two lookups

How to timewrap using the last 1 hour and check the same hour for previous 7 days

Stuck yet again. percent difference between two searches

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.

Share your experience in our
Career Survey Now!

Lookup table help

How to set span for 1day and 2 hours?

Event Spliting

DBSCAN Cluster Visualization Interpretation, Machi...

Retain special characters at the end of field valu...