Splunk Search

Discussions

Thread Info

How to connect two different indexes by unique item code showing count / percent (with match) & (without match)?

I have 2 indexes. 1st index (Index1) has a unique item code (Item1) for an item when it enters a process. 2nd index (...

by Explorer in

How to remove common field values after join?

I have two indexes. I can join them and see the results based on a common field. I want to see only the results in th...

by Contributor in

How to onboard csv files using Monitor with specific requirements?

I have .csv file which would be on-boarded into Splunk using Monitor. It has two specific requirements as below: T...

by Path Finder in

How to extract multiple values from a single field, if they exist, with regex?

I have some fields within Splunk that are showing 1 to many values. One log may have the following: sig_names="...

by Explorer in

How accurate is iplocation for cluster map use?

I have fortigate logs for which I have a high level of confidence that the srccountry values are correct. I select...

by Path Finder in

Problem executing ORACLE subquery in DB Connect...

I'm running into a problem when executing a subquery in DB Connect. When the query is executing through SQL Devel...

by Explorer in

Sum of field but grouped by another field Values

I have the following values: OS= ex. windows, linux CPUCount= ex. 4,8,16 MemoryCount= ex. 8,16,32 PhysicalVirtual=...

by Explorer in

Are there any limitations of search string length or of count of conditions, or it is specific to cidrmatch only?

Hello Team, I facing an issue when executing the search on the dashboard. Search Logic: I have a Network KV St...

by SplunkTrust in

How to combine multiple, different fields from 2 different sourcetypes into 1 stats table?

I have been searching through all of the similar questions on this site, and I believe my problem is that I have 2 di...

by Path Finder in

How to extract field name containing square brackets, "conn[SSL/TLS]=23832"?

I have an auto-extracted field name of "conn" (conn=12345), but if the connection is SSL, then the field name becomes...

by Engager in

What is the difference between PercentIdleTime and pctIdle when looking at CPU (index=os)?

What is the difference between PercentIdleTime and pctIdle when looking at CPU (index=os)? I have looked up for answe...

by New Member in

Help on formula

hi i use this code to monitore the hdd free space index="perfmon" sourcetype="perfmon:logicaldisk" instance=c: co...

by Motivator in

Getting Now skipping indexing of internal audit events, because the downstream queue is not accepting data

We have set up a new system with 6 indexers and 3 search heads, we have just barely started putting in data and we ar...

by Path Finder in

date generation is wrong using gentimes

Hi, I am using below code snippet to generate previous 12 months. | gentimes start=-365 end=-0 increment=0d | e...

by Communicator in

how to make a transaction using same id that has enclosed in different patterns

I need to combine two events together as transaction: 1) request event has 123 2) response event has 345123 I'd like ...

by Explorer in

How to write a query using the stats earliest and stats latest ?

How to place the "earliest and latest " functions ? Can anyone provide an example of such a query with the output !

by New Member in

Force milliseconds into _raw when milliseconds not in source file time stamp

When have some queries where milliseconds are important. There is no difficulty if the ms value is stored in the inde...

by Path Finder in

How to write queries for below condition ?

Hi, we have hosts a,b,c,d,e,f hosts looking for visualizations ? 1)Trend count of all "filedname " per week for la...

by Communicator in

How to create an INPUTLOOKUP that matches field1 but NOT field2?

Hello, I am trying to perform a search against a lookup table that contains 2 columns (RDOMAIN and SDOMAIN). I would ...

by New Member in

Stats count on list of values from lookup and how many times they are displayed in the results.

I am currently running a dashboard with a datamodel. The dashboard is run against bulk IOCs from a lookup. How can I ...

by New Member in

How to add results from stats value?

Hi I have a field called department, on that field i have multiple values like department=Production for Medi...

by Explorer in

IPLocation: how to use with both src-ip and dest-ip?

Hello, I know how to use the iplocation command to obtain geo ip information for a single field, for example: s...

by Builder in

Create alert that checks every 30 mins if the attempt to FTP file to another host fails 3 times in a row?

Goal: If "[FATAL]" FTP message to same destination host "host-xyz" is found 3 times within 1 minute, then trigger ale...

by Path Finder in

stats, empty columns and fillnull

I've problems not only with fillnull in this search which doesn't fill my columns with 12. If I add "| table *" after...

by Explorer in

Transaction Question

Trying to calculate the duration between two log messages, have found many resources online but nothing seems to work...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to connect two different indexes by unique item code showing count / percent (with match) & (without match)?

How to remove common field values after join?

How to onboard csv files using Monitor with specific requirements?

How to extract multiple values from a single field, if they exist, with regex?

How accurate is iplocation for cluster map use?

Problem executing ORACLE subquery in DB Connect...

Sum of field but grouped by another field Values

Are there any limitations of search string length or of count of conditions, or it is specific to cidrmatch only?

How to combine multiple, different fields from 2 different sourcetypes into 1 stats table?

How to extract field name containing square brackets, "conn[SSL/TLS]=23832"?

What is the difference between PercentIdleTime and pctIdle when looking at CPU (index=os)?

Help on formula

Getting Now skipping indexing of internal audit events, because the downstream queue is not accepting data

date generation is wrong using gentimes

how to make a transaction using same id that has enclosed in different patterns

How to write a query using the stats earliest and stats latest ?

Force milliseconds into _raw when milliseconds not in source file time stamp

How to write queries for below condition ?

How to create an INPUTLOOKUP that matches field1 but NOT field2?

Stats count on list of values from lookup and how many times they are displayed in the results.

How to add results from stats value?

IPLocation: how to use with both src-ip and dest-ip?

Create alert that checks every 30 mins if the attempt to FTP file to another host fails 3 times in a row?

stats, empty columns and fillnull

Transaction Question

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions