Splunk Search

Discussions

Thread Info

Find the least and most occurrence in a field -- populating in the same row

I have three log transactions containing following extracted fields - all joined together by a common transaction id ...

by Explorer in

How can I eliminate characters or words from the result?

I have an output that looks like this: AV_DATE=Jan-1-2018 I want to be able to just display the date as so: Jan-1-...

by Engager in

How to create an interesting field by parsing host name

my index has events from many hosts. The hosts names contain information about what environment the host is part of. ...

by Explorer in

Can there be nested multireport commands?

I am using the multireport command to help manage some external lookup and caching. When I use one multireport comman...

by Path Finder in

Display a users time in portal by day

Splunkers, I'm attempting to display how long a user as spent in our training portal over the last 30 days. Sea...

by Path Finder in

How to to take median of number of users logged in past 1 hour

index=XXX sourcetype="XXX-log" opName="LoginUser" earliest=-60m latest=now() | bucket _time span=10m | timechart...

by Path Finder in

Timechart query with multiple values after "by"

I have similar json input as below, every minute similar blocks of data is send to index. I am plotting timechart ...

by Path Finder in

how to display _time

hello I have tow problems 1 I export my search result to csv file but when I open it the time just display lik...

by New Member in

how to display time rightly in csv file

hello I export my search result to csv file but when I open it the time just display like this 1.52E+09 ...

by New Member in

How to create a new field and assign value to it on the basis of sub query result?

Hi all, I am almost near to my requirement and there is just one issue that I am facing. I am having 2 columns from a...

by Path Finder in

Need to get latest sets of events

I have a dbinput configured to pull data from SQL table on a daily basis. So I am getting few events each day in a in...

by Explorer in

How to create a query for below scenarios?

field="URL1 OR URL2 OR URL3" I need to search each URL in . If the search is returns values, count >0 then it's Pa...

by Explorer in

Most Recent Series of Events Selection

I have a series of tests that are performed at random times throughout the week. There are a total of 12 events. Each...

by Engager in

Finding duration, average time, maximum time for specific logs

The logging that we do is not perfect hence need some help. Log 1 (request) - {"date":"19-04-2018 21:40:11,221", ...

by Explorer in

Need help creating a regex to grab anything after last comma

Hi, Hope someone can help me with creating a regular expression for an extraction. I have a log file and the lines...

by New Member in

How to find the max value based on the rows?

Hi all, I want max value by row wise not max (field name) **Date** **shiftA** **shiftB** **shift...

by Motivator in

How to search start dot whatever?

If I wanted everything with a .wav extension returned how would I format this? index="myindex" AttCnt=* AttNames=*...

by Communicator in

Use different lookups based upon environment in same search

How can I use same search for 2 different lookup? For ex: lookup_qa.csv and lookup_prod.csv. I wanna use them in sear...

by Path Finder in

How do I sum the price of a product for repeating XML fields in a single event?

Here is a sample section of the XML Data I am attempting to sum: <Product> <ProductItem>1</ProductItem>...

by New Member in

Is it possible to update _raw with a replaced field easily?

When I use replace to update a field, it is updated properly (in the interesting fields sidebar) but my search displa...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Find the least and most occurrence in a field -- populating in the same row

How can I eliminate characters or words from the result?

How to create an interesting field by parsing host name

Can there be nested multireport commands?

Display a users time in portal by day

How to to take median of number of users logged in past 1 hour

Timechart query with multiple values after "by"

how to display _time

how to display time rightly in csv file

How to create a new field and assign value to it on the basis of sub query result?

Need to get latest sets of events

How to create a query for below scenarios?

Most Recent Series of Events Selection

Finding duration, average time, maximum time for specific logs

Need help creating a regex to grab anything after last comma

How to find the max value based on the rows?

How to search start dot whatever?

Use different lookups based upon environment in same search

How do I sum the price of a product for repeating XML fields in a single event?

Is it possible to update _raw with a replaced field easily?

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

How to convert a large number to string with expre...

Need help on Dashboard related issue?

Why does Walklex return spaces before some of the ...

Why won't Walklex timespan follow time specificati...

How to use MLTK to tune DNS Query Length Outliers ...