Splunk Search

Discussions

Thread Info

How can I create a search on count of unique entries for a given field, by a given field in MAC?

At first glance I thought I could easily create this query, but I have been humbled. My logs have got tons of MAC add...

by Path Finder in

How to reorder _raw then dedup on _raw of the form?

Hi everyone I am performing a dedup on raw of the form: index=cisco_ucs host=KSCUCS2 splunk_server="spn2stl*" ...

by New Member in

Inputlookup append=true vs append [|inputlookup ] behavior difference

I saw a previous question dealing with this, but that question never got an accepted answer, and I think it was suffi...

by Champion in

How can I extract the regex statement that captures every line under a field until the empty line that divides the lists?

List of policies: policy1 policy2 policy3 Another list: something1 something2 How can I extract the each na...

by Communicator in

Regex AND Operator

I thought ?= acts like an AND operator. Condition would be to capture words with >5 Upper-Case AND 4 Lower-Case a...

by Contributor in

What is the best way to calculate date and time span?

Hello What I am trying to do is calulate dates and span. So I have a date called "Date Due" and a field "SLA". What ...

by Communicator in

Eval=case not working

Probably a simple one but......my Eval case statement does not seem to work correctly ...| eval operation=case(Ta...

by Path Finder in

iframes and views

Hi Team, We got a request to enable x_frame_options_sameorigin = [False] . Since currently they couldn't able to v...

by Path Finder in

Joining two records from a csv file based on a column

I am working on a monitoring tool where in I have to monitor the job completion and calculate the estimates in accord...

by Explorer in

whats the rex command to filter the special characters and extract only required fields?

Hello experts, logs looks something like this.. (java.lang.RuntimeException: java.util.concurrent.ExecutionExce...

by Explorer in

addtotal ignoring a particular row

Current output is attached in the image. i have one input lookup file file1.csv 1) Rows 2-4 are coming are coming fro...

by Communicator in

How do I include lower and upper limits in chart?

Hello Spunk Community! I have a set of data when plotted it has the shape of a bell curve. I want this data plotted o...

by New Member in

I am not able to find a few lines of my data in Splunk

If I see the file on the server, it has the data. But in splunk, I am able to see all the data except for a few lines...

by Path Finder in

search the request if only it presents in certain date range

I have a field called "request", I want to output all the log lines in history if the request value presents in certa...

by New Member in

IF with some conditionals

I guys! i would like to count the fail and success logons on my SFTP. The events are Successfull Logins from differen...

by Path Finder in

transaction with 2 different valued ID's

I have a set of wordpress tables I'm trying to build a transaction on. I have the following which is working well and...

by Explorer in

Search query with like() func ignoring case

Hey all, need some help to something I didn't manage and couldn't find any solution online. Assuming my data is of...

by Engager in

Can this query be made faster?

I am trying to summarize network traffic logged by our firewall to determine the factors that have made our index usa...

by Builder in

Table of results with transactions levels of durations

Hi, how can we generate the below table statistics for transactions durations? X=duration Date, TotalNumberO...

by New Member in

Delete a search-time field after extraction

I have a set of logs that require a pretty complex set of regexes to parse. The data has about 8 columns separated by...

by Builder in

best way to build asset inventory and compliance

i wanted to build a list of assets and based on periodic searches update items we are checking for compliance such as...

by Path Finder in

Creating a stacked bar chart

I feel silly asking this question as I think it should be relatively straight forward, but I am not able to get the f...

by Path Finder in

IP address of current user?

I'm trying to write a query to display the IP address of the current user. Anyone know how to do this?

by Communicator in

transaction function and deduping mv values

Is there an efficient way to mvdedup on all fields at once? Result is from transaction. Rather not convert to stats i...

by Path Finder in

Find number of days between date and now()

Hello trying something I assume is pretty easy just cant get it right for some reason. I have a field called "Due Dat...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I create a search on count of unique entries for a given field, by a given field in MAC?

How to reorder _raw then dedup on _raw of the form?

Inputlookup append=true vs append [|inputlookup ] behavior difference

How can I extract the regex statement that captures every line under a field until the empty line that divides the lists?

Regex AND Operator

What is the best way to calculate date and time span?

Eval=case not working

iframes and views

Joining two records from a csv file based on a column

whats the rex command to filter the special characters and extract only required fields?

addtotal ignoring a particular row

How do I include lower and upper limits in chart?

I am not able to find a few lines of my data in Splunk

search the request if only it presents in certain date range

IF with some conditionals

transaction with 2 different valued ID's

Search query with like() func ignoring case

Can this query be made faster?

Table of results with transactions levels of durations

Delete a search-time field after extraction

best way to build asset inventory and compliance

Creating a stacked bar chart

IP address of current user?

transaction function and deduping mv values

Find number of days between date and now()

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown