Splunk Search

Discussions

Thread Info

How to calculate average and percentage for fields with only names?

Good Day splunkers. I have a query where i want to calculate the number of times a name came on the field, the averag...

by Communicator in

How to configure an event line break?

I have syslog file like this: Mar 21 06:48:23 10.171.134.200 Mar 21 08:10:00 10.171.134.200 AlteonOS : 1.1.1.34 ...

by New Member in

Planned outage graph logic

I want to build a logic for SEARCH-2 My SEARCH -1 Gives me start and End time stamp of a Planned Outage. My SE...

by Path Finder in

how do I filter the error logs of that particular container?

I have configured splunk with http event collector on docker, so I am storing the logs of all the container into splu...

by Engager in

Using lookup table on multivalue field to exclude events

I've found some variations on this issue but nothing exactly the same. Go easy on me... I'm dealing with events th...

by Path Finder in

How to search losing events as number of events increase?

I have a search that compares an expanded multi value field against a lookup table and returns those events where at ...

by Path Finder in

How would I remove duplicates but add up their counts?

I have two sources of data. One that has an Account Name, License Key, and Account Revenue. The other has License Key...

by Explorer in

Corelating independent searches.

I have 2 absolutely independent searches. Search-1 gives me the availability of server throughout the day. Sample ...

by Path Finder in

change column name with specified new column value in Splunk

Hi, I am having correct value in current field and want to use that value as column name which is currently showin...

by Path Finder in

How to sort by field?

I am trying to get the highest used process percentage by user, however, I am unable to sort by the field I want to. ...

by Path Finder in

How to create a regex to return events with specific usernames in a field?

I am trying to create a search that returns only those events that have a specific username (or part of a username) i...

by Explorer in

Does full key value not extract properly if it starts with a number?

I have created a new log message that looks like 2018-06-27 11:28:01,743 WARN TestReporting , id="LJ99YUT5F1K", tr...

by Path Finder in

How to get time between events during a search?

Hi everyone, Recently I faced some issues when I try to do an advance search. My problem : I need to create table ...

by Engager in

How to filter table results?

Hi all! I have a table as a search result: date Country cs_username 2018-06-12 Mexico mendoza 2018-06-12 ...

by Path Finder in

How to ignore days with no data in timechart?

Hello, I want to be able to ignore days where data was not collected. I am using the following search: index="x...

by Explorer in

can anyone direct me to an autolookup example please?

does anyone know where I might be able to find a 'dummies' guide to autolookup, with a simple example if possible? I ...

by New Member in

Cannot transform string with regex

Hi I am trying to transform a couple of strings that are being capture in my Splunk logs The string are similar...

by New Member in

assign value from subsearch to outer search eval

I want to get a value from subsearch assigned to outer search. I am trying like this index=OUTER sourcetype=OUTER_...

by Path Finder in

Enchance search results with subsearch on different sourcetypes? (DNS src ip & timestamp with DHCP ip & timestamp)

Hello Splunkers! For some time I'm trying to figure out how to feed results of a DNS blacklist check versus DHCP l...

by Explorer in

How do I remove all 1 and 2 character words from a field?

Hello, I have a string field containing many words and I would like to remove all 1 and 2 character words from it. Ho...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to calculate average and percentage for fields with only names?

How to configure an event line break?

Planned outage graph logic

how do I filter the error logs of that particular container?

Using lookup table on multivalue field to exclude events

How to search losing events as number of events increase?

How would I remove duplicates but add up their counts?

Corelating independent searches.

change column name with specified new column value in Splunk

How to sort by field?

How to create a regex to return events with specific usernames in a field?

Does full key value not extract properly if it starts with a number?

How to get time between events during a search?

How to filter table results?

How to ignore days with no data in timechart?

can anyone direct me to an autolookup example please?

Cannot transform string with regex

assign value from subsearch to outer search eval

Enchance search results with subsearch on different sourcetypes? (DNS src ip & timestamp with DHCP ip & timestamp)

How do I remove all 1 and 2 character words from a field?

User Groups | Upcoming Events!

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

How to merge two very high volume index into one?

multi-level nested JSON to table?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?

How to configure alert when a service is in failed...