Splunk Search

Discussions

Thread Info

How do I get two fileds "ip numbers" in an timechart?

Hi all,How do I get two fileds "ip numbers" in an timechart?I tried the aggregate fileds, but show up wrong in my vis...

by Explorer in

How to merge two searches without losing main search data?

Hi, I am having some troubles to merge two searches and I am looking for the best way to do this. We have firewall...

by Explorer in

Configuration Files in Default and Local App folders: How to create three sourcetypes?

Hello, I have one data source and getting feed through the inputs.conf file located under default folder and it is...

by Motivator in

charting.fieldColors option doesn't seem to work when fields have a colon in the name?

Hi, I have a graph which is produced by this timechart command: timechart max(duration) as TPS_MAX, sum(par_ne...

by Communicator in

How to save memory and ignore table row where column value is less than x?

I may use a search similar to this: index=mock_index source=mock_source| eval event = _raw| stats count as frequen...

by Explorer in

How to search for an event that doesn't have a response after 30 minutes?

I have two separate logs ( Request.log, and Response.log ). Events from App1 will be recorded in Request.log. ...

by Explorer in

Help with SEDCMD props.conf

Hello. I am in problem. I have log like this. 1.example.log 2022/08/24 12:04:00,ExampreA,"xxx"xx"xxx"...

by Engager in

Splunk Use Case- How can I compare two IP addresses when IP address is only available in one sourcetype?

Hi All, I am trying to build a use case with the below scenarios: 1) Person A can do tasks X and Y but not task...

by Explorer in

Why am I getting the wrong search results?

i have this dropdown which produces correct results: <input type="dropdown" token="tUser" sear...

by Path Finder in

How to show Error inputs gracefully

How to display the error input or value errors in a pop up? I am trying to build a custom command and want to show er...

by Explorer in

How to check that a field value is unchanged in last two day or if possible two business days?

I am checking for reboot required, if yes, since how long is the status unchanged from reboot required yes. Logic I a...

by Path Finder in

How to calculate the delta between two time intervals for sending messages?

Good afternoon! We receive messages on splunk. The task is as follows: there is a time period between the first me...

by Communicator in

How to search for a string that begins with a square bracket ]?

I have a field value like this that I want to exclude. [22m[2hinfo[3: host.console[0] The sear...

by Explorer in

How do I add a string in the title of a e-mail?

"user-info"index=user_interface_type sourcetype=* | table _time, host, port, _raw | sendemail to="abc@splunk.com" sen...

by Engager in

Help with Dashboard with time span for with tstats

I am trying to build a dashboard with time input, how can I use the time selected to pass to below query? ...

by Explorer in

Chart by Duration (D+HH:MM:SS) which is in string format?

Hello, I used below to convert seconds into D+HH:MM:SS format which is now in string format. However, I want to cr...

by Explorer in

How to show output for last week?

I have spent days working on this, can someone help? how to populate previous week results? Also there are differen...

by Path Finder in

How to build a table out of this log file?

Hi, I have below log file, I would like to build a table out of it (Line1, Line2,Line3,Line4 are just for understa...

by Path Finder in

How would I extract field/value pairs from these sample events (2 sample events given below)?

Hello, How would I extract field/value pairs from these sample events (2 sample events given below)? I can use...

by Motivator in

How to combine two tstat search to create one table?

Hello, I have created a datamodel which I have accelerated, containing two sourcetype. The goal is to add a field ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I get two fileds "ip numbers" in an timechart?

How to merge two searches without losing main search data?

Configuration Files in Default and Local App folders: How to create three sourcetypes?

charting.fieldColors option doesn't seem to work when fields have a colon in the name?

How to save memory and ignore table row where column value is less than x?

How to search for an event that doesn't have a response after 30 minutes?

Help with SEDCMD props.conf

Splunk Use Case- How can I compare two IP addresses when IP address is only available in one sourcetype?

Why am I getting the wrong search results?

How to show Error inputs gracefully

How to check that a field value is unchanged in last two day or if possible two business days?

How to calculate the delta between two time intervals for sending messages?

How to search for a string that begins with a square bracket ]?

How do I add a string in the title of a e-mail?

Help with Dashboard with time span for with tstats

Chart by Duration (D+HH:MM:SS) which is in string format?

How to show output for last week?

How to build a table out of this log file?

How would I extract field/value pairs from these sample events (2 sample events given below)?

How to combine two tstat search to create one table?

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Will Splunk searches using lookup get affected if ...

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...