Splunk Search

Ask a Question

Discussions

Thread Info

How to change host as row and time as column

Hi there, I have this query: index=_internal source="*license_usage.log" | eval bytes=b | eval GB = round(byte...

by New Member in

Want to replace the field value name

Nameskukit NAC-D-CDSK-DLS-05.90NAC-DHJA-JEOE-DNDN-94.4.0 This my data, I want to replace with NAC-D to ANT-P f...

by Explorer in

Outputting data with spath in search

I am trying to output two rows of data with them being "read" and "write" with both of them having min,max, and avg o...

by Path Finder in

Create pie Chart from stats command

I am trying to create a pie chart of success vs. failure with stats command with the following: search | stats c(as...

by Loves-to-Learn in

Using lookup table with host-ip association

Hi, I would like to ask a question regarding the lookups table. I am managing logs about login and I want to be sur...

by Engager in

How To Determine When a Host Stops Sending particular type of Logs to Splunk

Hi all, I have facing an issue where exactly we can troubleshoot when a Host Stops Sending cmd Logs to Splunk. ...

by Builder in

Using multiple lookup tables in a query

index=netlogs [| inputlookup baddomains.csv | eval url = "*.domain."*" | fields url] NOT [| inputlookup good_domains....

by Path Finder in

Splunk API Script Help

All, Leveraging the following article (https://community.splunk.com/t5/Other-Usage/How-to-export-reports-using-the-...

by Path Finder in

Search and count by multiple specific substrings in a field

Hello. I have logs which contains field "matching" which is a String type. This field contains this kind of infor...

by Explorer in

Need help with nested json and spath

I've seen a few of the spath topics around, but wasn't able to understand enough to make it work for my data. I have ...

by Contributor in

How to calculate percentrank in Splunk?

How to calculate percentrank in Splunk?I appreciate your helpBelow is the expected result: Percentrank exc and Perc...

by Motivator in

I need to add filter to error query into total transaction query so that i can get filtered error counts as well as

Hi, i need to add filter to error query into total transaction query so that i can get filtered error counts as well ...

by Path Finder in

how to extract field from csv raw data

below csv file getting generated which is ingested into splunk. These are the file counts created date wise on differ...

by Explorer in

Splunk left join not returning as expected

I have the below code. I know that values exist under the subsearch which are not returning when I run the below quer...

by Path Finder in

How to display one row table in a pie chart?

How to display one row table in a pie chart?Thank you for your help.index=test---- Score calculation -----| table Sco...

by Motivator in

Line graph by instance and time

Hello, I have the below Splunk search and I want to put the results into a line graph so I can compare all of the dis...

by Explorer in

optimize lookup search

I have a lookup file with 50,000 records. When I want to do a search, it takes a lot of time to find my results. Is t...

by New Member in

Automatic lookup during data ingestiont (Splunk cloud)

Hi folksI've a KVstore containing the following values: hostname, IP address.This KVstore is updated every hour to en...

by Splunk Employee in

How to extend Splunk log retention to forever?

We use splunk for data analysing and monitoring. We have the Service Now add in to collect CMDB data. It goes back an...

by Engager in

Joining two events and compare to needed result

Hi , I am trying to find the list of ids that fail from my logs. Say I have 2023-11-14T10:30:30,118 INFO Ope...

by New Member in

inputlookup - count of values including Null

Hello, I have a lookup file and I would like to use it to search a dataset and return a table showing each entry in...

by Explorer in

Remote desktop user

Hi, The code is like index=main host=server10 (EventCode=4624 OR EventCode=4634) Logon_Type=3 NOT user="*$" NOT ...

by Explorer in

Alternative/Compliment to stats first()

| makeresults | eval _raw="id;x;y;z;k a;1;;; a;;1;; a;;;1; a;2;;; a;;2;; a;;;;1 b;1;;; b;;1;; b;;;1; b;2;;; b...

by Path Finder in

Join 2 searches which has common fields as 2 different field name with same value

Hi, My main goal is to find user id. Index=A sourcetype=signlogs outcome=failure The above search has a field ...

by Path Finder in

How do i use if/case functions using lookup table search?

Hello, I have a use case where I have a bunch of email alerts that I need to determine the system name for. Examp...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to change host as row and time as column

Want to replace the field value name

Outputting data with spath in search

Create pie Chart from stats command

Using lookup table with host-ip association

How To Determine When a Host Stops Sending particular type of Logs to Splunk

Using multiple lookup tables in a query

Splunk API Script Help

Search and count by multiple specific substrings in a field

Need help with nested json and spath

How to calculate percentrank in Splunk?

I need to add filter to error query into total transaction query so that i can get filtered error counts as well as

how to extract field from csv raw data

Splunk left join not returning as expected

How to display one row table in a pie chart?

Line graph by instance and time

optimize lookup search

Automatic lookup during data ingestiont (Splunk cloud)

How to extend Splunk log retention to forever?

Joining two events and compare to needed result

inputlookup - count of values including Null

Remote desktop user

Alternative/Compliment to stats first()

Join 2 searches which has common fields as 2 different field name with same value

How do i use if/case functions using lookup table search?

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions