Splunk Search

Discussions

Thread Info

How to create a field with varying lengths of field values?

I want to create a field which extract values, however I have some field values that I want to extract which contain ...

by New Member in

Why is the result number not matching?

Hi - I have a query where it results in total number of results of number of people logged into an application and I ...

by Explorer in

How to search and trigger an alert if we are not getting a record for some hosts from a given host list?

I have total 12 hosts which are coming through my sourcetype (input) and are below: UK1 App Server 1 UK1 App Serve...

by Explorer in

Using conditional sum after case statement

.....search | eval Type=case(like(publishId,"%U"),"unsubscribed",like(publishId,"%S"),"subscribed") | stats count by...

by New Member in

timechart ratio by model

Hi, below is my query index_ sourcetype=main | stats count(eval(level="Error")) as ERRORS count(eval(level="In...

by New Member in

Is there any way that I can calculate the byte size for each field value based on count?

I have a query as below field_A!="A" AND (field_B="abc" OR field_B="def" OR field_B="ghi" OR field_B="jkl" OR fie...

by Builder in

How can I show the difference in a string field from one day to another?

I have a powershell script that audits some files and creates an Windows application event log with the filepaths of ...

by New Member in

Is it possible to search a word existing in all the searches of Splunk just like we do in other IDEs?

I have multiple searches in splunk which use the same lookup table. Is it possible I can check among all the searches...

by Path Finder in

Lookup - How to compare and remove events from the search?

I need to remove a list of servers from my search. This list changes once a month so I thought of using a lookup tabl...

by Path Finder in

Events older then 30 days

The following is a sample entry from a splunk index... lastOccurrence=2012-06-25 18:42:38.0|firstOccurrence=2012-0...

by Contributor in

What is the order that executes in query when I use both AND, OR in splunk query?

I have two different queries like below Query 1 :- field_1!="A" AND field_2="B" OR field_1!="A" AND field_2="C"...

by Builder in

How to extract the last underscore part of a field?

I have a value a_b_c. How do I extract the last '_' item. So in this case it'd be 'c'. The number of of underscores i...

by Communicator in

Can you cache report results and use them towards another search?

I need to be able to compare report results over the period of a time. The report itself takes minutes to run for a 1...

by New Member in

search showing times when raw events were 0

Looking to do a search which shows start time and end time when _raw events were 0 over a say 24hr period. Trying ...

by Path Finder in

Deployment architecture

I have I want to send windows logs through heavy forwarder to indexer. on windows server, I install universal for...

by Communicator in

How can I look back 7 days from when an event occurred?

Hey Guys, I have a daily report that is showing the # of orders planned and completed for the day. However, someti...

by Communicator in

How does Hunk search data from Hadoop?

Can someone please explain in simple layman terms how Splunk SEARCHES Hadoop Data? I understand it doesn't store them...

by Communicator in

Converting smiv1 to smiv2 , cant find module

Hi i am having difficulties on doing this one , can someone tell me what should i need to do to make it fix . As i c...

by Builder in

How can I get the graph that only displays percentage when using timechart?

I have a query below that is showing "PriceChangeCount", "Total" and "PriceChangeRate" in graph, How can I get the gr...

by New Member in

Why do I see a count difference running a saved search via Splunk REST API call and running the search manually?

When I run a saved search via Splunk REST API call, I get a count which is entirely different when iI run the same se...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to create a field with varying lengths of field values?

Why is the result number not matching?

How to search and trigger an alert if we are not getting a record for some hosts from a given host list?

Using conditional sum after case statement

timechart ratio by model

Is there any way that I can calculate the byte size for each field value based on count?

How can I show the difference in a string field from one day to another?

Is it possible to search a word existing in all the searches of Splunk just like we do in other IDEs?

Lookup - How to compare and remove events from the search?

Events older then 30 days

What is the order that executes in query when I use both AND, OR in splunk query?

How to extract the last underscore part of a field?

Can you cache report results and use them towards another search?

search showing times when raw events were 0

Deployment architecture

How can I look back 7 days from when an event occurred?

How does Hunk search data from Hadoop?

Converting smiv1 to smiv2 , cant find module

How can I get the graph that only displays percentage when using timechart?

Why do I see a count difference running a saved search via Splunk REST API call and running the search manually?

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Platform Newsletter Highlights | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...