Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Compare daily search results against expected table

Hello, So I may be the victim of my own good deeds. Built an input form for the Infrastructure team to enter their...

by Path Finder in

Keep specific events and discard the rest

How to filter sets of monitored logs with HF? Hi, I have a number of logs files monitored by UFs and sent to a...

by Builder in

Tstats - What factors come into play when deciding to put a field in the beginning or after the GROUPBY section?

When analyzing different tstats commands in some apps we've installed, sometimes I see fields at the beginning along ...

by Explorer in

I have a problem in creating regex for below expression?

expression: 2018-02-2008:13:44|ABC1034|Sumit Martin|0|147707|Amit|SURESH||19490616|M|2030 SQ 16 PERRA|ABC E-212|INDIA...

by Path Finder in

csv file size limit for inputs

is there a file size limit for csv files for inputs ? it seems we have issues indexing a csv file which is over 250MB...

by Builder in

Create output[Site Down] by comparing two hosts that match a field down

I'm trying to create a search that will look at hosts over a period time E.G 1 week within period of time(10 - 30 min...

by New Member in

How to get the event details between two different dates?

I have a splunk log in the following format: INFO com.tmobile.sfdc.reports.batch.listener.OrderJobListener - ORDE...

by Path Finder in

how to re-arrange the column values to corresponding rows in table

Hi All, i have created the table & table is in below format... i need to display the table like below forma...

by New Member in

Feels like "return" command should support argument of 0 (all). Thoughts?

When performing subsearches using the return command, I am often disgusted with myself for employing a not-future-pro...

by Builder in

Why is sort order skewed with use of table command?

Any idea why the sort order (of time) is skewed with use of the table command? Seems like, to reduce repetitive s...

by Builder in

How to convert hex timestamp value to index in Splunk

Hi , I have the below data to index into splunk Can you advice how can i decode the hex timestamp below (5A814...

by Explorer in

joining tables miss some values

hi, i have 2 tables to join and when i am using outer join, i am able t join 2 tables but not able to join all the va...

by Builder in

How can I exclude a tag from a search result?

I am working on a printer log data on job completion and am doing up a search to retrieve only events with tags that ...

by New Member in

How to use subsearch to find which values from a subsearch populated table aren't in another search?

I have two seperate sourcetypes. In the first sourcetype, I have a field memberID that also exists in the second sour...

by Communicator in

How to present the date and value not in epoch format and is there a way to add a line to the bubble chart (over the time), in order to show trend?

Hi, I created a bubble chart with numeric values on the y-axis and time(epoch) on the x-axis, and the bubble size ...

by Contributor in

Two Nearly Identical Inputs But One Doesnt Work (PowerShell)

So I have the two below in my inputs.conf the top one works, the bottom one does not. Both commands work fine when ra...

by Path Finder in

Get percentage after case and stats calculations

...search | eval Type=case(like(publishId,"%U"),"UnSubscribed",like(publishId,"%S"),"Subscribed") | stats dc(account...

by New Member in

search does not return anything

I have tried to add to monitor several log files but so far search returns nothing I am using trial version with max ...

by New Member in

stuck on a subsearch

Hi, I have this query, what I'm trying to do is pull the mac address out of events with a 405 error dedup them the...

by Motivator in

map command field not being evaluated

I have an issue with a field within the map command not being evaluated appropriately. The scenario is this: do so...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Compare daily search results against expected table

Keep specific events and discard the rest

Tstats - What factors come into play when deciding to put a field in the beginning or after the GROUPBY section?

I have a problem in creating regex for below expression?

csv file size limit for inputs

Create output[Site Down] by comparing two hosts that match a field down

How to get the event details between two different dates?

how to re-arrange the column values to corresponding rows in table

Feels like "return" command should support argument of 0 (all). Thoughts?

Why is sort order skewed with use of table command?

How to convert hex timestamp value to index in Splunk

joining tables miss some values

How can I exclude a tag from a search result?

How to use subsearch to find which values from a subsearch populated table aren't in another search?

How to present the date and value not in epoch format and is there a way to add a line to the bubble chart (over the time), in order to show trend?

Two Nearly Identical Inputs But One Doesnt Work (PowerShell)

Get percentage after case and stats calculations

search does not return anything

stuck on a subsearch

map command field not being evaluated

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Platform Newsletter Highlights | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...