Splunk Search

Ask a Question

Discussions

Thread Info

How to configure Splunk to use a timestamp field in my sample log as _time?

Hi, I'm new in Splunk, hope you can guide step by step please. How do I map or link a timestamp field (eg. time...

by New Member in

inputlookup not returning all the rows in csv file

Hi, I have a csv file with nearly 50000 rows. When I try to fetch all the rows using the inputlookup command, I am...

by Communicator in

ライセンスが切れるとどうなりますか？

データの取り込みは継続しますが、検索、アラート、ダッシュボード表示は警告文が出て表示がとまり、最終超過日から30日たつと復活します。日本語マニュアル84ページ参照：https://docs.splunk.com/images/...

by Explorer in

How can I create a query to separate every session by host based on specific field?

Hi all, i'm trying to record all RD session on my server, i've write this query: index=server source="WinEventLog...

by Path Finder in

Chart event that are unique over month

Hi, I had been wanting to change events that are unique over month but to no avail. I will give an illustration b...

by Path Finder in

Add time in search string

Hi All, i want to add time in search string. My data is showing time 26-02-2018T02:00:00.000+0000, but while se...

by Explorer in

How to count Max Sub-sequence of identical numbers?

Hello , I need to calculate the maximum length of identical numbers for example : 0,0,0,0,0,1,0,1,1,0,0 and searc...

by Explorer in

Create Distinct Records from stats

I have a question where in I have inputs as below in a file f1.csv JOB NAME Start_Time End_Time Job1 S11 J...

by Explorer in

How to modify output based on condition applied to each rows

I have a query that output below, Status column is generated based on if condition. |eval Status = if(Quantity>10...

by Communicator in

How can I create a search on count of unique entries for a given field, by a given field in MAC?

At first glance I thought I could easily create this query, but I have been humbled. My logs have got tons of MAC add...

by Path Finder in

How to reorder _raw then dedup on _raw of the form?

Hi everyone I am performing a dedup on raw of the form: index=cisco_ucs host=KSCUCS2 splunk_server="spn2stl*" ...

by New Member in

Inputlookup append=true vs append [|inputlookup ] behavior difference

I saw a previous question dealing with this, but that question never got an accepted answer, and I think it was suffi...

by Champion in

How can I extract the regex statement that captures every line under a field until the empty line that divides the lists?

List of policies: policy1 policy2 policy3 Another list: something1 something2 How can I extract the each na...

by Communicator in

Regex AND Operator

I thought ?= acts like an AND operator. Condition would be to capture words with >5 Upper-Case AND 4 Lower-Case a...

by Contributor in

What is the best way to calculate date and time span?

Hello What I am trying to do is calulate dates and span. So I have a date called "Date Due" and a field "SLA". What ...

by Communicator in

Eval=case not working

Probably a simple one but......my Eval case statement does not seem to work correctly ...| eval operation=case(Ta...

by Path Finder in

iframes and views

Hi Team, We got a request to enable x_frame_options_sameorigin = [False] . Since currently they couldn't able to v...

by Path Finder in

Joining two records from a csv file based on a column

I am working on a monitoring tool where in I have to monitor the job completion and calculate the estimates in accord...

by Explorer in

whats the rex command to filter the special characters and extract only required fields?

Hello experts, logs looks something like this.. (java.lang.RuntimeException: java.util.concurrent.ExecutionExce...

by Explorer in

addtotal ignoring a particular row

Current output is attached in the image. i have one input lookup file file1.csv 1) Rows 2-4 are coming are coming fro...

by Communicator in

How do I include lower and upper limits in chart?

Hello Spunk Community! I have a set of data when plotted it has the shape of a bell curve. I want this data plotted o...

by New Member in

I am not able to find a few lines of my data in Splunk

If I see the file on the server, it has the data. But in splunk, I am able to see all the data except for a few lines...

by Path Finder in

search the request if only it presents in certain date range

I have a field called "request", I want to output all the log lines in history if the request value presents in certa...

by New Member in

IF with some conditionals

I guys! i would like to count the fail and success logons on my SFTP. The events are Successfull Logins from differen...

by Path Finder in

transaction with 2 different valued ID's

I have a set of wordpress tables I'm trying to build a transaction on. I have the following which is working well and...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to configure Splunk to use a timestamp field in my sample log as _time?

inputlookup not returning all the rows in csv file

ライセンスが切れるとどうなりますか？

How can I create a query to separate every session by host based on specific field?

Chart event that are unique over month

Add time in search string

How to count Max Sub-sequence of identical numbers?

Create Distinct Records from stats

How to modify output based on condition applied to each rows

How can I create a search on count of unique entries for a given field, by a given field in MAC?

How to reorder _raw then dedup on _raw of the form?

Inputlookup append=true vs append [|inputlookup ] behavior difference

How can I extract the regex statement that captures every line under a field until the empty line that divides the lists?

Regex AND Operator

What is the best way to calculate date and time span?

Eval=case not working

iframes and views

Joining two records from a csv file based on a column

whats the rex command to filter the special characters and extract only required fields?

addtotal ignoring a particular row

How do I include lower and upper limits in chart?

I am not able to find a few lines of my data in Splunk

search the request if only it presents in certain date range

IF with some conditionals

transaction with 2 different valued ID's

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...