Splunk Search

Discussions

Thread Info

How to search Events on Hosts in Inputlookup File?

I have a CSV that I've created via ldapsearch, that contains a single column with 'cn' and then a list of servers. ...

by Communicator in

Error in Eval in Search Command. Please help.

| makeresults | eval ipaddress=192.168.1.1 | lookup AM ipaddress OUTPUT hostname | table ipaddress,hostname This work...

by Explorer in

Correlation Events and Discard Events

Hello, I need your help to correlation some transactions by a number of reference and responses Input and Output but...

by Engager in

Remove the query string from a Url field

Need to exclude the query parameters from a URL field. For e.g. the field contains http://www.google.com/india?searc...

by Engager in

Why isn't my query working after adding timechart?

Greetings All - I have a query that gives me the data I need. However when I tried to add a timechart function to bri...

by Explorer in

How to find users that had only errors for certain event?

We have log entries in format like this: LogLevel=info username=some1 eventID=update So in case of error the ...

by Engager in

latest date

Hello , So my question today is: for my earliest time i have "-1w@w1",so my research start from the last monday.Th...

by Explorer in

How can I create a query where I can sum the total and then take the percentage and add them in a column?

Hello, I need your help for the following: I need to add the Total row and then divide it by the column of funds. ...

by Engager in

How to compare fieldName from different sourcetypes?

I have a field called hostname,domain,ipaddress all my 5 sourcetypes are having same fieldname, I want to compare all...

by Path Finder in

Is there a way to have a list of forwarded files in Splunk?

I have multiple xml files which have been forwarded to Splunk from my machine. Each file has its own data which is us...

by Path Finder in

transaction/duration?

I have events with a kind of chronological flow. The events contain a ID, status, _time and a time inside the event. ...

by Path Finder in

extracting eval for reuse in other searches

Hi I have a dashboard which shows metrics for an API. It has a graph for response times, tables for min max averag...

by New Member in

Creating a User profile who has access to monitoring console only

Hi All, I checked all the options in Splunk and I am unable to find an option for creating a user with a a role wh...

by New Member in

How to write regex to select specific fields on a search?

hi below is my search, when I do search for Error this is what I get; then I run this search to create "Me...

by Contributor in

how to Union 4 searches with 4 field name

Hi, Good day! have this search: | union [| pivot latest(field0) AS field0 SPLITROW field4 AS field4 ...

by New Member in

When using two lookups in a single search, I'm unable to value from the second lookup. How do I do that?

by Path Finder in

Add a column with a count of unique IP's to a chart

Hi@all, i'm new a splunk and been trying to figure out this for a while now. But for me it is not possible to add ...

by Engager in

lookup file csv

i have a search in splunk search dest_ip=10.10.20.3 OR dest_ip=10.2.3.5 OR dest_ip=10.6.7.4 OR dest_ip=10.0.4.6 . ...

by Path Finder in

need to show completion percentage with the following query

the following produces all of the other stats except completion percentage sourcetype=access_combined | transactio...

by Path Finder in

DNS Names in Events

Hi there, We are migrating from Kiwi syslog and one of the things Kiwi can do is show hostnames instead of IP addr...

by Path Finder in

"outputlookup" vs "action.populate_lookup"?

I'm trying to figure out some discrepancies between the outputlookup search command and the action.populate_lookup sa...

by Super Champion in

How to count from raw lines?

I have a lot of RAW data with this format: date_time,serverA,down date_time,serverB,down date_time,serverA,down date_...

by Engager in

How to build a table from two index sources with a common id

I am completely new to splunk so correct me if i am wrong i have 2 sources of data which contains status codes for th...

by Engager in

Extract multiple file names from email attachments

Trying to extract all email attachments file names. I am no good with Rex/Regex, so I used the automatic extraction i...

by Explorer in

Upgrade from 6.5.2 to 7.0.2 - Process

Just wondering if there is a staged upgrade process for going from 6.5.2 to 7.0.2. Do we have to go to 6.6.0 firs...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to search Events on Hosts in Inputlookup File?

Error in Eval in Search Command. Please help.

Correlation Events and Discard Events

Remove the query string from a Url field

Why isn't my query working after adding timechart?

How to find users that had only errors for certain event?

latest date

How can I create a query where I can sum the total and then take the percentage and add them in a column?

How to compare fieldName from different sourcetypes?

Is there a way to have a list of forwarded files in Splunk?

transaction/duration?

extracting eval for reuse in other searches

Creating a User profile who has access to monitoring console only

How to write regex to select specific fields on a search?

how to Union 4 searches with 4 field name

When using two lookups in a single search, I'm unable to value from the second lookup. How do I do that?

Add a column with a count of unique IP's to a chart

lookup file csv

need to show completion percentage with the following query

DNS Names in Events

"outputlookup" vs "action.populate_lookup"?

How to count from raw lines?

How to build a table from two index sources with a common id

Extract multiple file names from email attachments

Upgrade from 6.5.2 to 7.0.2 - Process

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions