Splunk Search

Discussions

Thread Info

Ingore last result in timechart

Hello i have a search query with timechart function but i don't want to display last bucket because it shows not comp...

by Explorer in

How to combine outputs from 2 different searches where fields match?

EDIT: Nevermind, I was just being dumb. It seems no matter how I search by field3 value that triggered on field1, fie...

by Explorer in

Extract fields using colon (:) except time field

Hello, I'm trying to use the field extraction tool for a data file that where the fields are delineated by a colon(:...

by Contributor in

Exttract the first value for multivalue field events

Hey, I have a sample event,which is a multivalue field,I want to extract Service ID and Ent_Provider Id from the t...

by Builder in

how to divide two fields in a search and print the result values in timechart

Hi, suppose a query is like: index="demo1" total_bytes,total_time,date etc I need to divide total_bytes/total_time...

by Path Finder in

Chart and table of occurences of field by another field

Hi I would like to have some chart ( bar etc.) and table of logs which contain two information titleID and userID....

by Path Finder in

Multisite Index replication question

I must admit I am struggling with wrapping my head around multisite replication... We operate in AWS and do build inf...

by Builder in

How do I reference lookup table with a field that have dynamic value?

I have a field value for IP address in the lookup dataset but the IP address from real logs are dynamic and constantl...

by New Member in

How can I make this search faster and more efficient "index=_internal per_host_thruput | timechart span=1d dc(series) as hosts"

The search below yields a count of hosts each day. It works well but will be extremely slow and inefficient if I run ...

by Explorer in

How to move raw data with no field assigned to a table?

This might be a really simple question, but I haven't been able to find an answer as of yet. I have some raw data fro...

by Path Finder in

Sum fields

I would like realize a sum of data like that par exemple : data = data + val1 But splunk dioesn’t recognize th...

by New Member in

I am looking for a functionality we can create csv look ups based on Month in splunk. Is this possible. Is it possible to delete data based on a certain conditions in lookup ?

I need a handle a years data in splunk and looking for suggestions to split the dataset and then populate the dashboa...

by New Member in

How to evaluate multiple values to a single answer . Like if value in(1,5,3,2,7) then Code1 else if value in(4,6,0) Code 2 else Code 3

Hello, I need to creating grouping of a results by error code . There are different type of error code like 1123, ...

by Explorer in

Tricky regex

Hi, I have this data "166.78.66.241" 70.121.107.109 "70.121.107.109" - - [19/Jan/2018:12:24:33 -0600] "POST /fileU...

by Motivator in

How to determine the amount of logs per server per day

I have about 25 servers to add to Splunk. Currently we run about 35 gig per day with our license at 50 gig. Can it be...

by Explorer in

Why do I get "Invalid key in stanza..."

Deploying app to collect IIS logs. When restarting the forwarder get the following: " Invalid key in stanza [monitor...

by Path Finder in

How to add hyperlink in specific text?

I want to have a hyperlink in my Title text but not all the text in the title will be clickable, the only clickable i...

by Path Finder in

I want to ready value on specific time for last one week

I want to read specific string between 9:15-9:45, each day for last 7 days. host=manana string | stats dc(count) ...

by New Member in

Filter events from syslog

Hi at all, this is a recursive question which I often I answered in past! I have to filter before indexing logs re...

by SplunkTrust in

Generate Matrix from Table Data

Hi, I am currently working with a table that looks like this: col1 | col2 | value xA | yA | 1.0 xA | yB | 1.5 ...

by Explorer in

How do I set a query to run overnight without it expiring before it completes?

I need to run a search that will take around 6-8 hours. Just a lot of URLs with wildcards to look for in a terabyte o...

by Builder in

Include zero in the average

Splunkers! I'm not able to solve a strange issue... Basically, the stats avg() is omitting values in the calcul...

by Path Finder in

How to add string on a field value?

Hi Guys! I am creating a table with number of errors per robot. The field values of these robots are "IGH2001", "I...

by Communicator in

Search on an eval variable - find filenames with yesterday's date

I used eval to create a field with the yesterday's date: | eval today=strftime(now(),"%Y%m%d") I want to search o...

by Path Finder in

mvcount and stats count give different results

I have a log file where each line has an itemId and a clusterId. When I run the following sort of queries | stats...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Ingore last result in timechart

How to combine outputs from 2 different searches where fields match?

Extract fields using colon (:) except time field

Exttract the first value for multivalue field events

how to divide two fields in a search and print the result values in timechart

Chart and table of occurences of field by another field

Multisite Index replication question

How do I reference lookup table with a field that have dynamic value?

How can I make this search faster and more efficient "index=_internal per_host_thruput | timechart span=1d dc(series) as hosts"

How to move raw data with no field assigned to a table?

Sum fields

I am looking for a functionality we can create csv look ups based on Month in splunk. Is this possible. Is it possible to delete data based on a certain conditions in lookup ?

How to evaluate multiple values to a single answer . Like if value in(1,5,3,2,7) then Code1 else if value in(4,6,0) Code 2 else Code 3

Tricky regex

How to determine the amount of logs per server per day

Why do I get "Invalid key in stanza..."

How to add hyperlink in specific text?

I want to ready value on specific time for last one week

Filter events from syslog

Generate Matrix from Table Data

How do I set a query to run overnight without it expiring before it completes?

Include zero in the average

How to add string on a field value?

Search on an eval variable - find filenames with yesterday's date

mvcount and stats count give different results

Index This | What are the 12 Days of Splunk-mas?

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...