Splunk Search

Discussions

Thread Info

Split IP Address in network and host part

Hi everyone, I've got a little problem. I want to split up IP addresses in network and host part (to create a char...

by Explorer in

Can I call a macro without using transaction in my search?

The current search I am running calls "transaction" and then a macro to output results into my table. When I remove t...

by New Member in

Splunk Newbie: Using buckets/bins

Hi Splunkers, I can't seem to find a efficient way to bucket my results where anything greater than 174 days gets ...

by New Member in

Why are the stats values not working with append?

I need the field concate_CSV to list all concatenations for each machine but it is not working. (Actual v Desired out...

by Communicator in

Timechart Search using TextBox

I want to include search box to search account and it should display the timechart also. Please help. Presently only ...

by Explorer in

Transaction based alert trigger for EventCode=4740 showing previous 60 minutes events

Good morning. I am looking to generate an alert for when EventCode=4740 (User lockout) is shown in the event logs ...

by Path Finder in

How to force DBconnect to send fields with NULL values to the index?

DBconnect is not sending fields with NULL values to the index Is there a way to force DBconnect to do this ?

by Explorer in

How to filldown by multiple criteria ?

I, My use case : We monitor change state events on projects : { date: 2018-02-06T11:00:07+01:00 id: 473184 <...

by Explorer in

Field reference in search (Not in dashboard) (i.e. Token replacement in search)

Hello, I try with no success since here to do something like : | makeresults | eval super_important_field="supe...

by Path Finder in

compare 2 different search results and list out the missing data from search 1 result

Hi, I have 2 results from 2 different searches. I need to compare it & find out the missing data from search resul...

by Path Finder in

regex pattern

Hi, I am trying to regex only -R from this following results. However rex I used is not working. Please suggest ...

by Explorer in

Regex with conditional statement

Hi there, I need some help to form regex command. My requirement is to first search for code=SEND then stats count...

by Path Finder in

Find the string and the number of occurences

Hi, I have a log file that has a set of information about some users. Each of the users have an id and the same is...

by New Member in

Need help extracting timestamp from unstructured data (JSON)

Need help to extract timestamp and structure data - {"time":"2017-12-12 16:25:27.418 +05:30", "severity":"INFORMAT...

by Builder in

Automatic Lookup matching on multiple fields

I'm attempting to create an automatic lookup that matches src_ip, dest_ip, and signature in returns a "reason" and "s...

by Explorer in

If a token is equal to a value run query 1 if it is equal to another value run query 2

Hi, I have this query which works just fine in my dashboard. What I'd like to do is if the Properties.index=17 (in...

by Motivator in

How to make headers as field-values?

I have a table that looks like this Site 1 2 3 4 5 6 In Scope Onsite 3.5 2.44 2.4809851 1.164 2.3125 Local In Scope O...

by Communicator in

How to apply rex on a field/variable?

I have a basic rex question: In my splunk query I have: | eval foo = .... and I would like to be able to a...

by Path Finder in

How to find the average of top (max) values of a field sorted by other fields?

I have the following table of data generated by a search: category a category b count A E ...

by Explorer in

difficulty in updating a lookup file via rest

i have a script that generates a csv under /var/run/splunk I would like to update my lookup file I read the doc...

by SplunkTrust in

How to create a Splunk query to help determine profit/loss revenue?

this is a daunting task at least to me but I am looking for a query to start with that would help identify number of ...

by Explorer in

How to remove part of my value to create a new value?

Hi guys, My goal is to remove part of my value to create a new value. For example, I have a field called crea...

by Communicator in

How to group values on the Flat\Untable multiple columns to get Trellis to work?

Hello, either I'm missing something or this is impossible, I have a table like this: Type,Model,Vendor,Total A,100...

by Explorer in

How to sum all values in a column using the "eval" command?

I have a query in which each row represents statistics for an individual person. I want to sum up the entire amount f...

by Engager in

How to write a script to correlate data in a file with an event in Splunk?

Hello, I want to know if it is possible to do a script which read a file and correlate the data in this file with ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Split IP Address in network and host part

Can I call a macro without using transaction in my search?

Splunk Newbie: Using buckets/bins

Why are the stats values not working with append?

Timechart Search using TextBox

Transaction based alert trigger for EventCode=4740 showing previous 60 minutes events

How to force DBconnect to send fields with NULL values to the index?

How to filldown by multiple criteria ?

Field reference in search (Not in dashboard) (i.e. Token replacement in search)

compare 2 different search results and list out the missing data from search 1 result

regex pattern

Regex with conditional statement

Find the string and the number of occurences

Need help extracting timestamp from unstructured data (JSON)

Automatic Lookup matching on multiple fields

If a token is equal to a value run query 1 if it is equal to another value run query 2

How to make headers as field-values?

How to apply rex on a field/variable?

How to find the average of top (max) values of a field sorted by other fields?

difficulty in updating a lookup file via rest

How to create a Splunk query to help determine profit/loss revenue?

How to remove part of my value to create a new value?

How to group values on the Flat\Untable multiple columns to get Trellis to work?

How to sum all values in a column using the "eval" command?

How to write a script to correlate data in a file with an event in Splunk?

Fall Into Learning with New Splunk Education Courses

Super Optimize your Splunk Stats Searches: Unlocking the Power of tstats, TERM, and ...

How Splunk Observability Cloud Prevented a Major Payment Crisis in Minutes

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions