Splunk Search

Thread Info

Splunk dashboard base search gives result which is different from that of an identical non-base search

I am using Splunk Enterprise 6.6.2, and today I noticed an alarming problem. In order for me to troubleshoot the p...

by Communicator in

How to search comunication between a inputlookup with some ip's and traffic of an index ?

Hi, I have a doubt about an inputlookup, i have a inputlookup with some ip's and i want to know how can see comunicat...

by Explorer in

regex help

I'm trying to configure a field extraction but am getting some strange incisions in the output. I'm running the below...

by New Member in

Basic math operation applied to stats

Hi all, Student, new to Splunk and dbs. I need some help performing basic math operation against stats results....

by New Member in

Writing a regular expression to capture null values

Hi, I've got fields which contain null values. I'm writing a regular expression to capture instances where fields ...

by Path Finder in

Number of events found not matching number of events displayed

Our Splunk Enterprise deployment has started returning inconsistent results, and I've been unable to track the source...

by Champion in

Is there a Splunk search command that will give an organized summary listing of all field alias definitions?

Hello, I was wondering if there is an SPL command that will give an organized summary or listing of all field aliase...

by Explorer in

EVAL for multiple conditions check

I have a search which checks if the values within con_splunkUL exist within con_UL (or visa versa). I need a fiel...

by Communicator in

In a table how to calculate sum of the values of one column between two specific value of another column ?

The table output of my splunk query gives me an output like this. uri | transaction_time /se/al/st/o1 | 97 sec /po...

by Contributor in

I would like to index and make the KV that are in the JSON available as searchable fields

I am using Splunk Cloud which means I do not have access to the server. I have log lines that look like this: J...

by Path Finder in

Geostats Map Drilldown

I have a lookup file that contains the name, ID, Latitude and Longitude of all our branches. I have designed a map to...

by New Member in

How to extract date:time format from raw data using REGEX?

Below is part of my sample data .. I want to extract date and time from the data. 00.111.222.1 va10n40596.abcdefgt...

by Path Finder in

FULL NULL Values based on certain values

The OverAllStatus only displays on the first row but I require the OverAllStatus to be displayed on each row for each...

by Communicator in

Is there any way to get the top 10 hosts with event count spike compared to Yesterday's event count in splunk from a lookup which contains hosts?

I have lookup file which contains a list of hosts around 500 as follows host A B C d Now, how to write a query ...

by Builder in

Combining two searches into one search

Hi all, I'm having an issue combining two searches into one search. I have a sourcetype that logs information a...

by New Member in

Does each Splunk event have a unique identifier?

I would like to tag some specific events to group them together for incident response and forensics purposes. Is this...

by Splunk Employee in

Can you help me understand the syntax of this rex feld and where such commands are used?

rex field=GB"(?[^]+)" Hi Team, can any help me to understand each syntax in above command and also would like to k...

by Explorer in

How to specify earliest and latest time modifiers to display previous week and current week results?

Hi, We are having option of previous week and current week in time modifier in search.Can anyone tell how I will get ...

by Explorer in

How to add Total grouped by a field ?

My table output gives me values in two columns . Column 1 gives different user name, Column 2 gives transaction time....

by Contributor in

Transaction by field not grouping correctly when amount of data is huge

Hi there, I have an index storing information about network connections which receives information of such connect...

by Explorer in

Rex to Extract Specific Word

Hi, I wonder whether someone maybe able to help me please. I'm using the following rex to extract the word ID from...

by Motivator in

Count string value over 7 days

I need to display the LastBackupStatus of all servers over the last 7 days. (The values of this field are only Succes...

by Communicator in

how to change the color of a table cell depending on the numerical value row wise

KPI | Week1 | Week2 | Week3 | Week4 | Aging | 42 | 48 | 50 | 60 | SLA | 0 | 3 | 7 | 2 | I would like to assign a...

by Engager in

status of data feeds coming in

Is there a way to show total feeds coming in per sourcetype etc. everyday? Would be good if I can see the data within...

by Explorer in

How to insert the values if match is found?

I have duration 00:00:10.000000 i.e 00 hrs 00 mins 10 secs .But I want to add days also as my field has many values c...

by Communicator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Splunk dashboard base search gives result which is different from that of an identical non-base search

How to search comunication between a inputlookup with some ip's and traffic of an index ?

regex help

Basic math operation applied to stats

Writing a regular expression to capture null values

Number of events found not matching number of events displayed

Is there a Splunk search command that will give an organized summary listing of all field alias definitions?

EVAL for multiple conditions check

In a table how to calculate sum of the values of one column between two specific value of another column ?

I would like to index and make the KV that are in the JSON available as searchable fields

Geostats Map Drilldown

How to extract date:time format from raw data using REGEX?

FULL NULL Values based on certain values

Is there any way to get the top 10 hosts with event count spike compared to Yesterday's event count in splunk from a lookup which contains hosts?

Combining two searches into one search

Does each Splunk event have a unique identifier?

Can you help me understand the syntax of this rex feld and where such commands are used?

How to specify earliest and latest time modifiers to display previous week and current week results?

How to add Total grouped by a field ?

Transaction by field not grouping correctly when amount of data is huge

Rex to Extract Specific Word

Count string value over 7 days

how to change the color of a table cell depending on the numerical value row wise

status of data feeds coming in

How to insert the values if match is found?

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

Bridging the Gap: Splunk Helps Students Move from Classroom to Career

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...