Splunk Search

Ask a Question

Discussions

Thread Info

How to extract time format using rex? "TransactionStartTime=12/19/2017 06:23:35.474"

How to extract time format using rex ? TransactionStartTime=12/19/2017 06:23:35.474;

by Builder in

Does retention policy depend on indextime or _time?

how can we get the oldest index time of an index ? Does retention policy depend on indextime or _time ?

by Builder in

Subsearch fields "query" "search" - How do I know which to use?

Can anyone explain exactly the difference between the special sub-search fields "search" and "query"? Both of thes...

by Super Champion in

How can I make this transaction command and table work when parsing a JSON document?

I have data that looks like this: {trans_id:"123abc" class:"cdedt" function:"bbb" marker:"A11111" elapsedms:"178" ...

by Path Finder in

How to create a linechart showing the previous 6 months with each point being the sum of the previous 6 months?

Im trying to show a trend using a linechart. It should show the previous 6 months and have a data point once for each...

by Path Finder in

Need _time on each event for a |makeresults

Hello, I need to spoof some data and am using |makeresults for 3 hosts and their port status of "UP" (and eventual...

by Splunk Employee in

How can I do a lookup where a field does not exist?

I'm trying to create a search that will do a lookup against a control file, and show me events where the events meet ...

by Explorer in

create a chart from a csv

I have a csv file that Splunk ingest and use it to create a chart. It works ok, but I'm not sure how to sort this by ...

by Path Finder in

Need help on the Lookup Table

Hi Splunkers, I have a lookup which contains Suspicious UA String/Keyword and type. Please find below screenshot ...

by Path Finder in

How to search a lookup table and return the matching term?

All- I am new to Splunk and trying to figure out how to return a matched term from a CSV table with inputlookup. I...

by Explorer in

Sort the average duration based on time rather than alphabetically

I have an average duration field which has months ,days ,hours and minutes.I want it to be sorted descending order -M...

by Communicator in

Excluding rows based on field combination

Hello splunkers ! Today I'm building a report, in which I'm tasked to exclude some specific results. These are typ...

by Engager in

Need to shorten data and show it by count

Hi All, I am executing query which is giving me the below result and I want to shorten the data and show in table ...

by Communicator in

Maths problem that i am hoping Splunk has a function for

Hi I have a Maths problem that i am hoping Splunk has a function for. It is in relation to calculation the % of t...

by Influencer in

List future or historical run times of scheduled searches

I'm trying to create a timeline using the Timeline Custom Visualization of future or historical saved searches in ord...

by Motivator in

In Splunk Java SDK, is there any way to provide Event Sampling?

While making Splunk search using Java SDK, is there any way to provide event sampling value into the query. There ...

by Explorer in

reformat the _time

Hi, Is it possible to reformat the _time, for example, remove the day so only the month and the year will remain? ...

by Path Finder in

How do I get first match from lookup with multiple entries

I am trying to match a field A from base query with a kv store lookup to get field B from lookup. Apparently there ar...

by Path Finder in

Implementing condition in search

This is the algorithm of my query. Could someone help me in constructing it. If (A happens) { Then ( Execute B Qu...

by Contributor in

How do divide greater than and less than in splunk?

I'm trying to divide my query into two parts, D>8000 as X and D<=8000 as Y, so i put it .... my search | eval count(i...

by New Member in

Time Conversion into readble format

Can someone help me converting 1513554224 into readable time format. I tried couple of formats but not working. I am ...

by New Member in

Number of days to AD account password expiry

I have a lookup table of AD accounts lookup table fields CN, DisplayName, passwordlastset, pwdlastset, userAccount...

by New Member in

Extract strings preceded by specific characters, find only the first match per event.

Sorry, this is more of a regex question but can't figure it out myself. I would like to extract a string preceded by ...

by Communicator in

Field extraction

Hi , For logs such as below please help me in extracting the data enclosed within double quotes. Contact Dealer...

by Explorer in

Natural sort order instead of lexicographical order in search?

I've got a date field that I extracted from log messages, and it is pulled from two different sources. One source zer...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to extract time format using rex? "TransactionStartTime=12/19/2017 06:23:35.474"

Does retention policy depend on indextime or _time?

Subsearch fields "query" "search" - How do I know which to use?

How can I make this transaction command and table work when parsing a JSON document?

How to create a linechart showing the previous 6 months with each point being the sum of the previous 6 months?

Need _time on each event for a |makeresults

How can I do a lookup where a field does not exist?

create a chart from a csv

Need help on the Lookup Table

How to search a lookup table and return the matching term?

Sort the average duration based on time rather than alphabetically

Excluding rows based on field combination

Need to shorten data and show it by count

Maths problem that i am hoping Splunk has a function for

List future or historical run times of scheduled searches

In Splunk Java SDK, is there any way to provide Event Sampling?

reformat the _time

How do I get first match from lookup with multiple entries

Implementing condition in search

How do divide greater than and less than in splunk?

Time Conversion into readble format

Number of days to AD account password expiry

Extract strings preceded by specific characters, find only the first match per event.

Field extraction

Natural sort order instead of lexicographical order in search?

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 2)

Index This | I am a number but I am countless. What am I?

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

breaking multiple mv fields into single events bas...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...

Write Splunk log with Laminas