Splunk Search

Ask a Question

Discussions

Thread Info

Changing the Ulimits for openfiles

How can we change the ulimits of Splunk to the desired value ? I have edited the /etc/security/limits.conf file and ...

by Builder in

Converting [h]:mm:ss into hour, minutes and seconds

Splunkers! How should i modify the regula expression | rex field=duration "(?<hour>\d{2}):(?<min>\d{2}):(?<sec>...

by Path Finder in

Evaluating dynamically generated field name

I've an event where some field "values" can be concatenated/evaluated to generate a field "name" that exists in the s...

by Explorer in

Need to filter table results in Dashboard after stats and join commands

I am looking for a way to filter the results that I am returning from an initial SPL search, a join command keying of...

by Explorer in

How to return the most recent 2 values of X by Y?

Stats can be used to get the most recent X value of Y, for example: | stats latest(x) by y How do I get the most r...

by Champion in

How do I store the delta value in the previous row

I have the following: _time condition delivery sent 1 21/01/2018 0:00 0:00 264464 331477 2 22/...

by Motivator in

Calculate the delta based on the time for 2 fields - end of day value minus start of day value

I have the following table from my search: index=core ... | timechart span=5m sum(deliverySucceeded) as deliveryS...

by Motivator in

Static List of Users

I have created a static list of users in a dropdown on one of my dashboards. There are only 15 of them so I decided n...

by Loves-to-Learn in

How to get full row based on max

Splunkers! I need to solve this problem. Basically, starting from a Service Catalogue (having the same AppID linke...

by Path Finder in

Does workflow have SPL commands?

We wonder whether the workflow UI has SPL commands. Meaning, can we perform the same workflow tasks via commands?

by Ultra Champion in

index=Network_data memory_raw!="" | table _time cust_id memory_raw |bin _time span=1d | stats avg(memory_raw) by _time cust_id

Hello everyone, In the above command i got the average memory raw per customer for a day(span=1d). But i need it for ...

by New Member in

Is it possible to do a lookup based on IF statement?

Hello Splunkers, here is my scenario: I have a field actionType that can assume two values: "S" or "A". Based on a...

by Communicator in

Manipulate _time value on collect

Hello, I'm performing some aggregations on my indexed data and I'm doing them based on a field that stores date an...

by Path Finder in

Match IP network source

I want to add data of a network, for example 192.168.0.0/24. But when i select TCP/UDP, and i add 192.168.0.* on "Acc...

by New Member in

Sorting timewrap output

I doing a search and timecharting the results which I then stream into timewrap. My timechart contains (for instan...

by New Member in

replace special character "*" with NULL in datamodel

Hi, In one of my numeric field sometimes I am getting value as " * ". I want to replace it with either NA or NULL ...

by Explorer in

How do I edit my timechart search to get the expected visualization?

Hi all, First off, some details. I have a script job running every 60 seconds to poll the processes in the servers...

by New Member in

Alternative to dedup

I'm sorting by time cause I want the latest time for every distinct host. Im doing this and it works. But dedup is fa...

by Communicator in

convert string date(without seprater) to readable date format - 20180112 to 12/01/2018

Hi, I am using data-models. In raw data I am getting date as YYYYMMDD, I want to convert it in DD/MM/YYYY. Is ...

by Explorer in

How do you manage modified lookup files that ship with an app?

Let's say an app ships with one or more default CSV lookup tables. You want to add additional data to these lookups s...

by Path Finder in

hosts not visible

Hi, Configured splunk universal forwarders on windows & linux hosts through splunk deployment server, which are vi...

by New Member in

splunk _time not matching with timestamp

Hi, the log has timestamp like this "time":"2018-01-22 13:43:40.0" props.conf : TIME_FORMAT = %F %T.%3N TIME_...

by Builder in

How to extract name from multiple sources using rex

I am trying to extract one name from source using rex. index=*source=* | rex field=source "\\\\\\\domain\\\prod\\...

by Communicator in

Subsearch for multiple sourcetypes and fieldnames

I need to do a search in two different sourcetypes and use the result to do additional searches in these queries. But...

by New Member in

Extract in Props.conf

I am trying to extract a field from cisco:asa events in my props.conf. Here is the event: Jan 23 11:04:57 taaaaaaa...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Changing the Ulimits for openfiles

Converting [h]:mm:ss into hour, minutes and seconds

Evaluating dynamically generated field name

Need to filter table results in Dashboard after stats and join commands

How to return the most recent 2 values of X by Y?

How do I store the delta value in the previous row

Calculate the delta based on the time for 2 fields - end of day value minus start of day value

Static List of Users

How to get full row based on max

Does workflow have SPL commands?

index=Network_data memory_raw!="" | table _time cust_id memory_raw |bin _time span=1d | stats avg(memory_raw) by _time cust_id

Is it possible to do a lookup based on IF statement?

Manipulate _time value on collect

Match IP network source

Sorting timewrap output

replace special character "*" with NULL in datamodel

How do I edit my timechart search to get the expected visualization?

Alternative to dedup

convert string date(without seprater) to readable date format - 20180112 to 12/01/2018

How do you manage modified lookup files that ship with an app?

hosts not visible

splunk _time not matching with timestamp

How to extract name from multiple sources using rex

Subsearch for multiple sourcetypes and fieldnames

Extract in Props.conf

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions