Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Conceptual sourcetype renaming

Hi Experts, I am looking for best practices on how to conceptually, systematically and with minimum efforts and r...

by Contributor in

Transpose and Timechart

Hi, I wonder whether someone may be able to help me please. I've put together the following query which works but ...

by Motivator in

Renaming field name having #

How can I rename a field name starting with # in Splunk search tab? For example: field name I have "#client Name" an...

by New Member in

How to lookup value with wildcard?

Hi. for example, i have that log: Apr 26 12:04:38 centos7LAB sudo: qweqwe : TTY=pts/4 ; PWD=/home/qweqwe ; USER=root ...

by Builder in

Field extraction from host field value

Hi, I would like to extract two new fields from the value of the host field at search time. I'd like the first 3 c...

by Path Finder in

Trendline won't generate

I wanted to build a trendline of my hosts response_time over _time. But it won't generate source=my_perf AND (hos...

by Contributor in

I would like to know the splunk search processing Language command which I need to use to generate the reports as listed in the attachments Report1 and Report2

I would like to know the splunk search processing Language command which I need to use to generate the reports as lis...

by New Member in

Why is my map search returning "No Results Found"?

Can anyone help me with this map search? Both the inner and outer searches return what I expect, but when I try to co...

by Path Finder in

Want to split results based on a field value

Hi all, We have a field which represets de Offices, and we would like to make 2 different line charts separating b...

by Explorer in

How to find sum of particular fields by time?

We are having search which contain two fields user id and time at which user logged in. We need to print below tab...

by Path Finder in

Regex Help!

Hi! First time I am attempting Regex commands and I have got pretty stuck so any help would be much appreciated. ...

by New Member in

Query with field from lookup table + concatenate + wildcards

I have a lookup file titled airports.csv. In the file, i have several fields, but one is AirportCode. This field has ...

by Engager in

How to convert function to return epoch time 3 hours later?

Here is my date format I would like to convert to epoch for later processing. My date formate is: 3/5/2018 17:03 M...

by Contributor in

How to compare two fields in a event and list out the field when one of the fields does not exist?

Hello, I have a multiple events in a log file which contains field A and field B but not in all the events, I need t...

by Path Finder in

why 2 searches dont return same results

This search: index=dev_tsv source="*activity*" "Organization Name"="NA" "Added a comment" | rename Action as...

by Communicator in

Splunk Trigger alert no transaction inside log file from the directory?

I have two directory having two log files Directory: /logs/Test1/ /logs/Test2/ The directory have two log fi...

by Contributor in

Is it possible to ignore the last result?

good afternoon I have the following query | dbxquery connection = connection query = "....." | chart e...

by Path Finder in

eval IP function - help

Hello, I have a search woring which returns single IP addresses as source for certain events. As part of this I wa...

by New Member in

Transpose Multiple Column Headers

HI, I wonder whether someone can help me please. I'm running the query below which works fine, but I'm having some...

by Motivator in

How to get sum of a column

Hello, I am new in Splunk and trying to figure out sum of a column. i run following sql query on database: SELE...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Conceptual sourcetype renaming

Transpose and Timechart

Renaming field name having #

How to lookup value with wildcard?

Field extraction from host field value

Trendline won't generate

I would like to know the splunk search processing Language command which I need to use to generate the reports as listed in the attachments Report1 and Report2

Why is my map search returning "No Results Found"?

Want to split results based on a field value

How to find sum of particular fields by time?

Regex Help!

Query with field from lookup table + concatenate + wildcards

How to convert function to return epoch time 3 hours later?

How to compare two fields in a event and list out the field when one of the fields does not exist?

why 2 searches dont return same results

Splunk Trigger alert no transaction inside log file from the directory?

Is it possible to ignore the last result?

eval IP function - help

Transpose Multiple Column Headers

How to get sum of a column

Admin Your Splunk Cloud, Your Way

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

New Customer Testimonials

How to troubleshoot “Error in 'inputlookup' comman...

How to configure alert when a service is in failed...

how to identify '\n' in Splunk rex

How to convert multiple individual json objects in...

How to combine results of inputlookup and a search...