Splunk Search

Discussions

Thread Info

Map a field to a value within the log file

I am working with clock sync log files. The top 3 lines have the ip address -> MAC address mapping... The rest of the...

by Path Finder in

How can I tie together Windows Logon and Linux SSH Events to monitor root and other linux admin accounts?

Hi! My goal is to be able to tie together events from Linux events and Windows events in order to track Windows us...

by Path Finder in

What is an alternate way to do this query: count(eval(like('some.field',"A"))) AS accepted?

SPLUNK NINJAS! I NEED YOUR HELP! I have a firewall issue where any IP outside of our intranet, Splunk throws error...

by Path Finder in

Transacting with High Cardinality Groups and Memory Consumption of stats

Data Set Characteristics We have an index containing ~100k events that are each about 1k in size, making a roughly...

by Path Finder in

How can I analyze different events where the field is the same but different keywords and get a count of events where one event led to another?

Hi Experts, I have got a requirement where I have a few events where one of the fields contains some keyword say "...

by Contributor in

How to pass a value to the |inputlookup where , inside a subsearch

I have a search: index=examp1 sourcetype=json application=myservice NOT [|inputlookup aps_test_filter.csv where ap...

by Explorer in

How to calculate a percentage of distinct id's from a group of events which have never had a field matching a certain value?

I have a group of log entries with an id field, and a status field. For a given id, over a given amount of time, stat...

by New Member in

How can I search a lookup table for rows that match an input string in any field?

I need to search a lookup table for rows that match an input string in any field. I've tried |inputlookup...... | ...

by Communicator in

Why am I receiving negative values for jenkins build times?

Here is my search query, though this issue is common across a number of different custom searches we are attempting: ...

by Explorer in

Using two seperate inputlookups

I have two files which I have uploaded into Splunk, and both work as intended. One is a detailed file containing peo...

by Path Finder in

How to make the date as header in table?

I need to do a table which look like this (see below). As of now my table look like this How can I ma...

by Path Finder in

Lookup works on one instance, but not another

I'm seeing a weird issue - I have two Splunk instances, one for prod and one for dev. I have a lookup created that lo...

by Influencer in

How can I display ONLY the overlay Total on a visualization?

I'm trying to figure out how to display just the Total for an overlay instead of displaying the value of each stacked...

by Communicator in

How to extract a field using rex that may or may not be present?

Consider I am having two string - "YY02State" and "Y02State" In the above strings, I have to extract the fields li...

by Path Finder in

How can I take keywords from a field in a search, compare them to another field in the search and the field values that match the keyword, bring them together?

Hi All, I have two data fields, called "Issues" and "Complete issue" which look like this. What I want to ...

by Communicator in

Parallel stats - most efficient structure

I frequently have to create stats reports where some parts are, essentially, executable in parallel with others. An e...

by Explorer in

Eval expression with gentimes is not generating new fileds

Here is my SPL - | gentimes start=02/07/2017 end=02/08/2017 increment=1h | convert timeformat="%Y-%m-%d %H:%M:%S...

by Contributor in

How to create a search with eval where you know the value of the field 'sum' and save the sum's value in a variable?

Not sure if this can be achieved by eval command. A bit silly question indeed. "I want to know the value of the fi...

by Contributor in

Conversion to UNIX time

I want to convert my default _time field to UNIX/Epoch time and have it in a different field. This is how the Time fi...

by Contributor in

Get just 7 characters of field to search

I have a userID with 9 characters and want to search a lookup with just 7 characters. I have tried to use RegEx but i...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Map a field to a value within the log file

How can I tie together Windows Logon and Linux SSH Events to monitor root and other linux admin accounts?

What is an alternate way to do this query: count(eval(like('some.field',"A"))) AS accepted?

Transacting with High Cardinality Groups and Memory Consumption of stats

How can I analyze different events where the field is the same but different keywords and get a count of events where one event led to another?

How to pass a value to the |inputlookup where , inside a subsearch

How to calculate a percentage of distinct id's from a group of events which have never had a field matching a certain value?

How can I search a lookup table for rows that match an input string in any field?

Why am I receiving negative values for jenkins build times?

Using two seperate inputlookups

How to make the date as header in table?

Lookup works on one instance, but not another

How can I display ONLY the overlay Total on a visualization?

How to extract a field using rex that may or may not be present?

How can I take keywords from a field in a search, compare them to another field in the search and the field values that match the keyword, bring them together?

Parallel stats - most efficient structure

Eval expression with gentimes is not generating new fileds

How to create a search with eval where you know the value of the field 'sum' and save the sum's value in a variable?

Conversion to UNIX time

Get just 7 characters of field to search

Observability Highlights | January 2023 Newsletter

Security Highlights | January 2023 Newsletter

Platform Highlights | January 2023 Newsletter

Total Number of users on a appliance

How to use MLTK to tune DNS Query Length Outliers ...

Federated Search Questions

Optimizing metrics based searches?

How to use fit command together with foreach?