Splunk Search

Discussions

Thread Info

How to detect two consecutive lines with same pattern

I wanted to detect the pattern with two consecutive lines with Received x messages , In ideal scenario it should be R...

by Explorer in

How to compare field values from this year vs last year by date and calculate the percentage change?

Hi, I have data in 2 fields in table: one is date and the other is some value, for each year respectively. Now I ...

by Path Finder in

Substring lookup to enhance DB query results?

Hello, I am VERY new to Splunk. I have built some basic dashboards using DB queries, because the data is not (yet)...

by Path Finder in

deduping ans eliminating the duplicate vales from 2 different sourcer

Hi, we are using a session ID to comparing the Client side server side data with diffrent names (session_c session_S)...

by Path Finder in

query for the count basedo the server

Hi, Below is the sample logs and I want to see the how many events generated from each server. Since there are dif...

by Path Finder in

Is it possible to use commands like makemv or nomv in data models?

Is it possible to use the commands like makemv or nomv in data models? I am using regular expressions while building ...

by Explorer in

How to block the unusual url

Hi team, I want to block unusual Url... could please suggest query for that Example www.abcd.com www.ykui.com ...

by New Member in

How to find the duration of overlapping transactions

Ok, I have two or more transactions like this: Host:abc123_01 start:08:00 end:10:00 Host:abc123_02 start:09:05...

by Path Finder in

How can I convert a naive timechart command to an efficient one?

The following works fine for me - sourcetype=<sourcetype> index=<index> | timechart span=1d count How can I ...

by Ultra Champion in

How to group rows together in a table and calculate the sum for each group?

Hi, I need to create table as shown in this screenshot: I have written this search for that: index=em7_srm_sum...

by Path Finder in

How to combine two fields in a subsearch and return them together

Hey guys, I have the next query: index=idx_rtd_prc sourcetype=rbt_rtd_src_type TIPO_ENTIDAD=PROVISION_COMISION MON...

by New Member in

How to use the where command

source="mhn-splunk.log" | where dest like "88ea2fb8-b579-11e7-8239-ce584c37994e" replace 127.0.0.1 WITH 37.139.29.33 ...

by Engager in

Issues with Case statement

I have reviewed a number of already answered questions related to case statements but none that seem to address the i...

by Explorer in

Counting duplicate values

Situation : I have fields sessionId and personName. This session ID has many-to-may mapping with personName. Need ...

by Explorer in

Regex field extraction question

Hi I have this log format for extracting Sep 01 09:55:11 @ipdest HSL: @ip1:port1 <-> @ip2:port2 | @ip3:port3 <-...

by Explorer in

Splunk removes all items from chart apart from OTHER

I have a timechart that shows timechart span=5s fixedrange=f limit=20 perc90(time_taken) by request over 70 m...

by SplunkTrust in

How to filter columns in a search query splunk

Hi Guys, I have a simple question. I have a search query, and it basically outputs lots of fields. Is there a way ...

by Path Finder in

Search for a random IP then place it in a variable

Currently I have many logs in most of which there are random IPs. I want to perform e search which will filter al...

by Explorer in

How to set time frame for base search as 30 minute interval?

Hi Everyone, Need your help in order to resolve issue. I need time frame for the base search of my dashboard as...

by Path Finder in

How to replace the value when another field has "error"?

If the "delta_value" is more than 2 then I'd like to replace the value1 to "error" Raw data No, _time, value1, de...

by Splunk Employee in

how do I rank nodality from kmeans data

I have been trying to do kmeans analysis of some data. I see some of my evaluation points falling into lots of cluste...

by Builder in

Events from Docker do not have proper field extractions

We are sending test data from a docker container to splunk via the splunk logging driver. I am able to vie the data b...

by Explorer in

Windows Event Log 4625 - Eval Account_Name Search Issue

Hello, I have the following search: index=security_wineventlog EventCode=4625 | table _time, Workstation_Name, ...

by Path Finder in

Using Stats List to get multiple UserIDs into a single field by IP. Need to sort by UserID

Might have trouble explaining this in an understandable way, might be why I was unable to google my answer. I'm u...

by Path Finder in

Why does geostats represent one and two arguments differently?

Im trying to represent som values with geostats, when I do this: | geostats values(OK) by name geostats presen...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to detect two consecutive lines with same pattern

How to compare field values from this year vs last year by date and calculate the percentage change?

Substring lookup to enhance DB query results?

deduping ans eliminating the duplicate vales from 2 different sourcer

query for the count basedo the server

Is it possible to use commands like makemv or nomv in data models?

How to block the unusual url

How to find the duration of overlapping transactions

How can I convert a naive timechart command to an efficient one?

How to group rows together in a table and calculate the sum for each group?

How to combine two fields in a subsearch and return them together

How to use the where command

Issues with Case statement

Counting duplicate values

Regex field extraction question

Splunk removes all items from chart apart from OTHER

How to filter columns in a search query splunk

Search for a random IP then place it in a variable

How to set time frame for base search as 30 minute interval?

How to replace the value when another field has "error"?

how do I rank nodality from kmeans data

Events from Docker do not have proper field extractions

Windows Event Log 4625 - Eval Account_Name Search Issue

Using Stats List to get multiple UserIDs into a single field by IP. Need to sort by UserID

Why does geostats represent one and two arguments differently?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

MLTK - What algorithm should I use?

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions