Splunk Search

Discussions

Thread Info

eval with dynamic column names

I have a table of data as follows: KPI / Base:(date1) / Test:(date1) / Test:(date2) / Test:(daten) KPI1 / 1.5 / 1.8 /...

by Path Finder in

two inputlookup files sum of fields

|inputlookup file1.csv |search "field1"="RUN" |eval Aperm = if( 'Perm / Cont' = "Permanent",FTE,0) |eval Acont=if( 'P...

by Communicator in

match 2 fields with same value

I have a search and need to match 2 fields and show the match. I tried eval match(field1, field2) and eval results = ...

by Explorer in

getting error like "java.sql.SQLException: Missing IN or OUT parameter at index:: 2". Can you please troubleshoot?

SELECT A.* FROM "STG_CONTACT"."CRMTRC_CONVERSION_EVENT" A where A.CRMTRC_TIMESTAMP> ? and A.CRMTRC_TIMESTAMP< ?+5 ord...

by New Member in

How to find the size of each of the data model in our environment via Splunk search or REST API?

I'm trying to estimate the storage used by all the data models in our environment. Is there a way to find the size of...

by Explorer in

Writing a search query that validates file format

Hi Guys, I have a question regarding file validation. Is it possible in Splunk to validate the structure/format of...

by Path Finder in

Count number of occurrences in more than one field

I have two fields, Inbound and Outbound. Each of these fields can contain a group (sometimes they're null). I need to...

by Path Finder in

After eval _time, time chart is not considering updated _time

Hi, I am updating the _time in my search query and passing that to Timechart. My requirement is that timechar...

by Builder in

how can I populate a variable in a table with a search to make several different tables?

index=infrastructure_some_index resource_type="This could be variable from a search" | stats values(endpoint) as "En...

by New Member in

How to Use an InputLookup File to provide authorized user list and Report back Users who are not in the inputlookup

I have an input lookup file. Say 'ApprovedUsers.csv'. This contains a single field SamAccountName. I want to compare ...

by Path Finder in

How to show the result only if it is latest than the subsearch result?

Assume, I have two panels - PanelA, PanelB. I have to show the result in PanelA only if the event for train is more r...

by Path Finder in

Why doesn't this eval statement work?

Hi, I have this query index=wholesale_app buildTarget=comcast analyticType=SessionStart |rename Properties.pl...

by Motivator in

display result count in form panel

Hi, I have a form has field inputs and a panel to display the search results in a table. Our users are complaintin...

by Engager in

Field regex extractions on non-raw fields from web UI

I'm attempting to create a field extraction from the web UI (I'm not an admin and don't have access to "*.conf" files...

by Path Finder in

Transaction command with multiple fields

I have this start event. I am using the "Phonecall" as the key in the transaction. 1. InteractionEvent on Phonecall-1...

by Path Finder in

Help in creating regex for encryption of data?

Hi Splunkers, I am looking for some help in creation of regular expression to Anonymize data with a regular expres...

by Explorer in

How do i search non matching values from two different indexes and display

This is what I am doing extract value until the first occurrence of char & using the search string index="pro...

by Explorer in

Trying to search a connections log, top 10 hosts sending the most traffic, doesn't seem to be working.

Trying to search a connections log, top 10 hosts sending the most traffic, need some help, thanks.

by New Member in

How to manipulate the time formats to get the exact results in Status

Hi, I have created a query to fetch the status of some jobs in a particular format. There are different scheduled ...

by Engager in

How can I remove numbers from Y-axis?

Hi! I'm having trouble removing the values 0.5, 1 and 1.5 from the Y-axis in the following dashboard: But ...

by New Member in

Why is the tstats command not displaying all data from a data model?

Hi I have set up a data model and I am reading in millions of data lines. The issue is some data lines are not di...

by Influencer in

Hi, Can i use sum and list command in single query

by Engager in

Please help me in forming Regex.

Hi All, Please help me to extract the email ids which is not between <> angle brackets. Sample event: someon...

by Motivator in

Finding most recent event by host

We are collecting logs from McAfee and Splunk pulls information for each host every 1 Hr. The logs have two fields ho...

by Explorer in

Splunk Dedup by _time and Combine Values Simultaneously

I am working with Exchange 2010 data. I have the MessageID, Sender, Recipients, and _time. Depending on the event typ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

eval with dynamic column names

two inputlookup files sum of fields

match 2 fields with same value

getting error like "java.sql.SQLException: Missing IN or OUT parameter at index:: 2". Can you please troubleshoot?

How to find the size of each of the data model in our environment via Splunk search or REST API?

Writing a search query that validates file format

Count number of occurrences in more than one field

After eval _time, time chart is not considering updated _time

how can I populate a variable in a table with a search to make several different tables?

How to Use an InputLookup File to provide authorized user list and Report back Users who are not in the inputlookup

How to show the result only if it is latest than the subsearch result?

Why doesn't this eval statement work?

display result count in form panel

Field regex extractions on non-raw fields from web UI

Transaction command with multiple fields

Help in creating regex for encryption of data?

How do i search non matching values from two different indexes and display

Trying to search a connections log, top 10 hosts sending the most traffic, doesn't seem to be working.

How to manipulate the time formats to get the exact results in Status

How can I remove numbers from Y-axis?

Why is the tstats command not displaying all data from a data model?

Hi, Can i use sum and list command in single query

Please help me in forming Regex.

Finding most recent event by host

Splunk Dedup by _time and Combine Values Simultaneously

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions