Splunk Search

Ask a Question

Discussions

Thread Info

metadata search in a macro doesnt seem to work

Hi, I am trying to put a metadata search into a macro, but having trouble making it work. The macro is something ...

by Contributor in

lookup two csv pattern match query

I have a requirement like this from file1.csv lookup file i am getting 2 fields field1 field2 "application...

by Communicator in

Why are the legend and stacking order of this bar chart opposites?

When creating a stacked bar chart and putting the legend definitions on top, the legend order is reverse of the stack...

by Engager in

updating a lookup after query result returned

I have a lookup table that looks like this _time,action,source <time>,completed,<source> <time>,completed,<source>...

by Contributor in

Use wildcard in source?

I have a directory C:\logs in this directory I have multiple files: 1: logging-projectname-0.log (There can be ...

by New Member in

How do you display the # of requests per 24 hours of log access (Between 00:00:00 and 23:59:59)?

How to write a query which displays all the requests count for every hour in 24 hours access logs. The log timings ar...

by Explorer in

Incomplete lookup results

Hi everyone! We've been randomly facing with rather annoying and critical issue while working with lookups: someti...

by Builder in

How to compare a field from one sourcetype with another sourcetype then return the result in a new field?

Hello, Hoping someone can help, I'm new to Splunk. Lets say I have the following source types: "event_alert" - ...

by New Member in

inputlookup csv two files get the data

Hi, I have two input lookup files. input1.csv and input2.csv Am getting "Maintenance for application" as value ...

by Communicator in

Timechart in the same table based on column

Hi, I have the below 2 searches, which work fine. I need to put the output of both the searches in a single table ...

by Explorer in

How do I use the latest/newest value to be used as a value?

I am trying to use the latest "Value" from the last Added/Updated Registry Key but however it took in the oldest resu...

by Path Finder in

Join 2 sourcetype on on field if time difference between 2 records is less than 3 seconds

So I have 2 different source types which I can join using DEVICE field. But I wan to join records if and only if time...

by Engager in

What do I need to alter in my search to get these fields?

Hi , We have two lists of CSV files. Each one has 500 hosts and for each we need to figure out among hosts which a...

by Communicator in

Dashboard: Replacing default text for empty reports

I'm developing a dashboard to display the results of several saved searches and everything's looking nice. I just ...

by Explorer in

Get last 3 events based on time in 1 index when an error happens in a different index

I have the below search where i get an errot and then i want to pull through the last 3 events prior to that error bu...

by Communicator in

How to see all values in a field

It says 41 values exist, but it's only showing 10. How do I see the rest, and select from them with checkboxes? This ...

by Builder in

Delta over Multiple SIDs

In my raw data I have a lot of values for a field called "sid". For each of those values I want to calculate the delt...

by Explorer in

How can I search for events that match two subsearches?

I'm trying to pull back events that have a specific field value, but should only return events that match that field ...

by Explorer in

How to group uri strings inside a case statement based on a substring portion of a uri

I have three types of uris stored in a field called uri. The uris are as follows: First type: /a/b/c/1/d /a/b/c/2/...

by Motivator in

Get last login time based upon a list of accounts in a CSV lookup file

I have a list of accounts that I wish to monitor in a csv file, say accounts.csv. The file looks like: userid,name...

by Explorer in

Display rows not older than 1 day based in a date column

Thanks in advance. We are trying to display the rows where the column is not older than 1 day and this has to be d...

by Path Finder in

Splunk Search & Reporting app returns "500 internal server error", only for one user.

I'm running Splunk Enterprise v 6.6.1 on Windows 2008 R2 (not by choice). Without making any configuration changes (t...

by Path Finder in

Avoiding a double-lookup for an efficient search

A user is only allowed to log in from one of their AllowedPlatform: userAllowedPlatform.csv | User | Allow...

by Explorer in

Strange behavior of an eval

"call" OR "exception1" OR "exception2" OR "exception3" | eval calls = if(like(message, "%call%"), 1, 0) | eva...

by New Member in

Command 'search' can't compare two floating numbers

I am writing a saved search to trigger and alert when a difference between values is higher than a threshold. A simpl...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

metadata search in a macro doesnt seem to work

lookup two csv pattern match query

Why are the legend and stacking order of this bar chart opposites?

updating a lookup after query result returned

Use wildcard in source?

How do you display the # of requests per 24 hours of log access (Between 00:00:00 and 23:59:59)?

Incomplete lookup results

How to compare a field from one sourcetype with another sourcetype then return the result in a new field?

inputlookup csv two files get the data

Timechart in the same table based on column

How do I use the latest/newest value to be used as a value?

Join 2 sourcetype on on field if time difference between 2 records is less than 3 seconds

What do I need to alter in my search to get these fields?

Dashboard: Replacing default text for empty reports

Get last 3 events based on time in 1 index when an error happens in a different index

How to see all values in a field

Delta over Multiple SIDs

How can I search for events that match two subsearches?

How to group uri strings inside a case statement based on a substring portion of a uri

Get last login time based upon a list of accounts in a CSV lookup file

Display rows not older than 1 day based in a date column

Splunk Search & Reporting app returns "500 internal server error", only for one user.

Avoiding a double-lookup for an efficient search

Strange behavior of an eval

Command 'search' can't compare two floating numbers

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions