Splunk Search

Discussions

Thread Info

Search syntax for comparing events over 30-day timespan

The purpose of the query is to identify those events that occurred after 10/14/2017 01:00:00 that had not occurred in...

by Contributor in

What is the most efficient way of filtering on two timestamps?

Hello all, I keep facing a common theme and I wanted some input. We all know that the first filter should be on th...

by Motivator in

How to combine two field values from the same field?

So, I have regex a field called device, and it contains - mac - mac os - os x - windows - android Is it possible...

by Path Finder in

Sort highest to lowest over time with timechart

Hello, I'm trying to display a graph of the my Splunk applications by usage, highest to lowest within a given time...

by Engager in

How do I count the number of events based on the value of a field is *

Hello, I am having trouble with a simple search. I have the following data: OBJECT ID,NEW STATE 1,STATE ONE 1,S...

by Path Finder in

Help with search to monitor a firewall

We are trying to monitor Firewall events from' X ' Environment coming to Splunk. I took the all hosts (600 hosts) rel...

by Communicator in

Timechart Not working after eval _time

Hello, I am using timechart in my query. I want to create timechart based on time specified in file rather than _t...

by Builder in

Rebuilding index level .data files

On a healthy index, these two queries return the same value, or at least very similar, since the value is changing as...

by Contributor in

sum of a field depending on values of other field

Hi, I have few fields in my csv file like below. Name of csv file example.csv A B C D 1 Harry 100 Tel Tom Harry 20...

by Communicator in

Using Rex Command to Extract Username from EventData_Xml Data

Good morning. I'm trying to use rex to extract a username from a MS Windows Application Event Log. The event shows a ...

by Path Finder in

search on each lookup event

Hi All, I have a lookup containing username,hostname and I also have an assets index storing hostname, mac, ip. Im...

by Path Finder in

How can I define a total amount of a Pie Chart?

Hi! I need to create a pie chart where the full pie is 1000000 and the "usage" is a count number. It should look like...

by New Member in

User last login date

I have a about 250 users and I would like to to know when was the last time each of them have logged in. Is there a q...

by Communicator in

Struggling with getting filenames/extensions using Splunk?

I'm an analyst and have the following question: Does anyone know how you would make a query which will provide fil...

by New Member in

How can I invert my pie chart?

I'm trying to create a pie chart in trellis view such that it shows me the number of jobs that ended in terminal or c...

by Path Finder in

Splunk is not able to extract fields at search time.

I am facing a issue in Search time field extraction. Events are indexed in Key-Value form. My current configurati...

by Splunk Employee in

How to use wildcard inside string regex?

The log contains string in this format below. name:X_device:Y_ name-U:X1_Y2_ It has a mixed pattern, and I'm wo...

by Path Finder in

Key Value pair extraction with unique value

Hi, I need to extract unique values as per below sample data Its has unique format like [ parameter : mailboxNa...

by New Member in

Is there a way to use VLOOKUP function in Splunk?

Hello, Among all the jobs that are running on mainframe I need to bring back the ones that correspond specifically...

by New Member in

How can I incorporate the transaction command along with startswith and endswith?

So I saw someone did a query for Linux systems on failed sshd logins followed by a successful sshd login using the tr...

by Path Finder in

How can I extract ALL occurrences of a field from JSON file?

23.10.2017 14:01:23.745 INFO [10.87.80.251 [1508785283744] POST /apps/globallog HTTP/1.1] InfoLoggerServiceImpl {"id"...

by New Member in

Match IP address to IP range with a lookup

I have an index=logs that has an ip_address field like 5.9.100.100 I want to correlate it against a csv file that has...

by Explorer in

Help with timechart overlay?

Hi, I have a search that plots CPU and max Attendees over time. It's rather convoluted, and I'm wondering if there...

by Explorer in

Lookup command to both filter and append new fields

How do I use lookup command to filter events based on one of the fields but then just add the rest of the fields to t...

by Path Finder in

How can I set my count to '0' when no results are found in a table with the corresponding source?

Hi Folks, I want to produce a count of events in each of my indexes. Where there isn't any data for the time range...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Search syntax for comparing events over 30-day timespan

What is the most efficient way of filtering on two timestamps?

How to combine two field values from the same field?

Sort highest to lowest over time with timechart

How do I count the number of events based on the value of a field is *

Help with search to monitor a firewall

Timechart Not working after eval _time

Rebuilding index level .data files

sum of a field depending on values of other field

Using Rex Command to Extract Username from EventData_Xml Data

search on each lookup event

How can I define a total amount of a Pie Chart?

User last login date

Struggling with getting filenames/extensions using Splunk?

How can I invert my pie chart?

Splunk is not able to extract fields at search time.

How to use wildcard inside string regex?

Key Value pair extraction with unique value

Is there a way to use VLOOKUP function in Splunk?

How can I incorporate the transaction command along with startswith and endswith?

How can I extract ALL occurrences of a field from JSON file?

Match IP address to IP range with a lookup

Help with timechart overlay?

Lookup command to both filter and append new fields

How can I set my count to '0' when no results are found in a table with the corresponding source?

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Building Momentum: Splunk Developer Program at .conf25

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions