Splunk Search

Ask a Question

Discussions

Thread Info

I want to use wildcard in eval min command as I have large number of fields and I want a separate column with min values from each row.

Like Field1 Field2 .... Min_Value 112 125 .... 112 .... eval Min_Value=min(Field*) but it is giving below error...

by Path Finder in

I want to use wildcard in eval min command as given below:

| eval MIN_VAL=min(FIELDS*) I getting below error, Error in 'eval' command: The expression is malformed. An un...

by Path Finder in

lookup and field extraction take hours to reflect in Splunk 7.0.0

In Splunk 7.0 lookup and field extraction doesn't reflect immediate on splunk, it requires restart to the Splunk or i...

by Engager in

How can I search and alert for recurring events?

I'm trying to write a search which can detect the occurrence of an event AFTER a previous event containing the same f...

by New Member in

Why do I get this error when I try to use my custom search command: "Search Factory: Unknown search command"

I installed my custom search command by following this guide: http://dev.splunk.com/view/python-sdk/SP-CAAAEU2 Bas...

by Builder in

How do I diff two CSVs?

all, I have two CSV and I want to just get the diff between then. Any idea how I tackle this? thanks, -Danie...

by Builder in

extract a string from source and table the list for the associated hosts.

I have many sources/logfiles in a host like this: /opt/ab/logs/abcd/apache/abcd-tcm.log /opt/xy/logs/xyzz/apache/...

by Contributor in

How can I subtract three values from Json?

Hi! I have a Json like this: {"LicenseNum":62, "Status":"Registered"} and the Status can differ from three types: Reg...

by New Member in

Error when using append and join-- Search Factory: Unknown search command 'index'.

Hi , Below are the two queries for which I am trying to join the output of the both queries but I am facing an iss...

by Path Finder in

Field alias or batch renaming with wildcard

So I have a JSON source that is creating array values but I am looking to get rid of a number of nested fields and ma...

by SplunkTrust in

Issue with extracting multifield values due to props.conf transform.conf settings

Hi Experts, I am trying to extract something like below type=type1,type3 My Data event1.epochtime=1282182111 ...

by Builder in

How can I calculate field value percentages for multiple data sets?

For the purpose of this question, a given event contains the following fields: vulnerability name, data center, ip ad...

by New Member in

Visualization of the count of users' event counts

This is probably a simple answer, but I'm pretty new to splunk and my googling hasn't led me to an answer. So I'm try...

by Communicator in

Is there a way to display matching results based on an inputlook?

I have a lookup file of jobs that I must report on. I need to know if the jobs ran then alert if the job didn't run. ...

by Path Finder in

Why is external_lookup.py not working?

Hi, I have a search that suddenly stopped working. It does an dns lookup using a lookup file. The errors are below...

by Champion in

How can i find a full list of Users using IP address

Hi I have the below command that i think works 95% of the time. index=_internal sourcetype=splunkd_ui_access |...

by Influencer in

Can anyone tell me why Splunk is throwing this error when using the foreach command?

| foreach V* [eval PAC<<MATCHSTR>>=<<FIELD>>-Voice], | foreach PAC* [eval <<FIELD>>=if(<<FIELD>> < 0, -<<FIELD>>, 0)...

by Path Finder in

I need a way to make a lookup conditional

I have two lookup tables. Both contain a set of userid's. The first lookup returns a name and department for 80% of ...

by New Member in

How do I return fields that do not have a corresponding value in another field?

I am running the following search: index="malwarebytes" sourcetype=malwarebytes NOT threat_name=pu* | lookup ip_c...

by Influencer in

How can I do a sum of count for if statement?

When I do a stats count by a specific column. The count for each of them work. Here is the picture: But wh...

by Contributor in

Quest ChangeAuditor

Hi, I am wondering if anyone have already user Splunk for Quest ChangeAuditor, I know by searching through google tha...

by Explorer in

Extract Text from logs

Below is my log, CustomItemContainerGenerator.GenerateNextLocalContainer: Node is not the current one. in Xceed.Wp...

by Path Finder in

Adding Python Module to Splunk

Hello, I am trying to add the active_directory module to Splunk Python so I can query OU's for specific users to p...

by Communicator in

How to subtract Field value on the basis of other rows with same ID

As per the below screenshot, If User made one request then in that request we have two calls (mentioned below), Every...

by New Member in

How to compare all time average of a field value vs average for specified time range

Trying to combine in a single table the all time average of a field value (data feed start is 10/19) vs its average f...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

I want to use wildcard in eval min command as I have large number of fields and I want a separate column with min values from each row.

I want to use wildcard in eval min command as given below:

lookup and field extraction take hours to reflect in Splunk 7.0.0

How can I search and alert for recurring events?

Why do I get this error when I try to use my custom search command: "Search Factory: Unknown search command"

How do I diff two CSVs?

extract a string from source and table the list for the associated hosts.

How can I subtract three values from Json?

Error when using append and join-- Search Factory: Unknown search command 'index'.

Field alias or batch renaming with wildcard

Issue with extracting multifield values due to props.conf transform.conf settings

How can I calculate field value percentages for multiple data sets?

Visualization of the count of users' event counts

Is there a way to display matching results based on an inputlook?

Why is external_lookup.py not working?

How can i find a full list of Users using IP address

Can anyone tell me why Splunk is throwing this error when using the foreach command?

I need a way to make a lookup conditional

How do I return fields that do not have a corresponding value in another field?

How can I do a sum of count for if statement?

Quest ChangeAuditor

Extract Text from logs

Adding Python Module to Splunk

How to subtract Field value on the basis of other rows with same ID

How to compare all time average of a field value vs average for specified time range

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions