Splunk Search

Discussions

Thread Info

I would like to make custom_fields a table column.

We have imported Json data with the following custom_fields. { "id": 100, "custom_fields": [{ "id": 1, "name": "Da...

by Explorer in

How do I modify my search to get the stats count by a field in lookup?

I have a lookup file "hosts.csv" as below with multiple fields **category** **my_hostname** .. ... ... A ...

by Builder in

Compare data in different souretypes with no common field

I am having below situation I am having 2 different sourcetypes "logs" and "range". logs contains log events ...

by Explorer in

Why is my _indextime earlier than my event time?

I have a number of events, received from bluecoat proxies, in which the _indextime field is earlier than the _time fi...

by New Member in

How can I use regex to match only certain parts of a field string value?

I am using a CSV lookup table (MyCSVTable) which contains a list of 10 digit numbers (examples: 2345678900, 213456789...

by Explorer in

run command , while splunk is a container

Dear Splunkers, I am beginner in splunk administration, for that I am struggling to run command on commandline , sinc...

by Explorer in

Is the iplocation command compatible with the commercial version of MAXMIND mmdb?

I am evaluating the commercial version of MAXMIND city DB(mmdb) and would like to replace it with the free version th...

by Path Finder in

Performance suggestions for indexing cluster and search cluster.

We will be deploying a search head cluster to go along with out 10 indexer cluster. As it stands now these indexers a...

by Builder in

How to use stats range(_time) and pass the results to timechart

I have data where every line has a timestamp and a correlationID. I can find the time elapsed for each correlation ID...

by New Member in

Converting an encoded IP address to dotted decimal

I've got a log that includes an obfuscated IP address. The source takes dotted decimal, reverses the order of the oct...

by Communicator in

How can I combine 2 searches consisting of inputlookup and outputlookups?

how can i combine queries to populate a lookup table? I have a lookup table with the following values item 1 2 3 i...

by Engager in

Why do I get error message "Unknown search command" for my custom search command?

Hello All, I am using Splunk Enterprise 6.6.3 on Windows 10 and trying to get a custom search to work. I've follow...

by Motivator in

How to group my search results with respect to response time ranges?

here is the situation: I have two fields 1. Response time that needs grouping like this (Low=0-1.2, Medium=1.2-1.5, ...

by New Member in

Looking for a search that will provide the duration of time a VPN user was seen online

The search should provide the time period in which the user was logged through VPN and possibly when the IP lease is ...

by Path Finder in

Merge two search results in one row

I have the below events and I want to merge the search results: 20171222.103330 Fr I - 0 Fn=makeRequest Endpoint=h...

by Explorer in

Need help with field-extractions on these events

by New Member in

Using eval to create date in epoch time

I need to create a field today that is equal to the epoch timestamp in milliseconds for midnight yesterday. I've been...

by Path Finder in

How to add delay between two commands in search

Hi, How can I add delay between two commands in Splunk. I have a scenario, 1) where I will append the search results ...

by Contributor in

Unable to extract fields from source

I have props.conf defined as- [source::C:\Web\...\...\Web\log\mobile.log] EXTRACT-Customer,Country = C:\\\Web\\\(?...

by Explorer in

I am trying to query all data that belong to the same "Segment" across 3 different sources

I am attempting to perform a count/eval of the TransactionStatus=success across the following 3 sources for each Segm...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

I would like to make custom_fields a table column.

How do I modify my search to get the stats count by a field in lookup?

Compare data in different souretypes with no common field

Why is my _indextime earlier than my event time?

How can I use regex to match only certain parts of a field string value?

run command , while splunk is a container

Is the iplocation command compatible with the commercial version of MAXMIND mmdb?

Performance suggestions for indexing cluster and search cluster.

How to use stats range(_time) and pass the results to timechart

Converting an encoded IP address to dotted decimal

How can I combine 2 searches consisting of inputlookup and outputlookups?

Why do I get error message "Unknown search command" for my custom search command?

How to group my search results with respect to response time ranges?

Looking for a search that will provide the duration of time a VPN user was seen online

Merge two search results in one row

Need help with field-extractions on these events

Using eval to create date in epoch time

How to add delay between two commands in search

Unable to extract fields from source

I am trying to query all data that belong to the same "Segment" across 3 different sources

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Will Splunk searches using lookup get affected if ...

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...