Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
Stevelim

Merging two sets of multivalue data in an order without regex

I have base search that was able to get me to this form in Splunk: Name Value A ...
by Stevelim Communicator in Splunk Search 09-18-2017
0 3
0
3
known_user

chain 2 search queries and get the earliest and latest of different fields

search string1 - [ field1 ] search string2 [ field1 field2] search string3 [ field1 field2] I want the results of se...
by known_user Engager in Splunk Search 09-17-2017
0 2
0
2
bulu

How do I use the username in events returned in a search of Index "A" to look up the user in index "B" and only return the events where the user in event from index "A" exists in index "B"

This part of my query gets me on the street I want to be on for this report index="A" | rex mode=sed field=User_Ful...
by bulu New Member in Splunk Search 09-17-2017
0 3
0
3
jcspigler2010

How to query _TCP_ROUTING key value?

Hello all Is there a way you can query event's _TCP_ROUTING key value in a search? I would assume you should be abl...
by jcspigler2010 Path Finder in Splunk Search 09-16-2017
0 9
0
9
sohaibomar

Using variable "total_dataconsumed" how do I find biggest gainer/loser (per 24-hour period)

I have event data in below format: Sep 15 2017 07:06:07 app=yahoo dataconsumed=50 Sep 15 2017 08:16:07 ap...
by sohaibomar Explorer in Splunk Search 09-16-2017
0 4
0
4
hsingams2

How can I turn this JSON event into a table with various fields?

Hello, a beginner question. I've a search query that produces a single JSON event such as this: {<!-- --> Error/type/0 : typ...
by hsingams2 Explorer in Splunk Search 09-15-2017
0 4
0
4
Nidheesh

Splunk - join two search queries having common field

Hi, I need to join two splunk search queries based on a common field (JoinId). All I would like to have at the out...
by Nidheesh Explorer in Splunk Search 09-15-2017
0 3
0
3
mperrenoud

Why does subsearch throw an exception?

I'm trying to produce a subsearch based off of a rex field. The goal of this search is to find every Deserialization ...
by mperrenoud Engager in Splunk Search 09-15-2017
0 4
0
4
jacqu3sy

How can I use a combination of an IF statement along with AND?

Hi, How can I use a combination of an IF statement along with AND. I'm looking to run a count whereby IF the _hour ...
by jacqu3sy Path Finder in Splunk Search 09-15-2017
0 10
0
10
knarayana

How to dynamically create a custom x-axis label in a search?

how can we give a custom dynamic value for x-axis in the search? i know we can change it manually in the format tab ...
by knarayana New Member in Splunk Search 09-15-2017
0 10
0
10
chintan_shah

Setting up a search head and indexer on existing machine

Hi All, Currently I have a single instance which acts as indexers as well as search head. But i am planning to inclu...
by chintan_shah Path Finder in Splunk Search 09-15-2017
0 7
0
7
SJanasek

Why does my drop-down say "Duplicate values causing conflict" when there are no duplicate values?

I am trying to output the CUSTOMER_NAME via a csv lookup. my lookup file (lookup_test.csv) looks like that: CUSTOMER...
by SJanasek Path Finder in Splunk Search 09-15-2017
1 13
1
13
johnca00

How to extract a string in a CSV where the field position can have multiple different values?

Hello - I'm trying to extract a field from a CSV. The problem is the 9th position can have several different values....
by johnca00 New Member in Splunk Search 09-15-2017
0 4
0
4
Nick_Hippe

How to edit my chart to show weekly baseline of average and compare it to the daily average?

Hi all. I'm creating a dashboard for one of our systems, and am trying to create a chart that will show the previous ...
by Nick_Hippe New Member in Splunk Search 09-15-2017
0 2
0
2
mseguri

Get metadata results as search events to associate an alert to hosts with older recentTime

I need to obtain | metadata generated results as search events because I need to associate an alert to hosts with a t...
by mseguri New Member in Splunk Search 09-15-2017
0 9
0
9
christopheryu

How can I create a column that counts how many Field Bs there are per Field A?

Have this: search... | stats values(interfaces) AS Interfaces by circuit Thank you in advance!
by christopheryu Communicator in Splunk Search 09-15-2017
0 2
0
2
tlmayes

Help with inputlookup and table

I have a lookup table that has several columns as follows, with no data in the "Manager" column: I have an index t...
by tlmayes Contributor in Splunk Search 09-15-2017
0 4
0
4
Skins

Trouble getting syslog_ng to work on a standalone Splunk instance

Ive install syslog-ng on a standalone splunk instance but cannot get it running - ive looked at the following guide :...
by Skins Path Finder in Splunk Search 09-15-2017
0 3
0
3
pfabrizi

Looking for thoughts on using lookup tables when data is indexed

I know I can create lookup tables and use them during a search. We would like to apply that same process to fields as...
by pfabrizi Path Finder in Splunk Search 09-15-2017
0 7
0
7
danapsimer

Why doesn't rex sed work with this expression: s/&#61;[^&]*//g

I have used rex to extract a URL from log message. I then want to eliminate the parameter values so I can build stat...
by danapsimer New Member in Splunk Search 09-15-2017
0 2
0
2
gcusello

Different results in iplocation after migrating apps and indexes to new infrastructure

Hi at all, I have a strange behaviour in ip location: I'm migrating some apps and indexes from an old infrastructure...
by SplunkTrust SplunkTrust in Splunk Search 09-15-2017
0 2
0
2
AlexeyPy

How to index a field where identical values have different values for ID?

How to index the same field "A" different values for the unique ID? A set of field "A" values is finite and for each ...
by AlexeyPy Engager in Splunk Search 09-15-2017
0 3
0
3
mjones414

Multi-conditional summation of time

Sample Data: 09/12/2017 23:58:35;E;957690.hostname user&#61;NameHere group&#61;GroupHere project&#61;_pbs_project_default jobname...
by mjones414 Contributor in Splunk Search 09-14-2017
0 2
0
2
pavanae

how to use metadata to find the last reporting time of a list of hosts from a lookuptable without getting the "Metadata results may be incomplete: 100000 entries have been received from all peers" Warning

The following is my query | metadata type&#61;hosts | search [| inputlookup hostnames.csv | rename my_hostname as host ...
by pavanae Builder in Splunk Search 09-14-2017
0 5
0
5
pavanae

How do I resolve a warning about incomplete metadata results (after 100000&#43; entries)?

How to resolve the warning "Metadata results may be incomplete: 100000 entries have been received from all peers , an...
by pavanae Builder in Splunk Search 09-14-2017
1 4
1
4
Top Labels
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...