Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Can I write a search that contains the source of an event to identify the client that originated a proxy request? (With a common field)

Hello, I have a report that shows me network events - most of the events will have "source ip" coming from a prox...

by Path Finder in

Could you please anyone help me to write the time_format for bellow logs.

Hi Folks, could you please anyone help me to write the TIME_FORMAT , TIME_PREFIX and MAX_TIMESTAMP_LOOKAHEAD for b...

by Explorer in

Table command versus stats command for this search (for efficiency)?

My Query is as follows index=x source=y COMPLETED | stats values(process_key) as "Process Key", values(process_star...

by Explorer in

JSON Field Extraction names with curly brackets

Hello I'm currently searching over a collection of events that contains some JSON structure, when applying SPATH over...

by Explorer in

Compare two fields tables

I have one saved search which returns list of successful job runs e.g jobname A B C D I also have a lookup tab...

by Path Finder in

Combine a search and subsearch to create a table with all values

Hi guys, Quick question here: I have the following queries: Q1: Sub-Search for userID Q2: Main search, which pr...

by Explorer in

After using a JOIN i now have multiple lines, however this has affected my maths as before i have sumed up maths, now i have maths per line

Hi I use a JOIN and now i have multiple lines and not unique ones. It returned one line per unique Context+Command...

by Motivator in

Calculating a sum with conditions

Hi all! The case is that I want to calculate sum of purchase price of the applications where the application statu...

by Explorer in

how to sum consecutive success of sequential order of events fileds comes?

My fields contains " search | eval status=if(value>10,Success,failure) | table Name message status Name Message Statu...

by New Member in

Dynamic Search based on previous search output and if condition

Hello Splunk Community, Business requirements pushing my knowledge on Splunk so far... just wondering if Splunk qu...

by Path Finder in

Help with search to create a table

Hello folks, I am new to Splunk and need to get a report in CSV file or table. I like to see only URL and values of ...

by New Member in

Is it possible to use id and base in the same search in Simple XML?

Hello, Is there an available post-processing method to use a base search and produce a secondary search id? I'm pu...

by Explorer in

What is the best way to format _time when values become unreadable after transpose?

So I have to queries... First one gives me a normal time/date format which is human-readable i.e. (2017-10-05 15:2...

by Contributor in

Kind of inner join

Hello, Hopefully, you will understand what I mean...It was not clear how I could formulate a search to find some d...

by Explorer in

Convert a string with percentage sign to a number so it can be evaluated?

Hello, I have this query to alert me when percentage_q_full reaches greater than certain number eval alert=case...

by New Member in

Grouping by two fields, want to get distinct count of values in second field

Hi, I wrote the following Splunk query which returns a list of distinct USER_AGENTs for each SESSION_ID: index=...

by Path Finder in

join and compare the values in 2 different field which values are same from different

in my search contcxtid and sourceSession has the same vales but indexing in to different places how could i compare t...

by Path Finder in

What can be done when an indexer doesn't join the cluster?

We have a cluster of four nodes and one of them just crashed. We brought it up, but it hasn't joined the cluster. Rol...

by Ultra Champion in

Regex to filter security events does'nt work, need help

Hi Guys, We have UFs on our DCs and 2 indexers and on both indexers, to drop the unwanted text from events I t...

by Communicator in

How to list my splunk admin users list and last login details.

I have a about 250 Admin users and I would like to to know when was the last time each of them have logged in. Is the...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can I write a search that contains the source of an event to identify the client that originated a proxy request? (With a common field)

Could you please anyone help me to write the time_format for bellow logs.

Table command versus stats command for this search (for efficiency)?

JSON Field Extraction names with curly brackets

Compare two fields tables

Combine a search and subsearch to create a table with all values

After using a JOIN i now have multiple lines, however this has affected my maths as before i have sumed up maths, now i have maths per line

Calculating a sum with conditions

how to sum consecutive success of sequential order of events fileds comes?

Dynamic Search based on previous search output and if condition

Help with search to create a table

Is it possible to use id and base in the same search in Simple XML?

What is the best way to format _time when values become unreadable after transpose?

Kind of inner join

Convert a string with percentage sign to a number so it can be evaluated?

Grouping by two fields, want to get distinct count of values in second field

join and compare the values in 2 different field which values are same from different

What can be done when an indexer doesn't join the cluster?

Regex to filter security events does'nt work, need help

How to list my splunk admin users list and last login details.

Observability Highlights | January 2023 Newsletter

Security Highlights | January 2023 Newsletter

Platform Highlights | January 2023 Newsletter

How to reverse a real-time query to it's original ...

How to use MLTK to tune DNS Query Length Outliers ...

Federated Search Questions

Optimizing metrics based searches?

How to use fit command together with foreach?