Splunk Search

Discussions

Thread Info

When I Compare a field that has dates, the results brings dates out of the comparison

I'm trying to filter a field when date is greater than 07/05/2017 The date fild format is as follows : DD-MMM-YY E...

by New Member in

How to sum field values with a dependancy on another field?

My data has a IP field and a number of bytes used by that field. I send data every 5 mins and most of the IPs remain ...

by Explorer in

mvzip json array of values in one event

[ { "sym":"ee", "code":2E1, }, { "sym":"ie", "code":2E2, } ] I have a f...

by Path Finder in

How to generate a search that

I am looking for Unique users on my Splunk search head cluster like : like compare the users change percentage wit...

by Path Finder in

Combine two searches left outer style

Hello I have an index which gets data of manual IT system scans with the following structure (simplified for examp...

by Builder in

Lookup multiple values

So I'm doing a lookup for multiple values, so similar to the following: ...| lookup entity OUTPUT x as XX y as YY ...

by Path Finder in

How to fit a subsearch in the middle of a search query

Hi everyone. How do I format this subsearch to work in my search query? I'm still fairly new to splunk | inputlook...

by Path Finder in

Grouping Events by Both Time and Customer

Hi all, Want to alert when a customer's usage suddenly drops. Tried breaking recent usage into two time periods...

by Engager in

Timezone query to modify _time field if the user's timezone is not UTC.

I have a dropdown in my dashboard where I provide static label and value for 4 timezones as of now(UTC,ET,PST,CT) (Wh...

by Explorer in

Translate Windows security descriptor to readable format

Im working on using Splunk for Windows auditing. In events 4670, 4656 and 4663 one (or more) security descriptors are...

by Observer in

Perform another search from the search result

Hi Splunk Gurus, I am not sure what is the term to use about my question, so I will explain it so everyone will un...

by Explorer in

Finding max of a count up to each hour of the day

I am wrestling with a query around getting a max value of a count per hour up to each. I will explain with an example...

by Explorer in

How to write a basic SPLUNK query which returns value A, B, C & D.

Can you please help me on how to write a basic SPLUNK query which returns value A, B, C & D. here are the sample X...

by New Member in

Connection time delta of a replication session, filter source and destination by connection id

Hi! I would like to create a chart for connection time delta of a replication session, filter source and destination ...

by Explorer in

How to use Stats command ?

Hi Splunker, I have a logs which has Defect ID ,Actual Fix Time Taken,Detected By,Priority. I would like to ca...

by Explorer in

Ho to get search input from csv file

I am having a csv file which contains some production server jobs name to monitor. I want to give those jobs listed i...

by Contributor in

How can I take the results from a search and generate a second search from those results?

Hi all, I have a search that looks for ICID's (injection connection ID) found in incoming SPAM email events. Somet...

by Engager in

Calclute Avg of max values for a given period

Hi everyone, please help me in below task , appreciate your time and effort Use case : in below table for example we...

by New Member in

Compare search fields to add another field if they match

So at the moment I have a simple search index=index sourcetype="sourcetype" host1 OR host2 | table hour day mont...

by New Member in

Rex Not Extracting All Data

HI, I wonder whether someone could help me please. I'm trying to extract the first name from the data as shown ...

by Motivator in

Getting average of variable name fields

Hi! ... | streamstats count as SESSION by PATIENT_ID PROGRAM_NAME | chart values(AVG_RT) over SESSION by PROGRAM_N...

by Path Finder in

Storing a REGEX filed into a DataModel

Hi All I am looking for the best approach to an issues i have. I have multiple files that start with the follow...

by Influencer in

How to add event duration time for multiple events into one row?

Hello, I'm trying to find the correct syntax to get the total time a device was in an alert status. The events ha...

by New Member in

Working with Lookup

I am having below requirements to be merged to create a dashboard/Report. Need to append my search result to the l...

by Contributor in

i have a results which has order status across many system. i want to group by order status with system in bar graph

status1 status2 status3 status4 status5 complete failed complete complete failed cancelled inprogress failed success ...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

When I Compare a field that has dates, the results brings dates out of the comparison

How to sum field values with a dependancy on another field?

mvzip json array of values in one event

How to generate a search that

Combine two searches left outer style

Lookup multiple values

How to fit a subsearch in the middle of a search query

Grouping Events by Both Time and Customer

Timezone query to modify _time field if the user's timezone is not UTC.

Translate Windows security descriptor to readable format

Perform another search from the search result

Finding max of a count up to each hour of the day

How to write a basic SPLUNK query which returns value A, B, C & D.

Connection time delta of a replication session, filter source and destination by connection id

How to use Stats command ?

Ho to get search input from csv file

How can I take the results from a search and generate a second search from those results?

Calclute Avg of max values for a given period

Compare search fields to add another field if they match

Rex Not Extracting All Data

Getting average of variable name fields

Storing a REGEX filed into a DataModel

How to add event duration time for multiple events into one row?

Working with Lookup

i have a results which has order status across many system. i want to group by order status with system in bar graph

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

Video | Tom’s Smartness Journey Continues

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...