Splunk Search

Discussions

Thread Info

how to combine two columns values based

Hi, I have a table like below Name Percentage1 Percentage2 T1 25 T1 56 T2 34 T2 59 And I need a result like bel...

by New Member in

How to run the main search only if the subsearch returns true?

I have to run the Main search only on the last working day of the month, and I got to a search that should work, but ...

by New Member in

How to join two searches with no common field?

I have two searches search 1 -> index=myIndex sourcetype=st1 field_1=* search 2 -> index=myIndex sourcetype=st2 ...

by Contributor in

timechart per_second working.

Hi, I found a query I could not understand: | eval foo=1 | timechart per_second(foo) as "Bytes per second" Why...

by Path Finder in

Splunk query.

I would like to count the number of times a Server went down, based on up/down state field. State field receives up o...

by Explorer in

extract date time from log entries

I have the following log structure from which I want to index date time properly. INFO :20170503:11.21.54.48:XY...

by Explorer in

Display the "others" or the rest after showing top results

I have this search to show top 5 values: search... | fields ALARM | stats count by ALARM | sort limit=5 -count ...

by Communicator in

Setting a default action for alert in splunk

HI, Is there anyway in splunk to set the "email" as default trigger action for an alert.

by Path Finder in

Cannot find any featureID in Geospatial Visualization.

Hi Splunkers, I tried the new feature, Geospatial Visualization in Splunk V6.3 as "Option 1" posted on splunk blog...

by Contributor in

lookup table does not exist

I am getting error as "Lookup table does not exist. It is referenced by configuration", but i have the lookup on the ...

by Contributor in

How to prevent "max concurrent searches reached" messages on the distributed management console?

I've configured a dev Splunk 6.4 env, and noticed that my Distributed Management Console is getting "max concurrent s...

by Champion in

How to achieve vlookup in Splunk

Hi, Kindly help me with the search query for my scenario. I have a lookup table A and a search B with common field...

by Engager in

How to edit my search to use transaction command to exclude values?

Hi, I have the following search that returns 10,552 events over a given period of time: index=oracle (INSTANCE_NAM...

by Engager in

Counting from log based on email add for successful logins / incorrect password

The following are sample logs for successful login and incorrect password attempts based on email address: May 2 0...

by New Member in

Log filtering based on field value change.

I have two kinds of logs sourcetype = abc IP = a.b.c.d status=active sourcetype = abc IP = a.b.c.e status=active ...

by Explorer in

How to get the latest record of each month for each specific column?

Dear guys, I'm very new in Splunk and I got some work task which still have no idea about the solution. Please kindly...

by Explorer in

Extracting host from host segment doesn't work

Hi : I have a monitoring stanza which splunk process is monitoring logs from: /var/log/hosts//Tue/-2017050209 ...

by Explorer in

Pick up the first occurrence of a word

I want to pick only the first occurrence of word . index = index1 ERROR Event Result 2017-04-29T18:29:27.24...

by New Member in

Using field in lookup table to get field in second lookup table

Hi All, I'm new to Splunk and I'm trying to mess around with a few lookup tables that I imported. I have two, let'...

by New Member in

run new search based on row-value and get the results in a new column

I have the following table of results |trkid | values | |123 | a | |124 | b | |125 | d | But i need based on th...

by Engager in

Generate list of all Fields in a Search?

I would like to export a list of the fieldnames in any given search. How could I do this?

by SplunkTrust in

how to get count of events for each 30 min

Hi, index=_internal |timechart span=30m count --- Im using this query looking for last 4hr data. 2017-05-02 15...

by Explorer in

How to sort and group data by day and ID?

I would like to display the events as the following: where it is grouped and sorted by day, and sorted by ...

by Communicator in

How to use rex field as subsearch input value

My main search will extract a rex field. I want to use this rex field value as a search input in my subsearch so that...

by Explorer in

Retrieve names of all fields

Im trying to write a search where I can search for the names of the fields, so basically the search would return the ...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

how to combine two columns values based

How to run the main search only if the subsearch returns true?

How to join two searches with no common field?

timechart per_second working.

Splunk query.

extract date time from log entries

Display the "others" or the rest after showing top results

Setting a default action for alert in splunk

Cannot find any featureID in Geospatial Visualization.

lookup table does not exist

How to prevent "max concurrent searches reached" messages on the distributed management console?

How to achieve vlookup in Splunk

How to edit my search to use transaction command to exclude values?

Counting from log based on email add for successful logins / incorrect password

Log filtering based on field value change.

How to get the latest record of each month for each specific column?

Extracting host from host segment doesn't work

Pick up the first occurrence of a word

Using field in lookup table to get field in second lookup table

run new search based on row-value and get the results in a new column

Generate list of all Fields in a Search?

how to get count of events for each 30 min

How to sort and group data by day and ID?

How to use rex field as subsearch input value

Retrieve names of all fields

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions