Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Long label text in charts

Hi all, I've tried to find a solution with other questions, and the main thing about I found is SideViews, but all...

by Contributor in

Nested Search Query on across multiple files

Hi, I am trying to do a nested search. in Log A, I want to get all the users who has accessed "X". So my search qu...

by Explorer in

Fixed-width field extraction but removing trailing spaces

I am currently defining some sourcetypes for some db2 SMF logs (oh joy). Luckily, the fields are well defined and are...

by Builder in

Lookup CSV location

Hi, I would like to ask if the CSV file that is being referenced to in the search command can be from any director...

by Explorer in

with the same search conditions, I cannot make eval if function to return true...

For some use case, I need to make a new true/false field. Below condition returns 11 events in my data sample: | f...

by Path Finder in

Drilldown with $click$ values not working

I have a dashboard where I display a list of wines. I want to be able to incrementally add the wine name to a search ...

by SplunkTrust in

Different results for error "specified span would result in too many (>50000) rows" based on time range

I am trying to run the below to get the avg/max number of hits per second each day. I have tried this multiple times ...

by New Member in

Problem while joining

Hi everyone Need your kind help. I have 50+ fields under index='abc' i want to join the same with a lookup w...

by Path Finder in

How to extract logs by rex ?

How to extract logs by rex ? "TranStartTime":"2017-05-08T02:40:58.856-04:00", "TranEndTime":"2017-05-08T02:40:58.902-...

by Contributor in

Show individual counts for each item in a multivalue field in a single stats row

I am trying to get a count for individual items in a multivalue field. Here's my current search: | stats count(_ti...

by Explorer in

format output of a string in a particular format?

I have a search query that returns numbers like 170503007 and 170504021 as outputs. Need to format them as 2017/05/03...

by New Member in

using stats function to return latest value but need associated timestamp of that value

stats latest(sequence)returns the latest sequence number but I need to display the associated timestamp when the sequ...

by New Member in

How to perform Behavioral Analysis/Cross-data correlation on Logs

Hi, We are trying to perform analysis on logs to determine whether there is an significant relationship between th...

by Explorer in

transaction to group events based on machine on and off time. cisco ASA

Basically, I need to group my 2 events (built and teardown) in cisco ASA format by 2 fields (event,duration) the even...

by New Member in

Want to make a button to link to a URL!

I want to make a button to link to a URL. Looking at the Answer, I found it.May be I can do it by using java. But I w...

by Communicator in

Filter the output results based on custom date range

I want to filter the output based on the below time format, I want keep only results until 12am not after 12am. O...

by Communicator in

How to pass a search to a macro for emailing purposes?

HI All, I'm utilizing a search that we run throughout the day which looks for a specific service shutdown on all m...

by New Member in

How to combine my 2 searches to list all source and destination IPs based on same destination port?

I'm trying to get my current 2 searches into 1. I am trying to get a list of all source and destination ip's based on...

by Path Finder in

How to check if an event runs once a day

I have a job that runs and deletes data from a data base. After it deletes the data it outputs which days it deleted ...

by Communicator in

Search: timechart percent error by host

I'm looking to timehart errors (I'm using the count of the field 'level' for errors) by host. Since my some of my hos...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Long label text in charts

Nested Search Query on across multiple files

Fixed-width field extraction but removing trailing spaces

Lookup CSV location

with the same search conditions, I cannot make eval if function to return true...

Drilldown with $click$ values not working

Different results for error "specified span would result in too many (>50000) rows" based on time range

Problem while joining

How to extract logs by rex ?

Show individual counts for each item in a multivalue field in a single stats row

format output of a string in a particular format?

using stats function to return latest value but need associated timestamp of that value

How to perform Behavioral Analysis/Cross-data correlation on Logs

transaction to group events based on machine on and off time. cisco ASA

Want to make a button to link to a URL!

Filter the output results based on custom date range

How to pass a search to a macro for emailing purposes?

How to combine my 2 searches to list all source and destination IPs based on same destination port?

How to check if an event runs once a day

Search: timechart percent error by host

New Cloud Intrusion Detection System Add-on for Splunk

Happy CX Day to our Community Superheroes!

Check out This Month’s Brand new Splunk Lantern Articles

How to use the splunk ldapsearch app to list all u...

Could someone assist on converting Azure Sentinel ...

How to get pie chart average value in three slices...

[Solution] Dashboard global_time token value not s...

Why the error "sh: /opt/container_artifact/splunk-...