Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to save practice data into the Splunk Enterprise as a student?

Hello Spluksters, I installed the Splunk enterprise. I am also reading the free Splunk e-book. Chapter 2 talks of ...

by Explorer in

Regex not accepted when searching

Hi guys, I am trying to get a regex to just match if a process has been run from the C drive, root folder. I tr...

by Explorer in

Convert field values (e.g 15/12) to date format understandable to SPLUNK , and then check if the date is older than 5 working.

I have field with values such as "06/12", "13/01", "20/05" i/e human readable dd/mm. I dont know weather splunk under...

by New Member in

Insert "%" symbol to a number without converting it to string

Hi, Is it possible to add a "%" character/symbol to a number without converting it to a string? I tried to use ...

by Path Finder in

Drilldown query doesn't start automatically

I'm fairly new at this, but I have done a LOT of Googling before asking here...  I have a dashboard that has single-...

by Engager in

How to count the number of columns in a file

Hi, I'm trying to do a comparison, wherein I want to verify that the number of columns in file X matches the numbe...

by Path Finder in

How to calculate percentage deviation

Hi, I have logs which looks similar to the sample data attached. In my current scenario I have 30 days hourly data...

by Contributor in

How to count rows that have non-zero values

Hi, I'm trying to count the number of rows in a field that have a non-zero value. I've used replace to do that, bu...

by Path Finder in

lookup with _row

Can I use _row when matching with lookup? It seems to me that it can not be done. Can you give me some hints?

by Communicator in

How do I merge lookup table and index results?

Hi. To start with, I have a lookup table like so. keyValue.csv date key value 01/01/2017 EE Enterprise Edition 01/03/...

by Path Finder in

How can I create a ranking based on a count per week by a field

I am looking to do the following: 1) Create a table based on a count of blocks by week number and zone I have t...

by Influencer in

Merge 2 queries based on month

One query give me data as Month Closed-Issues Jan 100 Feb 110 Mar 105 Second Query Give me data as Month New-Is...

by Path Finder in

Setting up visual for Disk Space or Free Disk Space/Radial Gauge for Disk Space

Hi, This task was harder than i think or i do not know what i am doing(most likely).Basically i want to put up a n...

by Contributor in

Search for fields that match a value versus fields that contain a value

I'm going to go mad trying to get splunk to return only field values that are a given value and don't start or contai...

by Explorer in

Condition value NOT equal to....whatever

Hi, I have this XML code. What I'm trying to do is when the value = *, run a separate query and when the value is ...

by Motivator in

Field Extraction With Backslash

I am attempting to extract a user field from a log file using the following regex: (?=[^v]*(?:virtual address: |v....

by Engager in

Drilldown - pass the earliest and latest from a timechart

Hi everyone, Im having a problem passing the earliest and latest from a timechart. On the main graph, im showing a...

by Path Finder in

Can I use foreach to measure the time taken between creating a ticket and a specific action/update?

Hi, I am looking at IT ticket logging data & trying to create compliance measures between different updates being ...

by Explorer in

How to get a substr from a fields name

Hi everyone, I want to deliver 2 fields with 1 parameter to a destination panel. I deliver the string JNL_, the f...

by Path Finder in

Its showing nothing in Splunk logs window for any kind of search

Ok so I ran command splunk clean eventdata And now my Splunk is not working as earlier. I am able to ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to save practice data into the Splunk Enterprise as a student?

Regex not accepted when searching

Convert field values (e.g 15/12) to date format understandable to SPLUNK , and then check if the date is older than 5 working.

Insert "%" symbol to a number without converting it to string

Drilldown query doesn't start automatically

How to count the number of columns in a file

How to calculate percentage deviation

How to count rows that have non-zero values

lookup with _row

How do I merge lookup table and index results?

How can I create a ranking based on a count per week by a field

Merge 2 queries based on month

Setting up visual for Disk Space or Free Disk Space/Radial Gauge for Disk Space

Search for fields that match a value versus fields that contain a value

Condition value NOT equal to....whatever

Field Extraction With Backslash

Drilldown - pass the earliest and latest from a timechart

Can I use foreach to measure the time taken between creating a ticket and a specific action/update?

How to get a substr from a fields name

Its showing nothing in Splunk logs window for any kind of search

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Streamline Data Ingestion With Deployment Server Essentials

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

Eval function as result of IF statement

AD servers with indexing delays when evt_resolve_a...

Using comparison function within mstats

splunk search statement using keyword from input b...

Ex Cisco - run a report for all DFS users who logg...