Splunk Search

Discussions

Thread Info

Using LOOKUP to insert a Regex string - is it possible?

I want to insert a different regex string into my query for each host. I am thinking that a way to achieve this is by...

by Explorer in

Outer query should display the results based on the inner query count

i want to display the events based on subquery's count(say Mycount) . please help me with search query. index=abc ...

by Communicator in

How to use sum() for the $ values?

Hi I have a csv file with $6.00, $6.11,etc as values. How can user sum() for these values?

by Builder in

How to edit my search to find Fortinet Internet Browsing Time by User per Day?

We have Fortinet FSSO in place and we have syslogs coming into Splunk. I need a way to report how much time users are...

by Explorer in

Only show null values from timechart values(source)

Hello guys, could you tell me how to only show null cells from this kind of table, for alerting purpose? Search...

by Motivator in

How to convert Local time to XML time format?

Hi How to convert EVENT_LOCAL_TIME="2017-04-06 15:49:29.0" this time into XML time format?

by Builder in

How do you track down inefficient field extractions?

Just had to support a user with field extraction issues. While working on it, I noticed the report was still taking a...

by Influencer in

how to create line chart with multiple fields like timeline?

hello, i have this raw table: 1 2 3 4 5 6 7 8 9 10 0 0 0 0 0 0 0 0 ...

by Explorer in

+ fields command + question/observation on case sensititvity

... | fields + _time *GOUa* this will give me my _time column on the left with other columns on the right matching th...

by Motivator in

Eventtype or macros - Need Suggestion

Hi Everyone, I need a suggestion to build the Splunk app or query . The situation is I had list of cities...

by Engager in

Data Enrichment from lookup with column header containing spaces

Is it possible to use a csv file in a lookup specifically for data enrichment whereby the column header contains spac...

by Path Finder in

How to configure LINE_BREAKER regex in props.conf?

I have a data source that looks like this: I0908 09:35:18.395637 3109 vdisk_micro_migrate_egroup_op.cc:1075] ... I...

by Path Finder in

I have to subtract between 2 alternate rows. Like Row2-1,Row 4-3 . Not the difference between the consecutive rows. I used "Diff" but it gives diff b/w each row. Please suggest.

TXName Period Value diffValue tx1 Period 1 25 tx1 Period 2 14 -11 tx2 Period 1 12 tx2 Period 2 20 8 I need to calc...

by Engager in

I have to find difference between alternate rows for a field like Row 2-1, Row 4-3. Not difference between all the consecutive rows. I used "diff" but it gives me difference between all the rows. Please suggest.

TXName Period Value diffValue tx1 Period 1 25 tx1 Period 2 14 -11 tx2 Period 1 12 tx2 Period 2 20 8

by Engager in

How to break events as Every Line

Hi All, What's the appropriate regex for event break Every Line? Is my props.conf correct? [index_name] LINE_BR...

by Communicator in

Compare two field values and get matching third value from table

Hello, i'm trying to do a search and then compare my result with a table from a .csv file (contains a table with i...

by Communicator in

Count number of App IDs from log file

The appId length can vary at any given time..it can be 1 or X length log files Log1 appId=1231 appId=12355 ...

by New Member in

Move the Splunk from one server to another server

What is the steps to move the Splunk, including the search and indexes from serverA to serverB? thks

by Communicator in

Real time search with python sdk and | stats

Hi guys, i think i'm missing something. I'm try to make a real time search with python sdk; after connection if i run...

by Communicator in

How to convert multivalue fields with corresponding value in another field to column-value pair?

Hi All, We have recently configured the Splunk Add-on for Microsoft Cloud Services to pull o365 logs into Splunk. ...

by Explorer in

stats vs timechart

i am getting two different outputs while using stats count( 1hr time interval) and timechart count span=1h. I was usi...

by New Member in

Make map command process values in series

Hi all! How can I make map command process all the list of submitted to its input values(thousands), not just the ...

by Builder in

pass case statement result to search string

I have tokens coming from drilldown index="test" | eval res_time = case( "PRIORITY CODE" == "1" ,"Resolution Time <=1...

by Communicator in

How to extract user and source ip from Cisco Syslog message?

X_wan-network` sourcetype=wan_syslog EventType=local6.warning "Login" | rex field=_raw “(?\w+;(?\w+)” | table _time,h...

by New Member in

query to find the last 5 searches ran by user

hi, Is there any query to find out last five queries ran by a user. We can do it by using history command.

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Using LOOKUP to insert a Regex string - is it possible?

Outer query should display the results based on the inner query count

How to use sum() for the $ values?

How to edit my search to find Fortinet Internet Browsing Time by User per Day?

Only show null values from timechart values(source)

How to convert Local time to XML time format?

How do you track down inefficient field extractions?

how to create line chart with multiple fields like timeline?

+ fields command + question/observation on case sensititvity

Eventtype or macros - Need Suggestion

Data Enrichment from lookup with column header containing spaces

How to configure LINE_BREAKER regex in props.conf?

I have to subtract between 2 alternate rows. Like Row2-1,Row 4-3 . Not the difference between the consecutive rows. I used "Diff" but it gives diff b/w each row. Please suggest.

I have to find difference between alternate rows for a field like Row 2-1, Row 4-3. Not difference between all the consecutive rows. I used "diff" but it gives me difference between all the rows. Please suggest.

How to break events as Every Line

Compare two field values and get matching third value from table

Count number of App IDs from log file

Move the Splunk from one server to another server

Real time search with python sdk and | stats

How to convert multivalue fields with corresponding value in another field to column-value pair?

stats vs timechart

Make map command process values in series

pass case statement result to search string

How to extract user and source ip from Cisco Syslog message?

query to find the last 5 searches ran by user

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions