Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Is it normal for the loadjob command in 4.0.10 to only load of approx. 150k events with events=t parameter?

I'm currently experiencing this: 1) Run a query that returns a large number of events (say, 1mil) 2) Save the j...

by Path Finder in

how to match partial string in search query

Hi I have a errors in the field (say myfield) Error xyz : 123 Error xyz : 456 Error xyz : 789 Error xyz : 135 E...

by Communicator in

[SPLUNKD] Not Found for lookup REST api call

Hi Splunkers, I have a curl for changing ownership of lookup file present app level to user level by this curl cur...

by Path Finder in

How to use values of a field as part of regular expressions and match with values in other fields, this being done for a large data-set?

I have tables like below: Personnel Name ...

by Path Finder in

Can't filter by Country even though there is count

When I run the following search, I get a list of countries and their count. eventtype=cisco-firewall src_ip="*" de...

by Path Finder in

compare today statistic with to day from last week

Dears, i want to compare today statistic with the day from last week how can I do that thank in advance

by Explorer in

how to change zh-CN to 24 hours format?

I don't want to change zh-CN to en-GB,I only want to change zh-CN from 12 hours format to 24 hours format? Any help?

by Engager in

Sum of different fields for all events

Hi, I am trying to use Splunk to create dashboards based on different calculations of fields in a static CSV file. Th...

by New Member in

How to tell if a host is having a problem for at least a X span of time?

If I want to see if an issue has been happening for at least a set period of time, how would I go about asking splunk...

by Path Finder in

How to edit my search to calculate percentage across columns for multiple fields?

Looking for some assistance with trying to fix my search to calculate percentage on several columns. Here is what...

by Path Finder in

Use multiple inputs to a lookup table to return a xref value

Hi all, I have a lookup table of Currency exchange rates per day per currency code e.g. (cutdown!) Date,USD,JPY...

by Path Finder in

Charting Transactions

Hello, I am trying to build a graphical representation of a set of transactions by type. Ideally I am looking for ...

by Engager in

Appending a field returned from map?

Howdy folks, I have a question around using map. I have a large query that essentially generate the the following ...

by Explorer in

How to edit my search to calculate percentage for each row?

earliest=-72h@h latest=@h index=dga | transaction EventType maxevents=2 |stats count as total | appendcols [search e...

by Path Finder in

Capture Active transactions

Hi Everyone, I am trying to capture active sessions with transaction command but unsuccessful, searched answers.sp...

by Explorer in

What is the best way to use one auditd record to search for a second auditd record

Question: How do you use one auditd record which contains a key to extract a field from a second auditd record which ...

by New Member in

Help me with join query

index=ABC sourcetype=xyz | stats count by XID| table XID count XID Count 101 2 102 3 103 4 index=ABC sourcetype...

by Communicator in

Subsearch for negation

I am trying to write a subsearch which will negate few days/hours from results considering event count. But below sea...

by Builder in

I have few events contains sell_time, based on sell_time I want to calculate sum of "price" column

I have few events contains sell_time, based on sell_time I want to calculate sum of "price" column index="example"...

by Communicator in

predict command and non realtime alerts

hi - I have a query to predict traffic and highlight when the actual traffic goes over or below the prediction in...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is it normal for the loadjob command in 4.0.10 to only load of approx. 150k events with events=t parameter?

how to match partial string in search query

[SPLUNKD] Not Found for lookup REST api call

How to use values of a field as part of regular expressions and match with values in other fields, this being done for a large data-set?

Can't filter by Country even though there is count

compare today statistic with to day from last week

how to change zh-CN to 24 hours format?

Sum of different fields for all events

How to tell if a host is having a problem for at least a X span of time?

How to edit my search to calculate percentage across columns for multiple fields?

Use multiple inputs to a lookup table to return a xref value

Charting Transactions

Appending a field returned from map?

How to edit my search to calculate percentage for each row?

Capture Active transactions

What is the best way to use one auditd record to search for a second auditd record

Help me with join query

Subsearch for negation

I have few events contains sell_time, based on sell_time I want to calculate sum of "price" column

predict command and non realtime alerts

Observability Highlights | January 2023 Newsletter

Security Highlights | January 2023 Newsletter

Platform Highlights | January 2023 Newsletter

How to use MLTK to tune DNS Query Length Outliers ...

Optimizing metrics based searches?

How to use fit command together with foreach?

How to detect T1036.002: Masquerading (Right-to-Le...

SPL for cancelled / timed out searches?