Splunk Search

Discussions

Thread Info

CSV Field Extraction with spaces in field name

I have a syslog feed coming in to our Splunk system that is essentially a CSV file. It's a conglomeration of the resu...

by Communicator in

Calculating the number of executions using streamstats

Hi! I have such table: package executionID type day time A 1 start day1 some_hour A 1 end day1 some_hour B 1 start...

by Communicator in

How to perform a join on a field from source1 to one or another field in source2 based on the source1 field value?

I'm trying to join information from a metadata search to a lookup file. It works using a subsearch such as this: |...

by Path Finder in

How to extract values from multiple events and create a new event with those values?

I want to extract a key-value pair from multiple events and create a single event with those extractions. We have...

by SplunkTrust in

How to search the count of host Instances, and get the latest occurrence if there are duplicates?

In addition, if there is a duplicate host, I'd also like to keep the fields of the latest. Here's an example: Host...

by Explorer in

How do I configure Splunk to recognize my custom delimiter for proper field extraction?

I currently have a log statement which has a custom delimiter: {|} Where an example log statement would look like:...

by Explorer in

How to edit my regular expression to extract these fields from my sample data?

Hi, I have the below data 10.210.192.15 - - [12/Oct/2016:19:59:43 -0400] "GET /rest/icontrol/login?expand=sites...

by Motivator in

How to edit my search to prevent getting multiple alerts?

Created a search to monitor members added/removed from a group. It's working in search, but in the alert email for de...

by New Member in

How to edit my search to count a certain event, then group that count by another field in a time chart?

Variables : LoginString Connections UT=10 UT=45 Essentially, I want to grab the login string where UT=45and then t...

by New Member in

Sort for chart not working

Hi, I'm doing a search on the _internal index for license usage by host. I'd like the histogram to have the biggest v...

by Communicator in

How to display the average of each host for a particular search in a timechart?

I have a search as follows field_id="X" | eval b=len(_raw) | stats sum(b) as b | eval gb=round(b/1024/1024/1024,2)...

by Builder in

How to join 2 CSV files that have unique values in single table?

Fields in first.csv file: DN, uidn, count, Status, TimeStamp Fields in second.csv file: DN, uidn, AppID, eid, user, e...

by Path Finder in

How do I combine information from two traps into a single line in table based off of message ID comparison, user, and IP address?

How do I combine information from two traps into a single line in table based off of message ID comparison, user, and...

by New Member in

How to combine multiple searches with a rex and display results in a table

Ok, I have 3 searches I'd like to combine the results for and display in a table. The index is the same for all the s...

by Explorer in

Getting tstats lookups and supserchers working together

Hi I have a working tstat query and a working lookup query. I am trying to us a substring to bring them together. ...

by Influencer in

How to get my transaction search to return "0" instead of "no results found" if no events are found?

I am trying to use the transaction command to get duration between two events In case there are no such events, I wou...

by Communicator in

How to add multiple duration from multiple independent transactions

So I am running multiple single valued transactions and putting the values in eval keywords, but I want to add all th...

by Communicator in

calculate Field count and pass it for percent calculation

Hi, I'm a newbie to splunk. Struggling with a query. All i want to do now is pass the total value so that i can calcu...

by Communicator in

Lookups - dynamic values

Hi, My lookup table has 3 columns, host, sitename and environment. Input to lookup is host name. If the host n...

by Path Finder in

How to list result data

Hi, i have a result data like: host dest_ip src_ip FW1 192.168.10.1 172.16.20.1 FW1 192.168.10.2 172.16.20.2 FW1 192....

by New Member in

My Splunk search results are not showing any extracted fields in the left side.

For all index searches it is not showing any fields. Events are coming. I have to specify the fields in stats or tabl...

by Explorer in

Single Value compared with custom option

Hi! I monitor a csv file and I need to show the last value from file as Single Value chart. This last value I want...

by Explorer in

How to find IP addresses events are coming from to verify if multiple VMs are under a single hostname?

I suspect that multiple VMs (as yet unconfigured in our environment) are getting lumped together in the index under a...

by Path Finder in

Seeing errors of form: ERROR NewSavedSearchMgr - Error base64 decoding section...

Why am I seeing errors of this form: 09-06-2016 08:42:25.189 +0000 ERROR NewSavedSearchMgr - Error base64 decoding se...

by Splunk Employee in

Form input - Difference between default and initial value

Hello, Could you somebody please help me to understand the difference and pros/cons between default value and init...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

CSV Field Extraction with spaces in field name

Calculating the number of executions using streamstats

How to perform a join on a field from source1 to one or another field in source2 based on the source1 field value?

How to extract values from multiple events and create a new event with those values?

How to search the count of host Instances, and get the latest occurrence if there are duplicates?

How do I configure Splunk to recognize my custom delimiter for proper field extraction?

How to edit my regular expression to extract these fields from my sample data?

How to edit my search to prevent getting multiple alerts?

How to edit my search to count a certain event, then group that count by another field in a time chart?

Sort for chart not working

How to display the average of each host for a particular search in a timechart?

How to join 2 CSV files that have unique values in single table?

How do I combine information from two traps into a single line in table based off of message ID comparison, user, and IP address?

How to combine multiple searches with a rex and display results in a table

Getting tstats lookups and supserchers working together

How to get my transaction search to return "0" instead of "no results found" if no events are found?

How to add multiple duration from multiple independent transactions

calculate Field count and pass it for percent calculation

Lookups - dynamic values

How to list result data

My Splunk search results are not showing any extracted fields in the left side.

Single Value compared with custom option

How to find IP addresses events are coming from to verify if multiple VMs are under a single hostname?

Seeing errors of form: ERROR NewSavedSearchMgr - Error base64 decoding section...

Form input - Difference between default and initial value

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 2)

Index This | I am a number but I am countless. What am I?

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

breaking multiple mv fields into single events bas...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...

Write Splunk log with Laminas