Splunk Search

Discussions

Thread Info

How to organize a search with two lookup tables: common and event-specific?

In my question I will use a manufacturing monitoring analogy. Employees (uniquely identified by name) work a certa...

by Path Finder in

A user can outputlookup and overwrite existing lookups regardless of permissions

We just tested in 5.0.2.2 - A user did outputlookup and overwrote a lookup file in etc/system even though in the UI, ...

by Path Finder in

How do I search records for today and 120 days back?

sort -date | dedup Date_Month_Year | where Date>1575183600 I need this query to run only for the past 120 days fr...

by Explorer in

How can I split stats into rows

MY SPL (index=* source="/var/log/authlog" "sudo" AND ("tar -x*f" OR "pkg install" OR "pkg uninstall")) OR (index=*...

by Explorer in

Including O365 UserAgent data in search

Hi all, I'm having trouble getting O365 UserAgent data to show up in a search. Currently, my search looks like: ...

by New Member in

lookup field value case sensitivity

While field values are not case sensitive by default on Splunk, when we use lookups the default setting for the field...

by New Member in

Search results are not wrapping, can't scroll right.

I have searched for some traps. The results are not wrapping and I can't scroll any further right. The only way I can...

by Engager in

How to Left Join is NULL

I just want to get the left cluster (only Table A )as below picture. How should Splunk search be? tu.

by New Member in

No result is showing when i enter the following code .

I am trying to generate report using the following command but it is not showing any result . i just want to make sur...

by New Member in

How to get the top 10 values using timechart?

Hi, I have this query and it works just fine index=blah1 OR index=blah2 OR index=blah3 host=*media* "/fileUploa...

by Motivator in

How to put data in table format

Name :Test "extensionData": { "entries": [ { "key": "machinesTotal", "value": { "type": "integer", "value": 7 } }, { ...

by New Member in

I have added the Splunk search to my default.xml. Is it possible to only allow this to appear in the navigation bar for admins?

Example of search in nav bar: I only want the Search to be viewable by admins. I have looked at other Splunk ques...

by New Member in

Splunk Search

Discussions

How to organize a search with two lookup tables: common and event-specific?

A user can outputlookup and overwrite existing lookups regardless of permissions

How do I search records for today and 120 days back?

How can I split stats into rows

Including O365 UserAgent data in search

lookup field value case sensitivity

Search results are not wrapping, can't scroll right.

How to Left Join is NULL

No result is showing when i enter the following code .

How to get the top 10 values using timechart?

How to put data in table format

I have added the Splunk search to my default.xml. Is it possible to only allow this to appear in the navigation bar for admins?

Adding vertical bars from one search to a timechart from another search

Response Time from Splunk Logs using Transaction starts with and within an single event

if one field is returning null value then how do i get all the fields to return null value

Field extraction using props.conf and transforms.conf

Percentage of two calculated search values

Change the time format in time chart tool tip

Can the Splunk OS TAs capture time?

filtering in search also that filter value display one of the filed of stats or table column

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >

Comparing the 2 string fields

Seeking help to create a dashboard for Antivirus a...

Haversine Issue

Missing seconds in Realtime query with 10ms span o...

Microsoft Office 365 Reporting Add-on not obeying ...

Splunk Search

Discussions

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.Find out what your skills are worth! Read the report >

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >