Splunk Search

Discussions

Thread Info

Compare date in search

I have events containing field "Agent_Local_Time="9/19/2016 1:36:19 PM", I use EVAL to format the time "eval final_ti...

by New Member in

How can I edit my search so if my subsearch returns no results, my main search returns all events from index="test"?

index="test" [search index="test_summary" key_field="y" | head 1 | eval search = "_time>" . _time | fields search] |...

by Explorer in

What is the meaning of my regular expression?

Hi, I used splunk to extract a new field and it has used this regular expression, rex "^(?:[^\|\n]*\|){6}(?P<e...

by Path Finder in

How to add a clientip field to data sources for the iplocation command?

I have a general question and I am more of a power user than admin level here (but I'm in the process of becoming one...

by Path Finder in

Why is my tstats including other counts?

Hi, I am querying an accelerated data model for active directory, using the search below. However, the results are...

by Champion in

How to exclude events with null fields in a search?

Hello Splunkers, I've got a search built thats working properly but I'm not able to get the events with a particular ...

by Contributor in

How to search multiple sources within my search?

How do I search multiple source files within my search? I want to do something like: source="/foo/bar/2016/09/{08,...

by Explorer in

Is there an easy way to create a drilldown for an area chart?

I have a dashboard panel that shows the sum of outbound data where I want to click on a value and display the raw eve...

by New Member in

Extracting Fields from Structured HL7 Data

I am trying to figure out how to extract structured data from an HL7 2.x message The entire message is wrapped in...

by New Member in

Graph the same time period but from 1 week previous

Hi, I have a query that looks like this <chart depends="$tableurlerror$"> <title>URL Errors by Host De...

by Motivator in

Extra conditional search based on eval result

Hi, I've a periodic anomaly detection search (alert) query that results like this in inline mail result table; ...

by Path Finder in

Why can't I get my search results to sort properly?

Hi, I have this search index=main | rex "(?i)\".*? /(?P<URL_HEADER>\w+/\w+)"| rex "(?i) UCT\-(?P<URL_MICRO_SECO...

by Motivator in

How to create a single value panel that changes based on weighted values?

I want to create a single value panel that starts at 100, and when a specific alert goes off with an assigned weight,...

by Contributor in

Is there a way in splunk to get the Custom sql query execution time ?

I am writing a custom sql dbxquery. When this custom query executes I want to know when it gets started and when its ...

by New Member in

How can I improve my active directory data search so that it does not take a long time to load?

Hi, I have a search that is taking waaaaaaaaayyyyyyyyy too long and am looking for idea on how to improve it, be i...

by Champion in

How to count events that are common or existing among multiple sourcetypes?

Seeking help of Splunk Gurus. I have three sourcetypes : TICKET_OPENED, TICKET_ACTIVITY & TICKET_CLOSED. A common ...

by Communicator in

Getting the time that maximum count occurs every hour

I have a search that finds the maximum number of events that occur in a single second on any given hour during the da...

by New Member in

Variable earliest and latest?

Hey, This forum has been so very helpful... I really cannot thank the posters here enough! However, I have a q...

by Explorer in

subtract previous results with current result

Hi All, I have a result which shows the total user directory count for every 1hr, but I want to how many user got ...

by Path Finder in

Can't use rex extracted value in new search because value isn't an extracted field

Hi all, I've written the following query: sourcetype=mysourcetype DA-bericht [search sourcetype=mysourcetype "...

by Engager in

How to fix my time-based lookup?

Hi at all, I'm trying to use time based lookups and I found the following problem: I created a Time Based Lookup and ...

by SplunkTrust in

Show a result even if no events match

As part of a larger project, one of the things we want to do is to let the user build tables with one search criteria...

by Explorer in

How to compare two counts from a single stats search, and alert if there is a large difference between the results?

I have searched a lot and haven't found a straight answer to this, yet. I want to create an alert on spikes of loa...

by Explorer in

within "Extract Fields", how can I start the regular expression with a value from another field?

I have a field 'foo', it has a value like "data1_data2" I'd like to make an Extracted Field that starts with the c...

by New Member in

How to search for failed logins of a specific Active Directory group?

Greetings. I am looking to search failed logins for a particular Active Directory group(s). I was thinking I'd have t...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Compare date in search

How can I edit my search so if my subsearch returns no results, my main search returns all events from index="test"?

What is the meaning of my regular expression?

How to add a clientip field to data sources for the iplocation command?

Why is my tstats including other counts?

How to exclude events with null fields in a search?

How to search multiple sources within my search?

Is there an easy way to create a drilldown for an area chart?

Extracting Fields from Structured HL7 Data

Graph the same time period but from 1 week previous

Extra conditional search based on eval result

Why can't I get my search results to sort properly?

How to create a single value panel that changes based on weighted values?

Is there a way in splunk to get the Custom sql query execution time ?

How can I improve my active directory data search so that it does not take a long time to load?

How to count events that are common or existing among multiple sourcetypes?

Getting the time that maximum count occurs every hour

Variable earliest and latest?

subtract previous results with current result

Can't use rex extracted value in new search because value isn't an extracted field

How to fix my time-based lookup?

Show a result even if no events match

How to compare two counts from a single stats search, and alert if there is a large difference between the results?

within "Extract Fields", how can I start the regular expression with a value from another field?

How to search for failed logins of a specific Active Directory group?

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

Video | Tom’s Smartness Journey Continues

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Using a timechart click.value as the midpoint of a...

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static