Splunk Search

Discussions

Thread Info

How to join 2 CSV files that have unique values in single table?

Fields in first.csv file: DN, uidn, count, Status, TimeStamp Fields in second.csv file: DN, uidn, AppID, eid, user, e...

by Path Finder in

How do I combine information from two traps into a single line in table based off of message ID comparison, user, and IP address?

How do I combine information from two traps into a single line in table based off of message ID comparison, user, and...

by New Member in

How to combine multiple searches with a rex and display results in a table

Ok, I have 3 searches I'd like to combine the results for and display in a table. The index is the same for all the s...

by Explorer in

Getting tstats lookups and supserchers working together

Hi I have a working tstat query and a working lookup query. I am trying to us a substring to bring them together. ...

by Influencer in

How to get my transaction search to return "0" instead of "no results found" if no events are found?

I am trying to use the transaction command to get duration between two events In case there are no such events, I wou...

by Communicator in

How to add multiple duration from multiple independent transactions

So I am running multiple single valued transactions and putting the values in eval keywords, but I want to add all th...

by Communicator in

calculate Field count and pass it for percent calculation

Hi, I'm a newbie to splunk. Struggling with a query. All i want to do now is pass the total value so that i can calcu...

by Communicator in

Lookups - dynamic values

Hi, My lookup table has 3 columns, host, sitename and environment. Input to lookup is host name. If the host n...

by Path Finder in

How to list result data

Hi, i have a result data like: host dest_ip src_ip FW1 192.168.10.1 172.16.20.1 FW1 192.168.10.2 172.16.20.2 FW1 192....

by New Member in

My Splunk search results are not showing any extracted fields in the left side.

For all index searches it is not showing any fields. Events are coming. I have to specify the fields in stats or tabl...

by Explorer in

Single Value compared with custom option

Hi! I monitor a csv file and I need to show the last value from file as Single Value chart. This last value I want...

by Explorer in

How to find IP addresses events are coming from to verify if multiple VMs are under a single hostname?

I suspect that multiple VMs (as yet unconfigured in our environment) are getting lumped together in the index under a...

by Path Finder in

Seeing errors of form: ERROR NewSavedSearchMgr - Error base64 decoding section...

Why am I seeing errors of this form: 09-06-2016 08:42:25.189 +0000 ERROR NewSavedSearchMgr - Error base64 decoding se...

by Splunk Employee in

Form input - Difference between default and initial value

Hello, Could you somebody please help me to understand the difference and pros/cons between default value and init...

by Communicator in

why my events are showing higher than the databases values?

Hi there, I'm trying to fetch the records from one of the table in my SQL SERVER database.The No.of records in tha...

by Engager in

How to append a query based on a variable chosen from a drop-down form?

I need to append the query based on the defined variable. I declared a variable for the drop-down using token="TES...

by New Member in

How to optimize my current search for better performance?

index=*_alltime (sourcetype=*_data earliest=-1d@d latest=@d) |table estl_code_enr_stat estl_code_mrkt_offr_typ estl...

by New Member in

Why does field extraction work in dev environment but not in prod environment?

I ingested a CSV into our dev environment, had it create the props stanza with the field extractions I wanted, and co...

by Path Finder in

How can I autorefresh a real time form and lookup a display name from Active Directory?

I have a dashboard that runs in a real time window of 7 days and shows locked user accounts for Active Directory, Cha...

by Explorer in

Creating Stack-able graphs for 2 fields

These are my events : Based on the below info I want to crate a stackable bar graph that shows 2 errors "luchip" and ...

by Explorer in

After creating a field extraction, why do search results display different matches that are not related to my field extraction?

I am trying to extract a keyword from an event 2011-03-11 09:12:00 123 INF-1 ConStopped ::CLIenteleCompletd1_...

by Communicator in

Use transaction to chain events : end_time to start_time of next event

Hy everybody ! This is my first post, so don't hesitate to correct me, explain howto do it, or ask for further inf...

by New Member in

Difference between stdev and stdevp

This is mostly a statics question. Is stdev(X) only using a portion of the total population or what? They results the...

by Contributor in

How to write a search to group values until threshold is reached?

I have data from 2 different data sources. I am trying to figure out how to distribute a value into a cost until the ...

by Communicator in

How to merge values of the same field extraction?

I have 4 unique and standard values under one field extraction topic. I want to combine them into two values and use ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to join 2 CSV files that have unique values in single table?

How do I combine information from two traps into a single line in table based off of message ID comparison, user, and IP address?

How to combine multiple searches with a rex and display results in a table

Getting tstats lookups and supserchers working together

How to get my transaction search to return "0" instead of "no results found" if no events are found?

How to add multiple duration from multiple independent transactions

calculate Field count and pass it for percent calculation

Lookups - dynamic values

How to list result data

My Splunk search results are not showing any extracted fields in the left side.

Single Value compared with custom option

How to find IP addresses events are coming from to verify if multiple VMs are under a single hostname?

Seeing errors of form: ERROR NewSavedSearchMgr - Error base64 decoding section...

Form input - Difference between default and initial value

why my events are showing higher than the databases values?

How to append a query based on a variable chosen from a drop-down form?

How to optimize my current search for better performance?

Why does field extraction work in dev environment but not in prod environment?

How can I autorefresh a real time form and lookup a display name from Active Directory?

Creating Stack-able graphs for 2 fields

After creating a field extraction, why do search results display different matches that are not related to my field extraction?

Use transaction to chain events : end_time to start_time of next event

Difference between stdev and stdevp

How to write a search to group values until threshold is reached?

How to merge values of the same field extraction?

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions