Splunk Search

Ask a Question

Discussions

Thread Info

Compare values of two fields from different field value

Hi All, This is a ticket data. I have a field called "Team" having 2 values "SAP" and "Non-SAP" and the respective...

by Builder in

Search to only include Business Hours and Exclude weekends

Hi All I am trying to generate a search that only includes Business hours and also excludes weekends. I have tried...

by Explorer in

How to search for transactions with an ordered sequence, BUT with non-specific events in the middle?

We have several problems that we weren't able to resolve with Splunk's SPL. Problems are listed below. Any suggestion...

by Explorer in

How to generate a search for users that have clicked or visited a URL, how many times, and display results in a table?

How to search for users that have clicked/visited a url, how many times, and display results in a table with two colu...

by New Member in

How to select distinct rows from a lookup table?

How to select only distinct rows from the lookup table? I am selecting student details but I have duplicates in the l...

by Explorer in

Issue with strptime

Hey guys, So I've used strptime before but for some reason this isn't working properly. I have a column with diffe...

by Path Finder in

Query to display average cpu usage for all splunk search heads & indexers

I'm building reporting for capacity planning to improve the performance across our splunk environment. During my comp...

by Explorer in

How to subtract 30 minutes from now() using eval

I would like to know how to subtract 30 minutes from the call to the now() function and set the value of a field call...

by Explorer in

Best approach for using a sub-search to compare time frames

I am looking for the most efficient way to do a sub search to see if vulnerabilities still exist now vs 90 days. C...

by New Member in

Field extraction

I am trying to extract the field starting with C ending with I from following strings. Can anyone pls suggest the app...

by Path Finder in

Clarification regarding search command and stats command

Hey everyone, I'm confused about what the second command in my search does. Here is the whole search: | useracc...

by Communicator in

find the duplicate files from particular source in splunk search query

Hello All, I need to find from particular source how many we have duplicate files in last 7 days. I have used ...

by Communicator in

Why does my search with "stats count" return more events than the actual events present?

Stats count returns nine events for Points-1 & 2. But as shown in the point-3 below, the actual events count is three...

by Explorer in

How to split the following status="Deny" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name="" user_gp="" iap=0

Hi All, I have the following search result, but how to split it in a nice view e.g. like row names and values. ...

by New Member in

Rex for Source

My source filed has value such as, /Folder1/Folder2/Folder3/Folder4/Folder5/LoadABCDEF_20160921.log I would li...

by Explorer in

Rewriting field values in search time

Hello, I've got some events like this extracting fields using kv_mode=auto: key1="value1", key2="value2", null1...

by Path Finder in

Panels displaying variable numerical value

I’m trying to create a panel that will display the numerical number for a field called method_duration. For each even...

by New Member in

Multiple stats for multiple key-values with a common prefix

We have log entries with multiple key-value pairs. All of the keys I'm interested in have a common prefix and all of ...

by New Member in

What does yellow boxes/triangles in the search-app and panels with the text "Eventtype 'wineventlog-dns' does not exist or is disabled" (ditto for 'wineventlog-ds') mean?

Hi all, We have the following setup: Splunk Enterprise Server 6.4.1 Windows2008R2, 16 GB Physical Memory, 4 CPU...

by Path Finder in

Why would a command via CLI that exports to a CSV re-order the columns? Looks like the columns get re-ordered alphanumerically.

Splunk Web search ran: sourcetype=vmstat |head 10| table _time source sourcetype mem_free OUTPUT is as listed ...

by Splunk Employee in

How to join customer ID data from different sources and create a time-based report where x-axis is total time and y-axis is total events?

I want to correlate data from 2 sources. First data source contains store_events (source1=store_events) and second so...

by Explorer in

How to use rex command to extract value from the end of an event?

I know this type of question has been asked many times before, but I haven't been able to get results from using REX....

by Explorer in

How to consolidate events that have an ID field with different names across multiple sourcetypes?

Hi all. I have almost 20 different sourcetypes. Field names in sourcetypes are different and I don't have the same...

by Builder in

How to add up the hourly number of transactions per day, and create a chart to show the total per day over X days?

Hello community, So I'm looking for some help here on how to build a search that will add up the total number of t...

by Engager in

Is a JOIN clause in SQL equal to an OR operator in Splunk?

SQL JOIN clause gets intersection of two tables. In Splunk search, if I use OR on two different sources, I am not...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Compare values of two fields from different field value

Search to only include Business Hours and Exclude weekends

How to search for transactions with an ordered sequence, BUT with non-specific events in the middle?

How to generate a search for users that have clicked or visited a URL, how many times, and display results in a table?

How to select distinct rows from a lookup table?

Issue with strptime

Query to display average cpu usage for all splunk search heads & indexers

How to subtract 30 minutes from now() using eval

Best approach for using a sub-search to compare time frames

Field extraction

Clarification regarding search command and stats command

find the duplicate files from particular source in splunk search query

Why does my search with "stats count" return more events than the actual events present?

How to split the following status="Deny" priority=Information duration=0 fw_rule_id=0 policy_type=0 user_name="" user_gp="" iap=0

Rex for Source

Rewriting field values in search time

Panels displaying variable numerical value

Multiple stats for multiple key-values with a common prefix

What does yellow boxes/triangles in the search-app and panels with the text "Eventtype 'wineventlog-dns' does not exist or is disabled" (ditto for 'wineventlog-ds') mean?

Why would a command via CLI that exports to a CSV re-order the columns? Looks like the columns get re-ordered alphanumerically.

How to join customer ID data from different sources and create a time-based report where x-axis is total time and y-axis is total events?

How to use rex command to extract value from the end of an event?

How to consolidate events that have an ID field with different names across multiple sourcetypes?

How to add up the hourly number of transactions per day, and create a chart to show the total per day over X days?

Is a JOIN clause in SQL equal to an OR operator in Splunk?

Machine Learning - Assisted Adaptive Thresholding

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Wrapping Up Cybersecurity Awareness Month

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions