Splunk Search

Ask a Question

Discussions

Thread Info

How to combine two different columns in a table into a single column?

I have table as below generated from splunk C:x D:x E:x F:x C:y D:y E:y F:y A 2 1 0 3 5...

by Path Finder in

Lookup issues

Having issues getting the NANP app to work (https://splunkbase.splunk.com/app/1515/) I have the following search b...

by Path Finder in

Can't fillnull on fields in REST generated table?

Why doesn't fillnull work here? | rest /servicesNS/-/-/saved/searches splunk_server=local | search disabled=0 is_s...

by Champion in

Multiple where count > in the same string

We always see some failures in our logs. But when we have an issue, the number of failures goes thru the roof. I'm tr...

by Path Finder in

Difficulty to get the time difference between two event time

I am using the below query search|eval 3CMStartTime = _time|table Corr 3CMStartTime|join Corr [search XXXXX|eval 3CM...

by Path Finder in

How to extract kv from a variable format field using kvform?

I need to extract some keys/values from a certain field, however it doesn't have a fixed format. Actually this field ...

by Explorer in

How do I join/combine my two search searches to get my expected result in a single table?

join/combine two searches into single table, duplicate records override with the first value. Search1: host=tes...

by New Member in

how to get the first(_raw) when i have split my pattern which were separated by pipe "|" using eval and split command.

unique_exception= pattern1|pattern2|pattern3 all these three patterns(1,2,3) are tagged to unique number 111. eval te...

by New Member in

How to search a log file based on the field value extracted from another log file?

I need to read content from a second log file based on the field value which is extracted from the first log file. I ...

by New Member in

I want to delete duplicates from the splunk index which have same _raw and same _time

Tried using the already answered question on splunk answer on the same topic they say do it using lookup or sub searc...

by Path Finder in

Fast mode in html view

Hi, We are using html views to run slpunk queries.. Is there any way to make the search run in fast mode in views ...

by Path Finder in

How do I solve adding data inputs into DB Connect?

I have successfully made an identity and connection. And have successfully validated that I am able to connect. ATM I...

by New Member in

How can I display unique values of a field from a single event?

Here's my input: .... .... TradeDetailsDTO [ShortName=ABCD, allocated=600], TradeDetailsDTO [ShortName=EFGH, allo...

by New Member in

extract JSON from a field

Hi, I have data that looks like this I'd like to extract the json out of the message field. I see the spat...

by Motivator in

Filtering Unwanted Events

I've been trying to filter unwanted events on a heavy forwarder from being sent to indexers. I followed the instructi...

by Contributor in

After creating field extractions using the field extractor in Splunk Web, why are none of the fields returned in search results?

Hi, First time trying this. I have the below data. Using the | character as a delimiter, then going thru the field...

by Motivator in

How to edit my search to use a custom field created with eval in my time chart search?

I have a search that comes up with a score based off a custom formula from nessus scan results. I want to plot that v...

by Engager in

search command

Here is my search query. index=parmed-stage|eval _time=_time+14400|table _time OrderId OrderDetailID _raw|search N...

by Explorer in

How to edit my search to get results to display volume as BYTES, KB, MB, GB, and TB?

Hello, I have search and currently the results show in MB. For example: Current Search: Vol in MB 112435 973...

by New Member in

How to populate a dynamic drop-down with an eval case statement?

Hi! So I have two drop-downs on my dashboard: one with a static list of options (dd1), and a second one which wil...

by Engager in

create timechart using a string date field

I found a few answers here on this forum on how to use a date string field as the datetime for a timechart. I tried t...

by Path Finder in

Selecting log entry having smallest field value

Suppose I have log data like this: 2016-08-24 03:46:15 GMT vehicle_id="1075" vehicle_distance=145 stop_tag="5687" ...

by Splunk Employee in

How do we migrate from single instance to an index and search head cluster

We are trying to move from a single instance of splunk to a clustered environment. We created the cluster as per the ...

by Engager in

IP location not displaying city lat lon country etc

Hi all, IP location is not displaying any of the fields it should return when used in search app. But the iplocati...

by Contributor in

Can you do conditionals in searches where the action is to add/change the search string?

I did a lot of reading last night about eval ifs and read several posts that danced around the edge of being relevant...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to combine two different columns in a table into a single column?

Lookup issues

Can't fillnull on fields in REST generated table?

Multiple where count > in the same string

Difficulty to get the time difference between two event time

How to extract kv from a variable format field using kvform?

How do I join/combine my two search searches to get my expected result in a single table?

how to get the first(_raw) when i have split my pattern which were separated by pipe "|" using eval and split command.

How to search a log file based on the field value extracted from another log file?

I want to delete duplicates from the splunk index which have same _raw and same _time

Fast mode in html view

How do I solve adding data inputs into DB Connect?

How can I display unique values of a field from a single event?

extract JSON from a field

Filtering Unwanted Events

After creating field extractions using the field extractor in Splunk Web, why are none of the fields returned in search results?

How to edit my search to use a custom field created with eval in my time chart search?

search command

How to edit my search to get results to display volume as BYTES, KB, MB, GB, and TB?

How to populate a dynamic drop-down with an eval case statement?

create timechart using a string date field

Selecting log entry having smallest field value

How do we migrate from single instance to an index and search head cluster

IP location not displaying city lat lon country etc

Can you do conditionals in searches where the action is to add/change the search string?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions