Splunk Search

Discussions

Thread Info

Adjust time difference for suspended and unsuspended events

I am trying to find a solution for adjust my time interval for time to resolve. There are two indexes being used, the...

by New Member in

tstats issue following upgrade from 6.4.4 to 6.5.2

I’m having an issue with the tstats command not producing any results when calling a namespace post tscollect. For...

by Contributor in

How to filter IIS logs with regular expression?

Greetings, I'm trying to make a regular expression to filter the IIS logs. I want Splunk to index only logs whose ...

by Path Finder in

How to display SplunkIcons Glyphs library and where can I find them?

I use SplunkIcons glyphs to display some states with search command "rangemap". I would like to see the icons are ava...

by Explorer in

Compare two counts from two time searches

I need to be able to find the difference between two "Count" values; the count for today, and the count yesterday. ...

by Path Finder in

Extracting Fields & Regular Expression Formating

I have Active Directory logs that do not have many fields associated with them. Each log is over 100 lines and I wish...

by Path Finder in

Help me with Rex in search query

"sessionID":"123456567" "sessionID":"ABCnsh8ah" Please help me with Rex to pick 123456567 ABCnsh8ah from above...

by Communicator in

Why am I getting lookup search error "[server x] Script for lookup table 'user_agents' returned error code 1. Results may be incorrect"?

We are using Splunk version 6.3 and facing an issue with a lookup table. While running the search, it returns below e...

by New Member in

Can the results of the same search vary between use in a search bar and a dashboard?

hi, I am writing the following search query in the dashboard panel sourcetype=xml22 |where $field1$ = 7|search...

by Explorer in

Secuirty checks with help of splunk

Hi, I want to figure out, how long an employee inside office. Once employee enters into office he will do card swi...

by Explorer in

output lookup to /app/lookups

I have a saved search that generates a table of users each day: search "my users" | table username, id I want t...

by Contributor in

Wildcard not working in monitor input

I used following syntax to monitor a file input in windows [monitor://D:\app*\logs\a*.log] The above stanza is not in...

by Explorer in

count eval results doesn't match the results under the Events tab

I have a simple search with stats count eval (u_id is a numeric field): index=myindex base search | stats count(ev...

by New Member in

stats count by variable field names?

I have a need to stats count by a list of variable fields that I don't know the names of. (stats count by * doesn't s...

by Champion in

How to calculate time difference of 2 events with logs that do not have a common string?

Hi, I have Siebel logs like below: event 1: MessageFlow MsgFlowDetail 4 00005609588f0d40:0 2017-01-30 09:38:48 7676: ...

by Engager in

How to extract a field that is within an already extracted field?

Hi Ninja I've done a field extraction for apache access log like Referer. Referer= http(s)://FQDN/Abc/dasd/sadf...

by Path Finder in

Modify lookup cells by search command

I have a lookup called FailuresList It contains the following fields: date, site, text, excluded I would like to modi...

by Engager in

Extract key-value pairs while ignoring "header" data using regex.

I have a regular expression that works on part of my data. Given the log entry: pam_vas: Authentication <succeeded...

by Communicator in

Search to Correlate 2 different csv files.

We have 2 different csv files under the same index and sourcetype. csv1.csv-Fields[uniquenumber Name status] csv2...

by Path Finder in

Append values as 0 with time for search and subsearch

In my search query, I have 2 searches 1. This gives stats for today 2. This gives stats for the period entered as...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Adjust time difference for suspended and unsuspended events

tstats issue following upgrade from 6.4.4 to 6.5.2

How to filter IIS logs with regular expression?

How to display SplunkIcons Glyphs library and where can I find them?

Compare two counts from two time searches

Extracting Fields & Regular Expression Formating

Help me with Rex in search query

Why am I getting lookup search error "[server x] Script for lookup table 'user_agents' returned error code 1. Results may be incorrect"?

Can the results of the same search vary between use in a search bar and a dashboard?

Secuirty checks with help of splunk

output lookup to /app/lookups

Wildcard not working in monitor input

count eval results doesn't match the results under the Events tab

stats count by variable field names?

How to calculate time difference of 2 events with logs that do not have a common string?

How to extract a field that is within an already extracted field?

Modify lookup cells by search command

Extract key-value pairs while ignoring "header" data using regex.

Search to Correlate 2 different csv files.

Append values as 0 with time for search and subsearch

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Will Splunk searches using lookup get affected if ...

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...