Splunk Search

Discussions

Thread Info

Why do lookup searches fail with "The lookup table does not exist or is not available" error?

Searches with lookups are failing in our environment. I have created a lookup file called dt1.csv and a lookup defini...

by Path Finder in

If I have 2 different fields that match in 2 indexes, how do I return and merge fields from both indexes?

I have googled and searched my little heart out, but I am unsure if I am querying using best practice or if this woul...

by Path Finder in

Why is my query using the transaction command missing some events?

Here is ALL of the data that is actually in the logged transaction: Nov 1 15:41:18 mail qmail: 1541101278.677067 n...

by Explorer in

How do you do an outer join of two stats searches?

Hello, I am trying to do an outer join of two searches. I have 2 server groups (Gateway="opaxvgw1" OR Gateway="...

by Explorer in

How do you timechart a time-constricted search?

Heya, This might be something really simple, but I just can't get my head around how to do it. I'm using Splu...

by Explorer in

Can you help me check multiple conditions in Splunk?

I have to check multiple conditions like if Auth = "PASS" and Basc = "PASS" and RReg = "PASS" then result ="PASS" els...

by New Member in

Question on regex field extraction in props.conf - in which search time variable they are stored?

Hi All, I have some question on the regular expression extraction they can be added in props.conf Supposing I have...

by Contributor in

How do you match extracted CSV and index value and use geo values to visualize a map?

I have index =s1 with a field called city, and an uploaded CSV file with fields like "office", "latitude" and "longit...

by Communicator in

How can I extract fields from a space delimited event with potential spaces in the field values?

How would I go along extracting fields for the below? The challenge I am seeing is that it seems to be delimited by s...

by Communicator in

How do you send events from a custom command asynchronously without waiting for the whole command to finish?

Hi, I have a custom generating command that queries an external API and yields the results as events. As the AP...

by Explorer in

How do you Join or Merge multiple events at index time based on a common field?

I'm looking for a method to merge events based on a common field at index time, not at search time, and I've have alr...

by New Member in

How do I consolidate the count of similar values in a table?

I have a Search that looks at some XML responses from an API and should create a time chart by the count of each type...

by New Member in

Time modifier - tstats - subsearch

I am trying to compare two different results using subsearch. Both searches are using tstats. I am wanting the tstats...

by Engager in

Could you help me with a couple questions I have about the eventcount search command?

Hi everyone, I have a couple questions about using the eventcount command... 1.) I noticed that if you set summ...

by Path Finder in

Blacklist files greater than a certain size from inputs.conf

Hi All, I have to monitor a folder where there are very huge files with file name automatically generated. Is ther...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why do lookup searches fail with "The lookup table does not exist or is not available" error?

If I have 2 different fields that match in 2 indexes, how do I return and merge fields from both indexes?

Why is my query using the transaction command missing some events?

How do you do an outer join of two stats searches?

How do you timechart a time-constricted search?

Can you help me check multiple conditions in Splunk?

Question on regex field extraction in props.conf - in which search time variable they are stored?

How do you match extracted CSV and index value and use geo values to visualize a map?

How can I extract fields from a space delimited event with potential spaces in the field values?

How do you send events from a custom command asynchronously without waiting for the whole command to finish?

How do you Join or Merge multiple events at index time based on a common field?

How do I consolidate the count of similar values in a table?

Time modifier - tstats - subsearch

Could you help me with a couple questions I have about the eventcount search command?

Blacklist files greater than a certain size from inputs.conf

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

Search based on a previous conditions. Or alert th...

BotS member needed !

To set up alert using saved search and map command

How to compare 2 lookups and highlight any changes...

How to change pie chart font color from within Spl...