Splunk Search

Discussions

Thread Info

Combine two rows from a search into one?

Hello! I'm doing a search for some project information, specifically for a count of projects based on their Import...

by Explorer in

Extract certain keyword from column

There are two lines of info in a column but it appears that there's no whitespace or whatsoever in between those line...

by Explorer in

Combine fields into new field without NULL

From our data we end up with 2 different fields v7serial & v8serial. I want to be able to feed this into a single ser...

by Communicator in

How to transform a table

I have this table: _time,id,src,dst 9:00,x,A,B 9:01,x,B,C 9:02,y,C,B 9:03,z,B,C 9:04,y,B,A 9:05,z,C,D I wanna ...

by New Member in

i want to combine two source types and print the result

i have have two sourcetypes say sourcetype1 and sourcetype2 these two source type are in the same index sourcetype1 h...

by Path Finder in

How can I bin over specified time periods in a timechart?

Hi, I am trying to create a dashboard showing the amount of events split up in working and non-working hours joine...

by New Member in

Using Lookup Table

Hi, I am using a lookup table to populate 3 dropdown menus: Source, Service, and Method, where each selection of t...

by Path Finder in

How to search Apache access_log data to find bandwidth usage as total number of bytes?

I can pull the Apache access_log into Splunk, but I can't figure out now to write a search that will give the total n...

by Engager in

How to get search results for last week's data without re-running the search?

Hi All, On a daily basis, I am running one search to get results in a table representation format. I wanted to see...

by Explorer in

How to sum the count of FieldA where FieldB is the same?

I have data like: id,type,id2 1,a,100 2,a,100 3,c, 4,a,101 5,a,101 6,b,102 7,b,102 8,b,102 9,b,103 10,b,103 11,b,1...

by SplunkTrust in

stats and eventstats

Hi All. I want to calculate the percentage of churned_customer in rural and urban areas. The columns i have are CH...

by Contributor in

How to search the time difference between transactions?

I have three statements in my log file for each transaction like below: index=abc* source="abc.log" 2410286283_b3...

by Path Finder in

How to create a dashboard to track alert results by severity level?

I have multiple alerts, each at different severity levels. The output of these alerts are fields like source, destina...

by Explorer in

Search Pipeline: Why does documentation say to use a pipe character when we need to club two or more commands?

The Splunk documentation says that we use pipe character when we need to club two or more commands, but in some cases...

by Explorer in

How to exclude results in Search1 that are returned from Search2?

I have a set of data that I would like to exclude the second search result set from. First search: Gets me all the...

by Explorer in

How to search and filter based on values matched in an eval case statement?

Hello all, Trying to figure out how to search or filter based on the matches in my case statement. I guess also wa...

by Path Finder in

How do I filter a user based on the next action he took?

In one event, I see that a search results with this following line: "SERIES". That line tells me that the user select...

by New Member in

How to edit my search to filter results using extracted fields from a lookup and a where clause?

Hi. How do I filter my results from an extracted field and where-clause? I have a user lookup table which cont...

by Communicator in

How to prepend a value to a field at search-time to sanitize malicious URLs?

I'd like to sanitize host names during search time in Splunk (IDS alerts), so users don't receive a hyperlink to the ...

by Communicator in

Regex Help: How to search all events with the selected values from two drop-downs on my dashboard?

Hi, I am creating a dashboard with 2 drop-downs, one for Services and the other for Methods, and I want the searc...

by Path Finder in

How to search search indexes based on application selection from a checkbox input and append results?

Hi, Currently I am consolidating data from different indexes. index=application1 ID=$id$ | rename application1...

by New Member in

How to extract a substring of existing field values into a new field?

I want to make a new field with extracted values like Header.txt, LogMessage.xml , JSON_HEADER.json (it's from the se...

by Explorer in

How do I group Kepware Torque tool data by VIN'job' number?

Not sure how to accomplish this and need some advice from the experts here. I am working with data from a torque t...

by New Member in

What am I doing wrong with the aggregate macro syntax in my correlation search to create notable events?

Search I am trying to use: index="wineventlog" (EventCode=4656 Accesses=DELETE) OR EventCode=1102 OR EventCode=46...

by New Member in

Help with Regex

Hi How can I extract the "TCP_MISS/200" and "TCP_MISS_SSL/200" or similar from the event below? 1466609862.644...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Combine two rows from a search into one?

Extract certain keyword from column

Combine fields into new field without NULL

How to transform a table

i want to combine two source types and print the result

How can I bin over specified time periods in a timechart?

Using Lookup Table

How to search Apache access_log data to find bandwidth usage as total number of bytes?

How to get search results for last week's data without re-running the search?

How to sum the count of FieldA where FieldB is the same?

stats and eventstats

How to search the time difference between transactions?

How to create a dashboard to track alert results by severity level?

Search Pipeline: Why does documentation say to use a pipe character when we need to club two or more commands?

How to exclude results in Search1 that are returned from Search2?

How to search and filter based on values matched in an eval case statement?

How do I filter a user based on the next action he took?

How to edit my search to filter results using extracted fields from a lookup and a where clause?

How to prepend a value to a field at search-time to sanitize malicious URLs?

Regex Help: How to search all events with the selected values from two drop-downs on my dashboard?

How to search search indexes based on application selection from a checkbox input and append results?

How to extract a substring of existing field values into a new field?

How do I group Kepware Torque tool data by VIN'job' number?

What am I doing wrong with the aggregate macro syntax in my correlation search to create notable events?

Help with Regex

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions