Splunk Search

Discussions

Thread Info

How to search for errors that contain asterisks (*)?

I have what I hope is a simple question. We have response logs from different payers. If they are having system issue...

by New Member in

How to display iplocation info for all values in the IP address field belonging to a specific category in Splunk?

So my search query gives me the IP addresses pertaining to a user field in the following manner: index=abc | stats...

by Explorer in

How to execute external script to manipulate file from search command

hello, i have a testing python script as: test.py fo=open("c:/test.txt",'w') fo.write("hello") fo.close()...

by Contributor in

Keep most recent _time of multiple fields with non-NULL values

I have user-generated data that I am trying to splunk to show whether or not an audit or check has been performed in ...

by Communicator in

Group results by eval syntax

Hi, i'm trying to group my results from these eval commands | stats earliest(_time) as first_login latest(_time) a...

by Path Finder in

Help with a join

I have a search that does work but takes forever because of the amount indexed by the ASA. I was thinking if it was r...

by Builder in

how to loop through data fields and store the result in a different data field?

Hi, I am trying to find a solution to the below problem: HASH (Data field name) 001300A5323BF6C1812B686C1C896857D...

by Explorer in

how to subtract vaule when making a chart

I have a chart that shows total bytes sent on a computer. The chart seems to work, but it's hard to read. Since this ...

by Path Finder in

Remove spaces in field values and run stats/timechart with new names

I notice Splunk uses the first Word when using stats, so I need to rename the fields to single words or connected wor...

by Communicator in

How to search for events based on certain field and its exclusive values between two searches?

Say I have two searches on data sets which contain four fields [field1, field2, field3, field4], e.g. [1,20,am,a] [1,...

by Explorer in

SETUP.XML URL encoding lists values and updates correctly only if slash (/) exists, but fails to update with * or $

I'm using setup.xml for some script:// and monitor:// endpoints. I use %252F for /, %2A for *, %24 for $, and %20 for...

by Path Finder in

Combine two rows from a search into one?

Hello! I'm doing a search for some project information, specifically for a count of projects based on their Import...

by Explorer in

Extract certain keyword from column

There are two lines of info in a column but it appears that there's no whitespace or whatsoever in between those line...

by Explorer in

Combine fields into new field without NULL

From our data we end up with 2 different fields v7serial & v8serial. I want to be able to feed this into a single ser...

by Communicator in

How to transform a table

I have this table: _time,id,src,dst 9:00,x,A,B 9:01,x,B,C 9:02,y,C,B 9:03,z,B,C 9:04,y,B,A 9:05,z,C,D I wanna ...

by New Member in

i want to combine two source types and print the result

i have have two sourcetypes say sourcetype1 and sourcetype2 these two source type are in the same index sourcetype1 h...

by Path Finder in

How can I bin over specified time periods in a timechart?

Hi, I am trying to create a dashboard showing the amount of events split up in working and non-working hours joine...

by New Member in

Using Lookup Table

Hi, I am using a lookup table to populate 3 dropdown menus: Source, Service, and Method, where each selection of t...

by Path Finder in

How to search Apache access_log data to find bandwidth usage as total number of bytes?

I can pull the Apache access_log into Splunk, but I can't figure out now to write a search that will give the total n...

by Engager in

How to get search results for last week's data without re-running the search?

Hi All, On a daily basis, I am running one search to get results in a table representation format. I wanted to see...

by Explorer in

How to sum the count of FieldA where FieldB is the same?

I have data like: id,type,id2 1,a,100 2,a,100 3,c, 4,a,101 5,a,101 6,b,102 7,b,102 8,b,102 9,b,103 10,b,103 11,b,1...

by SplunkTrust in

stats and eventstats

Hi All. I want to calculate the percentage of churned_customer in rural and urban areas. The columns i have are CH...

by Contributor in

How to search the time difference between transactions?

I have three statements in my log file for each transaction like below: index=abc* source="abc.log" 2410286283_b3...

by Path Finder in

How to create a dashboard to track alert results by severity level?

I have multiple alerts, each at different severity levels. The output of these alerts are fields like source, destina...

by Explorer in

Search Pipeline: Why does documentation say to use a pipe character when we need to club two or more commands?

The Splunk documentation says that we use pipe character when we need to club two or more commands, but in some cases...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to search for errors that contain asterisks (*)?

How to display iplocation info for all values in the IP address field belonging to a specific category in Splunk?

How to execute external script to manipulate file from search command

Keep most recent _time of multiple fields with non-NULL values

Group results by eval syntax

Help with a join

how to loop through data fields and store the result in a different data field?

how to subtract vaule when making a chart

Remove spaces in field values and run stats/timechart with new names

How to search for events based on certain field and its exclusive values between two searches?

SETUP.XML URL encoding lists values and updates correctly only if slash (/) exists, but fails to update with * or $

Combine two rows from a search into one?

Extract certain keyword from column

Combine fields into new field without NULL

How to transform a table

i want to combine two source types and print the result

How can I bin over specified time periods in a timechart?

Using Lookup Table

How to search Apache access_log data to find bandwidth usage as total number of bytes?

How to get search results for last week's data without re-running the search?

How to sum the count of FieldA where FieldB is the same?

stats and eventstats

How to search the time difference between transactions?

How to create a dashboard to track alert results by severity level?

Search Pipeline: Why does documentation say to use a pipe character when we need to club two or more commands?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Alert Triggered Action: Dashboard Studio Snapshot

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions