Splunk Search

Discussions

Thread Info

Insert % sign for each result in a specific column

Current search results are in a table form such as the following: Search String | Search Engine | Visits | Percent...

by Contributor in

How to add keepevicted=true in the datamodel or the query which uses datamodel (Data model has a transaction)?

Hi, I've created a datamodel which has a TRANSACTION. When I try to use the datamodel query for a longer period of ti...

by Path Finder in

How edit my search so that appendcols command appends results correctly?

Hi, I'm trying to append the results from two tables. I used appendcols with override option. But results showing ...

by Path Finder in

How can we print all fields from a join by stats command?

We have the following working query - (index= primary_claim amt > 1000 ) OR (index=secondary_c...

by Ultra Champion in

Join 2 tables for matching field values

Hi, I would like to join 2 tables with multiple fields based on common field Column 1 where Table:1 will have fiel...

by New Member in

Count number of events before Debup

Is there any way to save the count of the events before doing the dedup ? This is my query index="webapplicatio...

by Path Finder in

Can metadata command search sourcetypes and host at the same time?

Hi I am looking for a way to get the number of events from host=ALL with sourcetype=tps. However it looks like i c...

by Motivator in

Why is the access count of a datamodel is always zero, even though we use the datamodel in searches and dashboards?

Hi, I see that the access count of the datamodel is always zero, even though we are using the datamodel in searches a...

by Path Finder in

Alerting on a threshold

Hi all, I currently have a very simple search that looks at the distinct visitors for a website per day. See below...

by Path Finder in

How to generate a search that will combine two events with different fields that contain the same value and calculate response time?

I want to combine two events based on different fields (ID and PARENT_ID) that have the same value and then find the ...

by Path Finder in

Parse duration in format `HH:MM:SS.NNNNNNN`

I'm struggling to convert a duration in format HH:MM:SS.NNNNNNN to seconds in a concise manner. For example, 01:03...

by Path Finder in

When running a CLI search with a specific timerange, is there a way to prevent INFO line from appearing?

Attempting to build some monitoring whereby we run a Splunk search from the command line interface (CLI) over a given...

by Communicator in

Prevent splunk from streaming results to a custom search command?

I've created a custom command in python that needs to view an entire set of events as a single batch, because it's co...

by Engager in

How to write a search that will determine if a lookup file has been updated?

How to write a search that will determine if a lookup file has been updated? Thanks.

by Communicator in

How do I manually update a saved search at a time other than scheduled through user request?

I have an intensive search populating a dashboard that i'd like to schedule once a day, or as requested by the user -...

by Communicator in

Row limit for custom commands

I've got a custom command that we're running over a large set of data. When I just run the part of the query up to ri...

by Splunk Employee in

How to find the latest event (message) with a given key (field)?

I have components which are sending UDP messages to splunk. The message format is key1=value1|key2=value2|.... ...

by Communicator in

symantec DLP

Dear Sirs, in symantec dlp we have different policies consider it as (1,2,3,...etc) and when i user violate any polic...

by Explorer in

How to split a multivalue field into separate fields?

I have a customer that is attempting to check a field “Account_Name”. Some of the events have multiple account names ...

by Splunk Employee in

How do I write a search to compare timestamps in indexed data to timestamps in a lookup table?

Need a help urgently in using a lookup in a search. I have a lookup table as below and need to use this data in the s...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Insert % sign for each result in a specific column

How to add keepevicted=true in the datamodel or the query which uses datamodel (Data model has a transaction)?

How edit my search so that appendcols command appends results correctly?

How can we print all fields from a join by stats command?

Join 2 tables for matching field values

Count number of events before Debup

Can metadata command search sourcetypes and host at the same time?

Why is the access count of a datamodel is always zero, even though we use the datamodel in searches and dashboards?

Alerting on a threshold

How to generate a search that will combine two events with different fields that contain the same value and calculate response time?

Parse duration in format `HH:MM:SS.NNNNNNN`

When running a CLI search with a specific timerange, is there a way to prevent INFO line from appearing?

Prevent splunk from streaming results to a custom search command?

How to write a search that will determine if a lookup file has been updated?

How do I manually update a saved search at a time other than scheduled through user request?

Row limit for custom commands

How to find the latest event (message) with a given key (field)?

symantec DLP

How to split a multivalue field into separate fields?

How do I write a search to compare timestamps in indexed data to timestamps in a lookup table?

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

Observability Highlights | January 2023 Newsletter

how to find inputlookup value in result

Need help on Dashboard related issue?

Why does Walklex return spaces before some of the ...

Why won't Walklex timespan follow time specificati...

How to use MLTK to tune DNS Query Length Outliers ...