Splunk Search

Discussions

Thread Info

What is the basic difference between the lookup, inputlook and outputlookup commands

Good afternoon All, I am having a hard time trying to understand the difference between "lookup", "inputlookup", a...

by Path Finder in

Why is my search with transaction and concurrency commands skipping over certain events?

I'm not sure if I can get any help here, but I am going to try cause I've been wrestling with this search/data for a ...

by Builder in

How to create a timechart in Splunk that shows how many accounts are in processing at different intervals?

Hello Splunkers Hope you are doing good, appreciate beforehand all the time you take helping us out here. So I'...

by Explorer in

How to extract fields from my _raw data into events and sort them in a table?

I will try and explain my problem to the best of my ability. I am attempting to create a saved search from which I ho...

by Explorer in

How to edit my search to compute host up times with a lookup table and importance value?

I have to take a logfile and extract certain fields to present as a percentage of availability ("UP" host_names). I ...

by New Member in

Replace string

I want to replace (" ") in my xml file to single (").Since there is some misplace of double codes in my whole file.So...

by Communicator in

I need to fill missing values in a search as NULL

I need to fill missing values from search items as NULL (not the string, but actual NULL values) I see options to ...

by Path Finder in

convert time field

i have the last sync time for my activesync clients going to splunk via powershell input. ex: LastSyncAttemptTime = ...

by Path Finder in

Use of color field in treemap visualization

Is there a working example of the use of color_field in the new Treemap visualization? I have tried the form that...

by Path Finder in

stats count help

I am pulling syslogs and attempting to count IPs that are blocked for abuse. My counts are coming up 0. the IP used h...

by Engager in

Is it possible to populate values and pass to a search pipeline based on a lookup value? (Without using JS)

I'd like to have a simple XML dropdown that selects, as an example a Device Name. deviceName,Vendor,Model mainfw,C...

by Splunk Employee in

How to add a fixed value into the stats count?

I am trying to have a single value panel. The search for the same is given below: index=* host="prodserver-*" sour...

by Engager in

How do I use regex to extract URL parameter field names

I want to extract the field names from a URL's parameters. For example my raw event might look like this: action=a...

by Explorer in

How do you use the value of a field as a keyword search?

I would like to use the value of a field as a keyword search. For example, if I have field like dest_ip="1.1.1.1", ho...

by New Member in

Is it possible to run a search with a cron expression inside the search?

My requirement is to monitor files daily, weekly, monthly, and quarterly and I have to search during a specific time ...

by New Member in

How to edit my stats search to find the percentage of a range?

I'm trying to build a simple SPL query to display the max, min, range (difference), and percent of the difference to ...

by Explorer in

How to search average response times at a specific time?

Hello, I'm trying to write a splunk query but dont know where to start with. Is it possible to write a query to se...

by Explorer in

How to create a drilldown to run a new search from clicking an item on a table?

I looked through the docs and other Splunk Answers, but it still isn't making sense to me, so please bear with me.  ...

by Builder in

How to show stats count grouped by two fields in a graph?

I have 3 Ticket groups A, B, and C. And multiple users. My system logs every ticket purchased under each ticket group...

by New Member in

Detailed Index Status Report - Is there one?

I would like to see the following for each index limit (maximum size) Mbcurrent size Mbavg. Mb indexed per day las...

by Legend in

How to edit my regex to extract this pattern from my sample data?

I am trying to extract a pattern as below. Tried a few things, but all sorts of junk data is being picked up. Even...

by New Member in

How to group results by count with high number of values

Hi everybody, I'm new to Splunk and this will be my first question! I'm tinkering with some server response time dat...

by Explorer in

Measure service uptime when we have expected downtimes

Hi, I'm looking for a way to measure the uptime of a service we run. The tricky part for me is that we have downtime ...

by Explorer in

How to set max y-axis value to a number derived from a search?

I need to base the max y-axis value to the number created from a search . . . how do I do that? I looked at hidden se...

by Path Finder in

Regex for pattern match

Hello I need a regex expression to match the below patern in my abc.log Pattern details: , 2014-03-...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What is the basic difference between the lookup, inputlook and outputlookup commands

Why is my search with transaction and concurrency commands skipping over certain events?

How to create a timechart in Splunk that shows how many accounts are in processing at different intervals?

How to extract fields from my _raw data into events and sort them in a table?

How to edit my search to compute host up times with a lookup table and importance value?

Replace string

I need to fill missing values in a search as NULL

convert time field

Use of color field in treemap visualization

stats count help

Is it possible to populate values and pass to a search pipeline based on a lookup value? (Without using JS)

How to add a fixed value into the stats count?

How do I use regex to extract URL parameter field names

How do you use the value of a field as a keyword search?

Is it possible to run a search with a cron expression inside the search?

How to edit my stats search to find the percentage of a range?

How to search average response times at a specific time?

How to create a drilldown to run a new search from clicking an item on a table?

How to show stats count grouped by two fields in a graph?

Detailed Index Status Report - Is there one?

How to edit my regex to extract this pattern from my sample data?

How to group results by count with high number of values

Measure service uptime when we have expected downtimes

How to set max y-axis value to a number derived from a search?

Regex for pattern match

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...