Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to send a recovery alert only when there is a corresponding alert?

Hi, we have many indexes like server and core. and we have a lookup table having two columns: exception and thresh...

by New Member in

Why am I unable to convert a duration value to a human readable time format?

Hi all! I have the following code: index=BLA source=BLA | eval Day = strftime(_time,"%F") ...

by Communicator in

How to get a progressive chart of hosts added over time using the metadata command firstTime field

I want to draw a chart of hosts added over time so that I can see at the beginning zero hosts and at the end 3,685 ho...

by Motivator in

Why am I getting "No matching events found" on the next page when I click on _time in my search results?

Hi Everyone, I have written the search below to display the information about integer and seconds value and other ...

by Explorer in

How to edit my search to filter events based on a string date field?

Hello. I've imported this Excel CSV file into Splunk and and trying to figure out how do I filter the results by ...

by Communicator in

After setting up and defining a CSV lookup in Splunk, why is lookup returning a field with blank values in search results?

I have set up a lookup CSV which looks something like: product, meaningful_product product_1, "Meaningful Name 1" ...

by Communicator in

Why are some fields from XML data not displayed in search results?

When I conduct a generic search on one of our Splunk sources, I am looking for relevant data which will assist with c...

by Communicator in

How to send alerts to multiple emails based on lookup table match on host owners?

We currently have a lookup table with hosts and their respective owner email. host ; host owner email ABCD1234 ; A...

by Path Finder in

How do I move a string cat operation from the search and store it as an extracted field in events?

How do I move a string cat operation from the search and store it in an extracted field option that Splunk offers und...

by Motivator in

How to group alerts of same index with different sourcetypes into a single alert?

Hi Everyone, I do have couple of alerts from the same index but with different sourcetypes that should trigger on ...

by New Member in

Attempting to use sendemail from dashboard if Checkbox is checked, and e-mail textbox is not null

I have created a dashboard consisting of five panels, and I have updated a panel so that an e-mail can be sent when t...

by Path Finder in

How to edit my search for time-based correlation between two different sourcetypes (IP Attribution)?

The following search utilizes windows event security logs and produces a five column table that has the fields noted ...

by Path Finder in

How to generate a chart based on Duration (x-axis) and timestamp (y-axis)?

How to generate a chart based on Duration (x-axis) and timestamp (y-axis)? 12/19/2016 10:30:53 AM LogName=JHApplic...

by Explorer in

How to edit my search to return results from all countries but exclude a few states?

I created the following search query to cross search for users who successfully log in to a website and also received...

by Influencer in

how to display unique values only from one particular multi-value field

Hi i have a field like msg="this is from: 101,102,103,101,104,102,103,105,106" but i would like to display that fiel...

by Path Finder in

Joining data from 2 data sources in Splunk

I am trying to join data from 2 data sources. The first data source contains events; source=events. The second source...

by New Member in

How to extract these characters from fields in events to do an exact match against fields in my CSV lookup table?

I have set up a lookup table csv file and this has been uploaded to Splunk, and I have also set up an associated stan...

by Communicator in

How to split a multivalue field into single values?

I am working with a field < source_ip > containing three IP addresses and am wanting to split the values of that fiel...

by Communicator in

How to write a search to calculate the response time from my two sample events?

12/16/16 6:09:57.022 AM [2016-12-16 06:09:57,022][LOG ][WARN ] transid=xxx; Path=PQ; OperationName=UP; TransactionS...

by Contributor in

how can I use a string value to compare number?

I have a field with values > = != etc., and another field that determines threshold Now I want to Compare the value o...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to send a recovery alert only when there is a corresponding alert?

Why am I unable to convert a duration value to a human readable time format?

How to get a progressive chart of hosts added over time using the metadata command firstTime field

Why am I getting "No matching events found" on the next page when I click on _time in my search results?

How to edit my search to filter events based on a string date field?

After setting up and defining a CSV lookup in Splunk, why is lookup returning a field with blank values in search results?

Why are some fields from XML data not displayed in search results?

How to send alerts to multiple emails based on lookup table match on host owners?

How do I move a string cat operation from the search and store it as an extracted field in events?

How to group alerts of same index with different sourcetypes into a single alert?

Attempting to use sendemail from dashboard if Checkbox is checked, and e-mail textbox is not null

How to edit my search for time-based correlation between two different sourcetypes (IP Attribution)?

How to generate a chart based on Duration (x-axis) and timestamp (y-axis)?

How to edit my search to return results from all countries but exclude a few states?

how to display unique values only from one particular multi-value field

Joining data from 2 data sources in Splunk

How to extract these characters from fields in events to do an exact match against fields in my CSV lookup table?

How to split a multivalue field into single values?

How to write a search to calculate the response time from my two sample events?

how can I use a string value to compare number?

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Error with connecting two search queries with appe...

multi-level nested JSON to table?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?

How to configure alert when a service is in failed...