Splunk Search

Discussions

Thread Info

How to join rows from a lookup into single event?

Hi I have a situation: How do I join rows from a lookup file into a single event starting with ComputerName? Compu...

by Builder in

How to edit my Eval search so that if "field=null", do nothing and if "field=not null", replace value?

So I'm trying to build an asset table, and update fields based on select criteria. What I'm getting stuck on is I wan...

by Contributor in

Is there any way of searching for any character follow by comma using rex

Does splunk rex have a concept of doing a .*, in the rex function? I basically want to search for any character follo...

by New Member in

Why are "Include PDF version of results" and "schedule for PDF delivery..." greyed out?

"Include PDF version of results" in the saved searches and "Schedule for PDF delivery..." are both greyed out when "U...

by Splunk Employee in

Using lookup (.csv file) to filter events

I am creating a new post, as though I found similar questions but could not get the right solution. I want to run...

by Path Finder in

How to extract multiple KV pairs from XML using FORMAT in transforms.conf to build the key-value pairing?

I am tasked with consuming a number of XML config files, which contain many key value pairs, but where the semantical...

by Path Finder in

How to edit my search to filter out from Sunday through Saturday date range?

How do I present data from 2 weeks ago, last week and current week based on the following rule: -the data range has t...

by Communicator in

How to filter out search results where a field value ends with the $ character?

Hello Everyone, Am hitting a snag and need some help. So I have an index whereby we have many account names return...

by Explorer in

Why are the same 2 searches retrieving a different amount of results?

hey i have this 2 searches: index= foo usearch | rex field=summary "(?{.*)" | spath input=json_data | search asset...

by Path Finder in

How to combine searches to generate stats of domains with "success" and "failure" columns?

I am attempting to combine two searches against a custom app within custom props.conf but am going in circles. Both s...

by Contributor in

How can I copy a field value based on another field value ?

Hi, I have the following table: ID, Team, Department 1, Manager, A65 After performing a lookup, I've got th...

by Contributor in

How can I improve configurations in Splunk so that searches run faster?

Simple queries are taking up to 15 or 20 seconds. I checked in Settings/distributed management console and the indexi...

by Path Finder in

table formation

hi guyz, should i make any a table from log file for searching? as i don't know the field name.. how can i make se...

by Explorer in

How to retrieve more than 100 record in searchmanager

Currently, the dashboard is build in HTML dashboard with javascript, but I found that the searchmanager is only retur...

by Path Finder in

Add a data size notation to the end of a value?

So the following will add a $ symbol to the beginning of the value Revenue, like "$ 42" ... | eval Revenue="$ ".to...

by Communicator in

Need help with grouping an counting.

Hi I have the below event output in the a log. 2016-11-03 17:59:02,943 INFO [SerialClientScheduler-1] c.b.t.m.s.Ma...

by New Member in

How to edit my search to find users whose accounts have been locked after X number of invalid credential entries?

Hi, I have been facing issue with f5 APM logs. The device creates multiple events for single session so each line ...

by Path Finder in

How to display the operation name and percentage of each occurrence against total records in a pie chart?

For my search result I have 2 columns i.e. operation name & counts. I want to do a pie chart that will contain operat...

by New Member in

How to write searches for these specific use cases for my data?

Below is the log format  log sample) ID swipe_status date time ...

by New Member in

Problems with subsearch.

I am having trouble getting a subsearch to work and was hoping someone might be able to help. I am trying to compare ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to join rows from a lookup into single event?

How to edit my Eval search so that if "field=null", do nothing and if "field=not null", replace value?

Is there any way of searching for any character follow by comma using rex

Why are "Include PDF version of results" and "schedule for PDF delivery..." greyed out?

Using lookup (.csv file) to filter events

How to extract multiple KV pairs from XML using FORMAT in transforms.conf to build the key-value pairing?

How to edit my search to filter out from Sunday through Saturday date range?

How to filter out search results where a field value ends with the $ character?

Why are the same 2 searches retrieving a different amount of results?

How to combine searches to generate stats of domains with "success" and "failure" columns?

How can I copy a field value based on another field value ?

How can I improve configurations in Splunk so that searches run faster?

table formation

How to retrieve more than 100 record in searchmanager

Add a data size notation to the end of a value?

Need help with grouping an counting.

How to edit my search to find users whose accounts have been locked after X number of invalid credential entries?

How to display the operation name and percentage of each occurrence against total records in a pie chart?

How to write searches for these specific use cases for my data?

Problems with subsearch.

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out

How to perform time series analysis and anomaly de...

How to find events that were sent to HEC?

Total spend per field per month