Splunk Search

Discussions

Thread Info

How to join two sources based on two search fields?

I have two sets of data: 1. sourcetype=app "DEBUG A" function=UpdateCartItemStatus status=Rejected 2. sourcetype=app ...

by New Member in

Find latest login per user and IP-Address

Hey Splunkers, I hope someone can help me finalizing my search. I am trying to find out, if there are any users in...

by Motivator in

Ignore Dynamic KV Creation

Hi, I'm trying to get to grips with CIM and am getting there slowly, however, I hit a snag that I can't seem to ge...

by Path Finder in

How to create one table by combining a common field with different field names from two sources?

Hi everyone, I am trying to combine two sources with a common field. The first source has the field LAN MAC Addre...

by Explorer in

If I have a field containing the size of a single packet, how can I search the size of used network traffic by source IP?

Hello, I have to find out the used network traffic by source IPs. I've got a field which contains the size of a si...

by Engager in

Can I rename a range in the results of a transaction request

HI All, I am trying to get results from a transaction request from users coming into the out systems. There are va...

by Communicator in

Why are REST API searches returning intermittent results?

I'm having an weird situation where REST queries sometimes pull results and sometimes don't. We've even tried limitin...

by Contributor in

How do I show/hide table columns?

I have several tables that are populated by an SQL query. I would like to have options to show or hide columns depend...

by Path Finder in

Splunk Left Join

Hi, I wonder whether someone may be able to help me please: I'm trying to return the following details: Submiss...

by Motivator in

Hello everyone, am trying to extract fields from the below syslog events that i'm receiving from Symantec, would you help me extracting it out

<54>Nov 30 15:02:42 SymantecServer SR-SAAP-SEP01: Scan ID: 1448882755,Begin: 2015-11-30 11:47:09,End: 2015-11-30 11:5...

by Engager in

How to combine access log data from multiple sources over time in the same line graph?

Greetings! I have access logs from multiple sources that I'd like to combine into the same graph, basically to cou...

by New Member in

Is there any way that we can use Join with if or case statement.

I am using this query index=dtwn sourcetype = sessionserver Serverid=$sev$ | dedup _raw | join Serverid [search i...

by Explorer in

How to correlate events from different sourcetypes from different timezones and no matching fields

Hi, We have logs coming into Unix and Windows Webspere. Every logon in Windows generates an event in Unix with the...

by Path Finder in

How to get a sourcetype of JSON mixed with text that uses the timestamp within the JSON object and correctly extracts kv and JSON kv pairs?

Hi I'm trying to get JSON data from a message queue into splunk. This works very well but the imported events also co...

by Communicator in

How can I extract these 3 values from this string via regex?

Hi I need a regex match on the below pattern. I need to capture 3 values from "ms.db.tablespace_status_ind[DB...

by Explorer in

How to create a timechart of events with start and end times, but graph the entire window of time in between, not just start and end data points?

I have a data set that contains start and end times of events. These events signify 'significant events' in our infra...

by Path Finder in

Display events when current date is >= 30 days from expiration date

Spent all day trying to figure this out. The events I'm working with contain a field with an expiration date in Unix ...

by Communicator in

How do I split/extract these string values to only use part of the string for a field in my search?

Here are some eventNames: 2022-NO_USER_IN_SESSION, 1022-DRR_INFO, ... I need the values like: NO_USER_IN_SESSION, 102...

by Engager in

show only one eventtype in chart

Hello again splunkers! I have created two new eventtypes for two different cisco firewalls in my setup, one is cis...

by Explorer in

How to set latest to be relative to earliest + 1h?

How to set latest = earliest + 1h ? The reason I ask this question is because I want to add drilldown function in...

by Explorer in

subsearch limit

Hi, How can i overcome subsearch limitation. I do not want to change limit in conf files. I have read that this c...

by Path Finder in

How to do a relational search by getting a partial string as key from a subsearch?

2015-11-26 22:40:25,394 [] scheduled test:refs/changes/69/131269/1 to [6d230057] push http://user@example.com:9441/te...

by Engager in

Subsearch help - windows patching

Hi, I've managed to use a few subsearches in the past with pretty good success but this one is troubling myself and a...

by Engager in

Is there a way to paginate line chart?

I have a line chart which has too many items are the x-axis, and I would like to paginate it. Is that possible?

by Explorer in

preserve original table column order after untable and xyseries commands

Hi-hi! Is it possible to preserve original table column order after untable and xyseries commands? E.g.: ... | table ...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to join two sources based on two search fields?

Find latest login per user and IP-Address

Ignore Dynamic KV Creation

How to create one table by combining a common field with different field names from two sources?

If I have a field containing the size of a single packet, how can I search the size of used network traffic by source IP?

Can I rename a range in the results of a transaction request

Why are REST API searches returning intermittent results?

How do I show/hide table columns?

Splunk Left Join

Hello everyone, am trying to extract fields from the below syslog events that i'm receiving from Symantec, would you help me extracting it out

How to combine access log data from multiple sources over time in the same line graph?

Is there any way that we can use Join with if or case statement.

How to correlate events from different sourcetypes from different timezones and no matching fields

How to get a sourcetype of JSON mixed with text that uses the timestamp within the JSON object and correctly extracts kv and JSON kv pairs?

How can I extract these 3 values from this string via regex?

How to create a timechart of events with start and end times, but graph the entire window of time in between, not just start and end data points?

Display events when current date is >= 30 days from expiration date

How do I split/extract these string values to only use part of the string for a field in my search?

show only one eventtype in chart

How to set latest to be relative to earliest + 1h?

subsearch limit

How to do a relational search by getting a partial string as key from a subsearch?

Subsearch help - windows patching

Is there a way to paginate line chart?

preserve original table column order after untable and xyseries commands

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions