Splunk Search

Ask a Question

Discussions

Thread Info

Calculating next row based on the first value generated in the new column called 12days?

I got to calculate the rest of the row based on the first value generated in the new column called 12days. Attempt...

by Explorer in

Trigger alert after checking results for 3 minutes?

Hello How can I trigger an alert after checking the results for 3 minuets So for example, if I want that the alert...

by Communicator in

How to concatenate fields?

Hello Splunkers!! I have two fields AND I want to concatenate both the fields. Location : 3102.01.03 elemen...

by Builder in

Recommended way to join large dataset from multiple data sources?

Hi, I am new to Splunk and have very little knowledge. I am seeking help for following use case: Query1 gives proc...

by Engager in

How does the cofilter command work?

by Observer in

Multiple sourcetypes combine datasets similar to concept Index-to-Match

Hello All, I have been scouring the community and other boards but for the life of me cannot create a SPL query to ...

by Engager in

How to calculate time difference between two different searches for a common field?

I have 2 different search queries and I want to calculate sum of differences between time of event 1 and event 2 (in ...

by Explorer in

Duration between two events by day based on three or more fields?

Hello - I need to calculate the average duration between two status types for a user type in a location in a region. ...

by Explorer in

Comparing two consecutive time chunks of events by host?

I am trying to create a search to generate an alert if I find a host that has more than 1000 events for two consecuti...

by Communicator in

See what values match in a specified field between lookups?

I have two look up and both have a field called DNS. I need to figure out which values in those fields match. I have ...

by Path Finder in

How to merge data for multiple Splunk queries and reduce the data retrieval time?

Hi All, I have 4 indexes: - index1index2index3index4 Each index has its own search criteria, there are some com...

by Contributor in

Regex to extract words in red?

While processing an AS request for target service krbtgt, the account XXX-G-Dashboard-Dev did not have a suitable key...

by Engager in

Matching value inside a lookup with wildcard?

Hello, i'm new to Splunk and i need some advices.I've created a lookup named my_color_lookup, with 2 column : colo...

by New Member in

Adding a new row in stats using values from previous search?

I want to add new row to my search result using values from the previous result. Basically I am counting few strings ...

by Explorer in

Find missing hosts after referencing a lookup file.

Hello I have the following search which produces statistics(746) in Splunk: index=my_index sourcetype=my_s...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Calculating next row based on the first value generated in the new column called 12days?

Trigger alert after checking results for 3 minutes?

How to concatenate fields?

Recommended way to join large dataset from multiple data sources?

How does the cofilter command work?

Multiple sourcetypes combine datasets similar to concept Index-to-Match

How to calculate time difference between two different searches for a common field?

Duration between two events by day based on three or more fields?

Comparing two consecutive time chunks of events by host?

See what values match in a specified field between lookups?

How to merge data for multiple Splunk queries and reduce the data retrieval time?

Regex to extract words in red?

Matching value inside a lookup with wildcard?

Adding a new row in stats using values from previous search?

Find missing hosts after referencing a lookup file.

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

BotS member needed !

To set up alert using saved search and map command

How to compare 2 lookups and highlight any changes...

How to change pie chart font color from within Spl...

Users with the same roles, in the same app, and sa...