Splunk Search

Discussions

Thread Info

Improve efficiency of search

I want to compare the mailbox size from today to last week but my search is very slow and I am not sure how best to m...

by Communicator in

How to have Field Values represent other field values?

Hello all! I apologize for the oddly worded question. Currently, I have extracted fields from two separate log for...

by Communicator in

Comparing different events timestamp

Hi! I have 2 events to compare, one always comes first and the second is the result of, I want to present the tim...

by New Member in

Search Query Limitation displaying only 800000 records

Hi All, Facing an issue with splunk search query hitting limitation with 800000 records. On this below query, SLR0...

by Path Finder in

How can I convert a text string to a number?

I have a field that contains a text string representing time ("900 ms" for example - all values are in milliseconds) ...

by Path Finder in

How to show table with highest values in a column

Timechart output shows me table with two columns. column one is _time and column two is interger values. example: _ti...

by Path Finder in

Why is my search unable to match csv data against indexed events?

Hi, I am trying to search a list of IP's against the data being sent by the firewall. Since the number of IP's is ...

by Builder in

evaluate mathematical expression in string

Hi, Is there a fast way of evaluating the result a string like "42 + 23" as a new field? Background: a log file...

by Contributor in

In the job inspection report what does the value 'command.search.expand_search' relate to?

Hi, I'm very new to Splunk and I'm looking at a single node instance that's being used in our office to store a l...

by Engager in

charting time - using time within a lookup

I have a lookup file with about 100K events. What I want to do is use timechart (span each day). There is a time fiel...

by Contributor in

Check that all executable binary files have matching source code?

It shows this error when I package my application. I don't understand what source code I should add. I don't have any...

by Explorer in

Pass a variable form subsearch but it should not be used in parent search.

I have two logs. First log contain start date and end date in second log. First log query : index=abc sourcetype=abc_...

by New Member in

How can regex extract multiple values?

Hi, I have the below data and query (with Regex), what I'd like to have the Regex do is extract ALL occurrences of...

by Motivator in

Use lookup and stop matching for each entry in lookup

Hi All, I am trying to use a lookup to check how many domains in a white list are actually being used. The CSV ...

by Path Finder in

Tricky behavior of escaping backslash in regex

Hey folks, I am doing some regex stuff by rex command and find some tricky behavior. Error: I tried to use \ ...

by Splunk Employee in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Improve efficiency of search

How to have Field Values represent other field values?

Comparing different events timestamp

Search Query Limitation displaying only 800000 records

How can I convert a text string to a number?

How to show table with highest values in a column

Why is my search unable to match csv data against indexed events?

evaluate mathematical expression in string

In the job inspection report what does the value 'command.search.expand_search' relate to?

charting time - using time within a lookup

Check that all executable binary files have matching source code?

Pass a variable form subsearch but it should not be used in parent search.

How can regex extract multiple values?

Use lookup and stop matching for each entry in lookup

Tricky behavior of escaping backslash in regex

Infographic provides the TL;DR for the 2023 Splunk Career Impact Report

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Enterprise Security Content Update (ESCU) | New Releases

StatsBuffer::read: Row is too large for StatsBuffe...

Search based on a previous conditions. Or alert th...

BotS member needed !

To set up alert using saved search and map command

How to compare 2 lookups and highlight any changes...