Splunk Search

Discussions

Thread Info

Output lookup

Hi, Im trying to output another column from a lookup table i have created named "threatlist.csv". The problem im ...

by Observer in

Why am I getting this error "External search command 'WinAD' returned error code 1" ?

I'm trying to 'Custom search command starter example' on the splunk's site. So, I'm getting this error "External sear...

by New Member in

What is an easy way to display the last 30 days _time in a table?

I just wanna display last 30days _time in a table I am using Index=_internal earliest=-30d | bucket _time spa...

by Explorer in

Use of Outputlookup results in further search

I am trying to find the list of packages installed in all hosts. if any host doesnt have that package installed, I am...

by New Member in

Splunk shows "The lookup table does not exist"

My splunk show the following message suddenly but I don know how to solve it. I tried to search 'ns_log' and 'ns_msg_...

by Explorer in

How to extract a field with special characters?

Hi, I have a log statement that prints service execution time like - Service Response : {"entity":"{\"transact...

by Engager in

How to use the earliest and latest date in Metadata, metasearch, and tstats command?

I was wondering whether Splunk supports earliest and latest date in Metadata, metasearch, and tstats command? I tr...

by New Member in

How to find out difference between two fields and their tables?

Hi All, I have two fields which consists of data of 48 hours and 24 hours, but couldn't able to find the differenc...

by New Member in

How to merge multiple events into single events?

Hello Splunkers, I have one file whose starting line can be anything but that file ends with "Completed Backup" li...

by Communicator in

how to combine two sources from same index with a common field

Hello, I have and index=A with two sources A and B and I want to get two fields(Geo_Name,Geo_Type) from source B u...

by Builder in

Unable to find from where a field is being extracted

I have checked all my forwarder and indexer and search head apps. but unable to find from where a field it's extracte...

by Path Finder in

use of rex result in an eval, convert to number

I have a long rex command that generates a bunch of fields, this works perfectly. In the left side field explorer in ...

by Path Finder in

Search not showing all events

Hi, i do have the following problem: index=atmo_pc sourcetype=SE10 Station=60 as you can see, my search is ...

by New Member in

Search restriction to specific index issue in Splunk Cloud

Hi All, Currently, I possess Splunk Cloud Environment. Currently, I am facing Search restriction to specific in...

by Explorer in

how to use mvfilter to find out three or more evals?

suppose my search like this | eval A1=mvindex(mvfilter(a1="1" OR a2="2" OR a3="3") | eval B1=mvindex(mvfilter(b1="1"...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Output lookup

Why am I getting this error "External search command 'WinAD' returned error code 1" ?

What is an easy way to display the last 30 days _time in a table?

Use of Outputlookup results in further search

Splunk shows "The lookup table does not exist"

How to extract a field with special characters?

How to use the earliest and latest date in Metadata, metasearch, and tstats command?

How to find out difference between two fields and their tables?

How to merge multiple events into single events?

how to combine two sources from same index with a common field

Unable to find from where a field is being extracted

use of rex result in an eval, convert to number

Search not showing all events

Search restriction to specific index issue in Splunk Cloud

how to use mvfilter to find out three or more evals?

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

How to change pie chart font color from within Spl...

Issue with using "search IN" command within map

Users with the same roles, in the same app, and sa...

auto_generated_pool_download-trial

Automatic lookup during data ingestiont (Splunk cl...