Splunk Search

Discussions

Thread Info

Pulling stats for the most recent time for values in a lookup table, why doesn't a join work when entries have a wildcard "*" character?

Hi, I am trying to pull some statistics on what is the most recent time a value in a lookuptable appeared in my Sp...

by New Member in

Transaction command not returning results

I would like to extract from my log file user details on how many time they have had a request to the SGW where the n...

by Communicator in

Why are milliseconds getting padded with multiple zeros when converting timestamps to epoch format to calculate time difference?

Hello , I am trying to calculate time diff between two fields in a single event. My current search: sourcety...

by New Member in

How to search in two lookup files?

Hey everybody, I'm making a comparison between two files: one uploaded as an index and the second as a lookup file...

by Engager in

Can transaction be used only with "endswith" without use of "startswith"?

Can transaction be used with endswith only without use of startswith? I read that transaction is processing events fr...

by Communicator in

Why does my lookup not run?

I am writing a query to lookup processed web domains against a lookup list. I have defined a lookup named ss3url_l...

by Path Finder in

Why does an ODBC query show a different result from the Splunk timechart report?

Hi, I have a simple report/saved search with fixed time (-8@w1 to +1@w1) that calculates a timechart from a long l...

by Engager in

I have two tables "order.csv" and "delivery.csv". How can I use lookup command to check the delivery status based on the product?

delivery.csv contains the fields- key,name,product,priceorder.csv contains the fields- key,shipdate,location,delivery...

by Path Finder in

How can I filter my search if I don't want to return results containing certain field-value pairs?

Hi splunkers, Good day! How can I write a search if I don't want all HOST and PROCESS fields. Say for example, ...

by Communicator in

How do I make splunk read one word as another?

Hi guys, I am inputting wordlists into splunk and in some of the wordlists there are certain words like "racist" a...

by Path Finder in

trying to understand the where clause better + can spaces be in the variable name used for the where clause

my query looks like stats max(KPI1) as "Traffic of Sessions Answered (Erl)" max(KPI2) as "Traffic of Sessions Con...

by Motivator in

Pivot command works on tree datamodel but tstats shows "No results found"

Hi, I have a customer scenario where I receive complete machine events from parent component to deepest child comp...

by Path Finder in

Column chart with overlapping stacks

I have a chart that lists the average CPU load of an environment over time by x nodes and want to save GUI space by s...

by Communicator in

How to sort Pivot "month-year" columns in ascending chronological order (ex: Nov-2014, Dec-2014, Jan-2015, etc)?

Requirement: We need the order of Month column names to start with the three letter month followed by year in ascendi...

by Path Finder in

How to edit my search to retrieve three 15 minute spans of data per day for a specified date range?

I am trying to get data from splunk on the following basis : get data : • From June 19 to July 2 • Every day: o...

by Builder in

limit user access to dashboard only

I need to provision new users for splunk access. Yet i dont want to have access to perform any searches , create repo...

by Path Finder in

How can I show all things in a lookup table that don't show up in the logs?

The lookup table connects A and B. Logs have B. I want to see the A that has not run according to logs B.

by New Member in

Multicharts on dashboard

Hello- Right now I'm trying to figure out how I could put multicharts on dashboard if I have two objects given: A ...

by Explorer in

Joining two sourcetypes and adding the value of a field based on matching IDs

I have two source types autosys_job_def_dimensionautosys_job_desc_dimension The events in the sourcetype1 have ...

by Communicator in

setting default with seed not working for text input field

REFs: http://docs.splunk.com/Documentation/Splunk/6.0.3/Viz/PanelreferenceforSimplifiedXML#Form_inputshttp://answ...

by New Member in

How to obtain the time difference between Host connection and disconnection?

Hi I have a log file and I want to know how much time passed between HOST connection and disconnection. In the log...

by Builder in

stats values() doesn't return all values

Hello, I'm new with splunk and I'm trying to get all the different values of a field with stats values() command w...

by Explorer in

How can I dynamically split my sample data using regex or any other options are available?

I have data in a log file as mentioned below. Can I split it using regex or any other options are available? 00102...

by Builder in

Using a Macro to return the earliest time value

Hello I have drop-down acting like a timepicker. So when a user selects "Current Month", the $time$ (token for th...

by Motivator in

How to write a rex extraction based on the count of a previous field value?

I have a log like this 1000107KARTHIk100203YES I want to extract like this 1000 07 KARTHIK 1002 03 RITHVIK ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Pulling stats for the most recent time for values in a lookup table, why doesn't a join work when entries have a wildcard "*" character?

Transaction command not returning results

Why are milliseconds getting padded with multiple zeros when converting timestamps to epoch format to calculate time difference?

How to search in two lookup files?

Can transaction be used only with "endswith" without use of "startswith"?

Why does my lookup not run?

Why does an ODBC query show a different result from the Splunk timechart report?

I have two tables "order.csv" and "delivery.csv". How can I use lookup command to check the delivery status based on the product?

How can I filter my search if I don't want to return results containing certain field-value pairs?

How do I make splunk read one word as another?

trying to understand the where clause better + can spaces be in the variable name used for the where clause

Pivot command works on tree datamodel but tstats shows "No results found"

Column chart with overlapping stacks

How to sort Pivot "month-year" columns in ascending chronological order (ex: Nov-2014, Dec-2014, Jan-2015, etc)?

How to edit my search to retrieve three 15 minute spans of data per day for a specified date range?

limit user access to dashboard only

How can I show all things in a lookup table that don't show up in the logs?

Multicharts on dashboard

Joining two sourcetypes and adding the value of a field based on matching IDs

setting default with seed not working for text input field

How to obtain the time difference between Host connection and disconnection?

stats values() doesn't return all values

How can I dynamically split my sample data using regex or any other options are available?

Using a Macro to return the earliest time value

How to write a rex extraction based on the count of a previous field value?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions