Splunk Search

Discussions

Thread Info

summarize transaction search

Whats the best way to summarize this data and subsequently search the results? The reason i ask is because the docs m...

by Path Finder in

List times inbetween events when using timechart

Using timechart, I have a a table with a list of dates and a value. However, the dates are non-consecutive (although ...

by Explorer in

Lookup command can take wildcard(*) as an input.

Suppose i have a lookup with two fields input and output. Initial,Final abc*,abc def*,def so anything matches ...

by New Member in

Correlating Different Events and Calculating Time Difference

I’m trying to report on the time difference between two related events. Both events are collected from Windows event ...

by Explorer in

Is it possible to use a countrycode "US" for the geom command?

Hi, is it possible to use countrycodes like US, GB, CN for the geom command instead of ip or long/lat? Thanks i...

by Motivator in

Calculate and display count variance between same field across unique hosts by another field

I created a table showing a mv field1 count for the same transactions as they passed through sequential hosts A, B, C...

by New Member in

After uploading a CSV file to an index, why is my current search not producing results from the uploaded CSV data?

Hello, I have a problem about Data Input that is uploaded from my computer. I upload a CSV file and index the file...

by New Member in

how to have a timechart table group by columns

Hi, Please help me in creating a table with timechart grouped by columns: _time Products Service ProductA ProductB...

by New Member in

Timechart & Stats Dc.

Hi, I wondered whether someone may be able to help me please. I'm using the query below which works but contains d...

by Motivator in

how to saving various sums in a variable?

how to saving various sums in a variable for future search? I know it gives you to put a sum on a varivavel, but seve...

by Path Finder in

impact of fields command on performance

Hi, i was wondering if limitating fields with the "fields" command would have any impact on performance for stats...

by Path Finder in

adding/appending a row to get differences between cells above

I have a search giving me a table with row 1 and 2 below: _time A B C D 1 2015-02 1 3 5 7 ...

by Motivator in

How to filter my search to only list values for a field that contain more than one host?

Here is a simple question. The following is my search: index="atg" sessionId="*mob" host="*" | stats values(host) ...

by New Member in

How to group all possible combinations with transaction

Hi, I am quite new to splunk. I have been working with the log like below. 2016/3/18 10:00:00 user=userA Action=Co...

by New Member in

useother=f in tstats query? for piechart visualization

Hi, I have a tstats query and I want to display all "others" in piechart .below is my query: |tstats count AS "...

by Explorer in

How to specify a phrase to filter out

Hi, I want to filter out events that have a specific phrase in them. The phrase is "FIP VLAN" (which could be anyw...

by Champion in

How would I merge the events from two log files so that it appears as if coming from a single host?

The logs are created by the same application and have the same fields. What I am after is displaying the count of...

by New Member in

When searching via REST API in a distributed search environment, why am I getting error "supplied index 'p_uno' missing"?

Hallo, I have a setup with 2 indexers and a dedicated search head; the indexes.conf file is defined only on the in...

by Path Finder in

How to name NULL column

Hello, I'm a new user to splunk and want to know how to name a NULL column. For example, see below query. index...

by Explorer in

use one search result as parameter to another search query

I have two Splunk queries which are working independently but I want to join the two queries and get result at one go...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

summarize transaction search

List times inbetween events when using timechart

Lookup command can take wildcard(*) as an input.

Correlating Different Events and Calculating Time Difference

Is it possible to use a countrycode "US" for the geom command?

Calculate and display count variance between same field across unique hosts by another field

After uploading a CSV file to an index, why is my current search not producing results from the uploaded CSV data?

how to have a timechart table group by columns

Timechart & Stats Dc.

how to saving various sums in a variable?

impact of fields command on performance

adding/appending a row to get differences between cells above

How to filter my search to only list values for a field that contain more than one host?

How to group all possible combinations with transaction

useother=f in tstats query? for piechart visualization

How to specify a phrase to filter out

How would I merge the events from two log files so that it appears as if coming from a single host?

When searching via REST API in a distributed search environment, why am I getting error "supplied index 'p_uno' missing"?

How to name NULL column

use one search result as parameter to another search query

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...