Splunk Search

Discussions

Thread Info

How do I merge data with the same values in a table entry?

See the attached picture: I am looking at a count of data for deliveries from 2 months ago and the previous months...

by New Member in

How to find the origin and regular expression of an extracted field I use in Splunk?

We have a field called Response_Size which we cannot find. I looked in the Settings>Fields>Field Extractions and sele...

by SplunkTrust in

What is the best way to generate and download a PDF after a search automatically?

Hi guys, I want to download a PDF after search automatically, but the search is produced by crontab, so I need to ...

by Path Finder in

Can I use an eval if statement to create a new field based on a value?

I would like to use an if statement to create a new field based on a value. Something like if field1=0 and field2=0, ...

by Path Finder in

How to add values to a chart with another color based on a certain value?

I have a chart that show some ping times. I would like to show values with "NA" as red in the chart and set their val...

by Path Finder in

I've configured inputs.conf for a Splunk forwarder on Windows, but why do I get no data searching for that host?

Hi, I'm evaluating Splunk for the first time. I installed a forwarder on a Windows server and I configured the inp...

by Explorer in

When searching two indexes, how do i refer to a field from a specific index?

My search is on two indexes. I want to be able to refer specifically to a field value from one of the indexes and not...

by Path Finder in

How to get disabled server status on the basis of time compare query.

Hi, I have a log with number of entries for many servers like- Time1 user1 server1 statusdown Time2 user2 server2 ...

by New Member in

Find common entries in two different sources

Hi, I have data that looks like this Source1 PREMISE,CREATION_DATE,RESULT_TIME 111111,20160621111111,2016062111...

by Motivator in

Why is the where clause case sensitive against field values when part of an inputlookup search?

It appears that the where clause is sensitive to the case of field values when invoked as part of an inputlookup comm...

by Builder in

How to create a chart overlay from 2 stats searches with no time series data?

sourcetype=pbs:rg OR (sourcetype=pbs:status state!=free AND state!=job-* tag=sasl0002) | foreach resources_available...

by Contributor in

How to use two lookups for comparison

Hi All, Here is my requirement: I have 100 values (abc1,def1,....etc) in lookup1 and 100 values in lookup2 (ABC...

by Explorer in

How to parse a timestamp field from a user text input to use for the search time range?

Hi guys, So I have an input field where the user inputs text in the format %y%m%d%H%M, for example 1607061700, wh...

by Engager in

How to edit my search to combine 4 columns into one total column?

Hi I'm new to the community and to Splunk. I am trying to combine the 4 columns my search creates into one total ...

by Contributor in

DNS Lookup via Splunk

Hello, I am trying to use the external_lookup.py feature to pass in IP addresses and return the hostname. I tri...

by Communicator in

How do I write the regex to extract the Application Name from my sample raw logs?

I have the following results from my search. I am trying to extract the Application Name from the raw log using the f...

by Explorer in

How to use values in field names to calculate against field values from eval or rex?

Sample data: I have several field values in one sourcetype that are variable limits that can change week by week. The...

by Contributor in

When I run my search, it returns results, but why am I getting "Search is waiting for input..." when used in a dashboard panel?

The following search returns results when I run it as a search, but not when it is used as a dashboard panel. The das...

by Path Finder in

Looking for 2 specific field values appearing within 5 minutes of each other

I am interested in identifying when a field contains 2 specific field values appear within 5 minutes of each other. ...

by Path Finder in

How to use a variable to determine which CSV lookup to use in my search?

I have multiple CSV lookup files and I want to use a variable to determine which lookup table to choose in my search....

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I merge data with the same values in a table entry?

How to find the origin and regular expression of an extracted field I use in Splunk?

What is the best way to generate and download a PDF after a search automatically?

Can I use an eval if statement to create a new field based on a value?

How to add values to a chart with another color based on a certain value?

I've configured inputs.conf for a Splunk forwarder on Windows, but why do I get no data searching for that host?

When searching two indexes, how do i refer to a field from a specific index?

How to get disabled server status on the basis of time compare query.

Find common entries in two different sources

Why is the where clause case sensitive against field values when part of an inputlookup search?

How to create a chart overlay from 2 stats searches with no time series data?

How to use two lookups for comparison

How to parse a timestamp field from a user text input to use for the search time range?

How to edit my search to combine 4 columns into one total column?

DNS Lookup via Splunk

How do I write the regex to extract the Application Name from my sample raw logs?

How to use values in field names to calculate against field values from eval or rex?

When I run my search, it returns results, but why am I getting "Search is waiting for input..." when used in a dashboard panel?

Looking for 2 specific field values appearing within 5 minutes of each other

How to use a variable to determine which CSV lookup to use in my search?

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Streamline Data Ingestion With Deployment Server Essentials

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

AD servers with indexing delays when evt_resolve_a...

Using comparison function within mstats

splunk search statement using keyword from input b...

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out