Splunk Search

Ask a Question

Discussions

Thread Info

I am using subsearch and trying to pass ID from sub to the main and trying to calculate minimum of time by ID using tstats. My normal query is working fine.

Normal index query : searchA[search search B|stats count by _time,BusinessIdentifier|return BusinessIdentifier]|st...

by Path Finder in

rex expression does not works as expected

I have a following splunk log 2018-03-13T06:28:23.543266+00:00 Commissions.development.loan*** 103a9[[APP/PROC/WEB...

by Path Finder in

How to use String fields in chart??

I want to use the string Fields in the chart. Please help me on this. EX: Date Duration Volume 01-02-2018 02:20 10...

by Engager in

Is there any specific syntax or regex form that help to identify a end line of any log file?

I have different log files but the last line of each files are different and don't know what will come tomorrow. So, ...

by Path Finder in

How to convert 12 hours to 24 hours?

I want to convert my date field from 12 hours to 24 hours. I have the date field as "2/27/2018 10:21:03 PM" and wo...

by Communicator in

How to compare different fields having the same value in different events?

How to compare different fields having the same value and though in different events? For example : index1, source1, ...

by Explorer in

How do I create an multivalue field after stats that don't include it?

Is there a way to aggregate data and then show additional fields as mv fields without running another search? I want ...

by Explorer in

Comparing previous event field value to another event field value

So I have events that are tickets that have a State eg. "New" , "In Progress" , "Completed" etc and a short_descripti...

by Path Finder in

AddcolsTotals & Where Statement

Hi, I wonder whether someone may be able to help me please. I'm using the query below which calcluates the differe...

by Motivator in

Using Stats command to outputlookup Vs using table command

Hi, To increase the performance of the search can we use stats command rather than table command to output the res...

by Contributor in

Configuring field extractions for multivalue nested JSON events

Hi experts, I am working with nested JSON events which look as follows: { [-] compliance: <compliance_...

by Explorer in

How to join events with lookuptable based on numerical values?

I want to join these two types of data: The following events have the recorded value for each step in a test. Tes...

by Builder in

How to extract a field from a Juniper log?

I'm trying to extract a field from a Juniper log. An event would end with something like this: reason=Close - RESP\x0...

by New Member in

Case Rex on drop-down

I have a query that receives input from a drop-down. Example info coming from the drop-down: Static: All = * Dynam...

by Contributor in

tstats and inputlookup case sensitive problem

We had problem this week with logs indexed with lower or upper case hostnames. We run this query in a scheduled macro...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

I am using subsearch and trying to pass ID from sub to the main and trying to calculate minimum of time by ID using tstats. My normal query is working fine.

rex expression does not works as expected

How to use String fields in chart??

Is there any specific syntax or regex form that help to identify a end line of any log file?

How to convert 12 hours to 24 hours?

How to compare different fields having the same value in different events?

How do I create an multivalue field after stats that don't include it?

Comparing previous event field value to another event field value

AddcolsTotals & Where Statement

Using Stats command to outputlookup Vs using table command

Configuring field extractions for multivalue nested JSON events

How to join events with lookuptable based on numerical values?

How to extract a field from a Juniper log?

Case Rex on drop-down

tstats and inputlookup case sensitive problem

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update

How to combine rows based on parent-child relation...

Outputlookup to a kvstore does not write results

How do I limit a search to everything except the t...

StatsBuffer::read: Row is too large for StatsBuffe...

Search based on a previous conditions. Or alert th...