Splunk Search

Discussions

Thread Info

Calculated values showing wrong results. I have the search string attached, what am I doign wrong, here

source =/opt/data/splunkLogs/order_transaction.log | eval TotalOrders=if(match(OrderStatus,"In Progress"),count,0) | ...

by New Member in

How to get the sum of count on specific field name?

I have the following search query: source="mysource" ImmediateAction=Block | geoip SourceIP | stats count by Sourc...

by Influencer in

How to replace " with ' from multiselect input once passed to real-time query via Splunk DB Connect?

I have multiselect inputs that are cascading. I populate a lookup file with the possible values for each of these inp...

by Motivator in

How to extract just one field from a log when there are multiple that carry the same attribute name? - Regular Expression

Hi all, I am filtering some logs came from Nessus in order to identify vulnerable machines based on their OS, and ...

by Communicator in

grouping and delta in search

Hi I have the following problem with a search. This is my data 01/23/2013 08:00 user=Mimi pieces=23 price=3...

by Communicator in

一度削除したインデックスデータを再度インデックス化したい

Forwarder ＞ Indexer の経路でインデックス化したログファイルの情報をForwarderの設定を変更した際にcleanコマンドで消去したところ、かつてのファイルが読み込まれなくなりました。再度インデックス化する方法は...

by New Member in

Hi everybody.. here deploy and sprint_timeline are two differerent tables.can you please tell splunk query for this sql query. especially for this inner join operation.

select * from (select SPRINT_TIMELINE.SPRINT,deploy.ENV_NAME,SUBSTR(deploy.COMPONENT_ID,1,LENGTH(COMPONENT_ID) - INST...

by Path Finder in

Pulling two inputlookups (csv files) and graphing their information

Hi All - I am trying to do some simple reporting on two lookup files we have. Lookup File A time number 2015-0...

by Path Finder in

Transaction using regex or event -1

Hello, I'm using a transaction command and what I want to do is find the next event that has the format "{DATE} INFO"...

by Builder in

Iterate through the results of a query

Hi All, I have a query that gives me a result in a name value format in a table. Basically I work with log lines a...

by Explorer in

How do you tag events as 'Mobile' in order to illustrate it vs. non-Mobile use?

I use this awesome app almost daily and have made a few tweaks already, but I would like to segregate events into Mob...

by Engager in

Regex question: cut of several tags and any combination of these

Hi there, I got fields such as: - DATABASE-DTA-PRD - APACHE-SCM-PRD-TST - SERVERS-PRD Which need to be returned...

by Path Finder in

can Splunk provide the modification time and length of a CSV file?

we use many lookup tables here to check things like blacklists and other IP address lists. i'd like to create a dashb...

by Contributor in

How to create new multivalued field based on multivalued field

I'm trying to create a new field that can populate multiple values based on another field's values. in this case i ha...

by Engager in

timechart count by -not a legit field-

Hi, I want to show the stats based on the different values of the "state" field. "timechart count by result" does ...

by Explorer in

データのインポートについて

FREE版の6.1.3をダウンロードして自宅のPCにインストールして使い始めたのですが、ログをうまくインポートできない為、ご教授お願いします。設定方法は以下の通りです。 ◆インデックスの作成「test」というインデッ...

by Explorer in

Need a query to run until it gets results and stop once those results are found.

I need to perform forensic analysis on compromised computers, but they are sometimes not online anymore by the time I...

by Path Finder in

Basic search cleanup - Need a list instead of many "OR" operators

Hello you syntax gurus! This should be simple, but haven't done this yet.  I just want to cleanup some of th...

by Communicator in

Why would a basic substring search fail?

These two searches don't return the same thing, and I think they should. The first one returns nothing, the second on...

by Communicator in

Regex on a Nessus CSV in props.conf

I have some Nessus vulnerability scanner exports I am trying to properly parse in Splunk. The output is CSV (I know t...

by Path Finder in

Differentiate between public IP and private IP?

I have a search that goes such: UNIQUESESSIONID connected to What this does is outputs this from the ...

by Explorer in

How to write a search to display all names of lookup tables I have in Splunk?

Hi everyone, how I can create a search that shows me all the lookup tables that I have in splunk? I don't wanna s...

by Communicator in

How do subsearch work in distributed search?

Per my knowledge, the subsearch result would be acted as parameter to the main search. In the distributed search, wou...

by Path Finder in

How to compare data from the first day last month with the first day of the current month and show results if there is a change in particular field without using join?

how to compare last month firstday data with current month firstday data and give the results if there is a change in...

by Contributor in

Use regular expressions to search and filtering ip

hi. Add a tutorialdata.zip data and, if you type 'sourcetype = access_ *' searches clientip = 91.205.189.15 ,18...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Calculated values showing wrong results. I have the search string attached, what am I doign wrong, here

How to get the sum of count on specific field name?

How to replace " with ' from multiselect input once passed to real-time query via Splunk DB Connect?

How to extract just one field from a log when there are multiple that carry the same attribute name? - Regular Expression

grouping and delta in search

一度削除したインデックスデータを再度インデックス化したい

Hi everybody.. here deploy and sprint_timeline are two differerent tables.can you please tell splunk query for this sql query. especially for this inner join operation.

Pulling two inputlookups (csv files) and graphing their information

Transaction using regex or event -1

Iterate through the results of a query

How do you tag events as 'Mobile' in order to illustrate it vs. non-Mobile use?

Regex question: cut of several tags and any combination of these

can Splunk provide the modification time and length of a CSV file?

How to create new multivalued field based on multivalued field

timechart count by -not a legit field-

データのインポートについて

Need a query to run until it gets results and stop once those results are found.

Basic search cleanup - Need a list instead of many "OR" operators

Why would a basic substring search fail?

Regex on a Nessus CSV in props.conf

Differentiate between public IP and private IP?

How to write a search to display all names of lookup tables I have in Splunk?

How do subsearch work in distributed search?

How to compare data from the first day last month with the first day of the current month and show results if there is a change in particular field without using join?

Use regular expressions to search and filtering ip

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions