Splunk Search

Discussions

Thread Info

How can I reverse grouping in nested JSON block?

I have a JSON block that contains one account id and a number of nested resources. I can easily get a list of resourc...

by Path Finder in

Is it possible to add "starting the search" to the link switcher option?

Hi, I would like to implement some options to show/hide panels in a dashbaord. Currently the plan to have an optio...

by Motivator in

How to join two tables?

Hi All, I have a search: | savedsearch Cycle_11 | append [| savedsearch Cycle_10] with the results: The...

by Path Finder in

evaluation with condition

I have two values x and y. Both values are dynamic (keeps on changing). x indicates _time and y indicates a value tha...

by Contributor in

Lookup match

Hi, I am trying to do the following: 1 - Search an index; 2 - For each result, search for matches in lookup table ...

by Explorer in

Map a field to a value within the log file

I am working with clock sync log files. The top 3 lines have the ip address -> MAC address mapping... The rest of the...

by Path Finder in

How can I tie together Windows Logon and Linux SSH Events to monitor root and other linux admin accounts?

Hi! My goal is to be able to tie together events from Linux events and Windows events in order to track Windows us...

by Path Finder in

What is an alternate way to do this query: count(eval(like('some.field',"A"))) AS accepted?

SPLUNK NINJAS! I NEED YOUR HELP! I have a firewall issue where any IP outside of our intranet, Splunk throws error...

by Path Finder in

Transacting with High Cardinality Groups and Memory Consumption of stats

Data Set Characteristics We have an index containing ~100k events that are each about 1k in size, making a roughly...

by Path Finder in

How can I analyze different events where the field is the same but different keywords and get a count of events where one event led to another?

Hi Experts, I have got a requirement where I have a few events where one of the fields contains some keyword say "...

by Contributor in

How to pass a value to the |inputlookup where , inside a subsearch

I have a search: index=examp1 sourcetype=json application=myservice NOT [|inputlookup aps_test_filter.csv where ap...

by Explorer in

How to calculate a percentage of distinct id's from a group of events which have never had a field matching a certain value?

I have a group of log entries with an id field, and a status field. For a given id, over a given amount of time, stat...

by New Member in

How can I search a lookup table for rows that match an input string in any field?

I need to search a lookup table for rows that match an input string in any field. I've tried |inputlookup...... | ...

by Communicator in

Why am I receiving negative values for jenkins build times?

Here is my search query, though this issue is common across a number of different custom searches we are attempting: ...

by Explorer in

Using two seperate inputlookups

I have two files which I have uploaded into Splunk, and both work as intended. One is a detailed file containing peo...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I reverse grouping in nested JSON block?

Is it possible to add "starting the search" to the link switcher option?

How to join two tables?

evaluation with condition

Lookup match

Map a field to a value within the log file

How can I tie together Windows Logon and Linux SSH Events to monitor root and other linux admin accounts?

What is an alternate way to do this query: count(eval(like('some.field',"A"))) AS accepted?

Transacting with High Cardinality Groups and Memory Consumption of stats

How can I analyze different events where the field is the same but different keywords and get a count of events where one event led to another?

How to pass a value to the |inputlookup where , inside a subsearch

How to calculate a percentage of distinct id's from a group of events which have never had a field matching a certain value?

How can I search a lookup table for rows that match an input string in any field?

Why am I receiving negative values for jenkins build times?

Using two seperate inputlookups

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update

How to combine rows based on parent-child relation...

Outputlookup to a kvstore does not write results

How do I limit a search to everything except the t...

StatsBuffer::read: Row is too large for StatsBuffe...

Search based on a previous conditions. Or alert th...