Splunk Search

Discussions

Thread Info

How to filter events using lookup table?

I've tried to follow others posts as well as the documentation here and I've come up empty. I have a bunch of device ...

by Explorer in

Need help to comparing two pieces of information from two different hosts

how can I compare information from two different hosts? For exemple, On a host I have the name, number and phone ca...

by Engager in

Filter Email Address Country of Origin Using Lookup

Assume I have a simple search that lists in a table the email addresses of those who recently sent an email: in...

by Engager in

IP address separating from 1 source

I have a list of ip address that come from 1 source, I want a query to list the ip address separately and make them t...

by Explorer in

Unable to get return results from inputlookup

I am unable to get additional columns from a CSV I have referenced in an SPL query that I have written. In the CSV t...

by Contributor in

Listing all saved searches from all apps via REST without correlation searches

Hi All, So, I know I can get a list of all enabled saved searches by doing: | rest count=0 /servicesNS...

by Observer in

Database Records

Hi @gcusello , Following is the query that used to return database records but now it is not working. dbquery...

by Path Finder in

How do i correlate events using subsearch from two sources based on two different conditions?

Hello Splunker, I have a below scenario where i am struggling to come up with search query, and would like to ask y...

by Explorer in

events results time in milliseconds

hi, i sent Splunk value, for example x=1. after 10 milliseconds i send again x=2 etc. when i search for x. i see ...

by Path Finder in

Why `where match(...)` but not `search match(...)`?

What is the difference between `... | when match(a,b)` and `...| search match(a,b)`?Why in such cases `when` works an...

by Path Finder in

reset_on_change, reset before, reset after

what is the major difference of these in streamstats command. I could understand why these function are used as I get...

by New Member in

How to get results from last 1 week and last 3 week for the exact time frame of the search

I am new to Splunk, I am trying to get results in the below pattern. Any help is appreciated. Lets say I am doing s...

by Loves-to-Learn in

Stats include all fields

| stats sum(Score) AS TotalScore, values(value1) AS value1, values(value2) AS value2, values(value3) AS value3, by Us...

by Builder in

Using CSV field as time

I have a CSV file with a column labeled published. Timestamp values in that field are listed like so: 2020-07-01T0...

by Explorer in

Why is the save button greyed out when attempting to modify a report/search?

Hello, I am new at this and I have been emailed some search examples to meet an objective. I copied and pasted the...

by Path Finder in

Get a Server Error running certain searches and unable to saving a report or alert for any search

Hi,We are using Splunk Enterprise 8.0.4.1 with a Search head and two indexing cluster. As a splunk administrator, ...

by Observer in

Eval statement based of 1 field using If

I have a bunch of storage clusters that we monitor, 60% of the envrioment uses normal GB, the other 40% uses GiB. I...

by Path Finder in

Use an intermediate universal forwarder

Hi at all, I need to send logs from many Universal Forwarders to an Indexer Cluster using an Intermediate Forwarder. ...

by SplunkTrust in

Search using MAP COMMAND

I have dropdown which has to execute the two different searches based on token picker I am trying to implement the...

by Contributor in

Cluster Command Based on Multiple Fields

Can the cluster command cluster based on more than one field? I know we can change which field to cluster by, but can...

by Explorer in

Splunk Search

Discussions

How to filter events using lookup table?

Need help to comparing two pieces of information from two different hosts

Filter Email Address Country of Origin Using Lookup

IP address separating from 1 source

Unable to get return results from inputlookup

Listing all saved searches from all apps via REST without correlation searches

Database Records

How do i correlate events using subsearch from two sources based on two different conditions?

events results time in milliseconds

Why `where match(...)` but not `search match(...)`?

reset_on_change, reset before, reset after

How to get results from last 1 week and last 3 week for the exact time frame of the search

Stats include all fields

Using CSV field as time

Why is the save button greyed out when attempting to modify a report/search?

Get a Server Error running certain searches and unable to saving a report or alert for any search

Eval statement based of 1 field using If

Use an intermediate universal forwarder

Search using MAP COMMAND

Cluster Command Based on Multiple Fields

Could not load lookup=LOOKUP-splunk_security_essen...

CIDR match not working on Splunk 8.X

Splunk App for Windows - Missing Task Category, Ty...

Jump multiple links at the same time

How are AWS logs get ingested into Splunk Enterpri...