Splunk Search

Discussions

Thread Info

Using transaction or stats to do event correlation like Vlookup?

Hi All, In my scenario, I have a batch of events that are for a particular Event Code, sorted by time. The field...

by Path Finder in

How to edit search so delta command does not return negative results?

Hi Everyone, I have a need to create a delta between the count of id today to the count of id yesterday search: searc...

by Explorer in

Match multiple items in If with Top

index="test" host="*P*" "Type=Error" |eval Code = if(EventCode="10034","Access Denied",if(EventCode="5749","Port Tim...

by SplunkTrust in

How to write a search to report hosts, counts of sources and sourcetypes with beginning and end dates?

I would like to be able to create/run a report that would show me the hosts, sourcetypes for each host, and the sourc...

by Engager in

negate a backslash in regex without negating other characters

Hi, I want to create a new field, from a string, showing the domain user, where the only constant is "\" which I d...

by Path Finder in

How to write regex to extract date related subfields from req_time?

We have created new sourcetype (acquia_access_combined) by coping the existing sourcetype (access_combined) and added...

by Builder in

Add multiple device types to search string

I want to add cer device type to the following string to search for both. Boolean expression? index=cisco cdnt* pa...

by New Member in

Is it possible to use a lookup for a field that has OR condition?

How do I lookup for a field which has Or condition. example Source Destination File name act bank indexes_% bank a...

by Path Finder in

What is the best way to remove leading 0's from a field?

I have a field which has leading 0's before the actual value. How can I get rid of them. Possible Values 000000...

by Influencer in

need to search for asterisk C asterisk in splunk

hi, how do I search for asterisk C asterisk in splunk, in other words C when I put that as the search criteria it ...

by Path Finder in

How do I filter (using regex) only particular lines from the log files?

I am using Splunk forwarder to receive log files from multiple monitors. I need to filter events, based on a regex, f...

by Engager in

Error ProcessDispatchedSearch - PROCESS_SEARCH spamming splund logs

ERROR ProcessDispatchedSearch - PROCESS_SEARCH "XXX": The process cannot access the file because it is being used by ...

by Communicator in

Is it possible to use a column header as key for a lookup?

Hi, is it possible to use a column header for a lookup? Let's say that we have a csv like this: Date | A | B...

by Motivator in

How to get the same search results as transaction, but with other commands like stats?

Hi All, I am using a transaction command to group log data by Account Name. I'm particularly interested in any ac...

by Path Finder in

Help with charting results from two searches with data populated from a drop-down

I have created a dashboard that uses a drop down menu to populate the data for a search using Django bindings. I know...

by Path Finder in

How to write regex to extract Bing and Yahoo search from proxySG logs?

Hello, I would like to extract bing and yahoo search from my proxySG logs. i have this for yahoo search search ...

by Explorer in

How to keep only the first 5 lines of a multi-line event?

In my logs I have a lot of java errors that are about 100 lines long. I would like to filter the event at the univers...

by New Member in

wmi how to do "where field in"

My goal is to get information on a list of processes. I think WMI is a decent way to do this, but keep getting a synt...

by Communicator in

The lookup table does not exist for new user.

Hi, I created dblookup and used in a saved search as admin, which is working fine. However when I run same saved s...

by Contributor in

Group Daily login counts of IP by IP for a 7 day period

I am attempting to get the LoginCount of REQUESTING_IP grouping the REQUESTING_IP's together over a 7 day period ...

by Explorer in

How to split a string into multiple fields for different domains

We have a scenario where we have many domains and we want to split it accordingly . Any advice would be great help . ...

by New Member in

Getting PS data into CPU/Hours units

I'm working to deploy Splunk in an HPC environment and am trying to set up some metrics queries that I didn't see in ...

by Engager in

Get top values with null empty fields

Hello. I am new to splunk and regex so please bear with me. I have the following log file format iNRPMPLANTCD: AR|...

by Engager in

How to calculate time elapsed for (concurrent) transactions across multiple servers?

I've been looking around the forums, but nothing seems to quite cover what I need. We are currently logging stats ...

by New Member in

Can we have line and column in a single chart

Hi, I have 2 data points and i would like to show one as line and other one as column chart. is it possible? any s...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Using transaction or stats to do event correlation like Vlookup?

How to edit search so delta command does not return negative results?

Match multiple items in If with Top

How to write a search to report hosts, counts of sources and sourcetypes with beginning and end dates?

negate a backslash in regex without negating other characters

How to write regex to extract date related subfields from req_time?

Add multiple device types to search string

Is it possible to use a lookup for a field that has OR condition?

What is the best way to remove leading 0's from a field?

need to search for asterisk C asterisk in splunk

How do I filter (using regex) only particular lines from the log files?

Error ProcessDispatchedSearch - PROCESS_SEARCH spamming splund logs

Is it possible to use a column header as key for a lookup?

How to get the same search results as transaction, but with other commands like stats?

Help with charting results from two searches with data populated from a drop-down

How to write regex to extract Bing and Yahoo search from proxySG logs?

How to keep only the first 5 lines of a multi-line event?

wmi how to do "where field in"

The lookup table does not exist for new user.

Group Daily login counts of IP by IP for a 7 day period

How to split a string into multiple fields for different domains

Getting PS data into CPU/Hours units

Get top values with null empty fields

How to calculate time elapsed for (concurrent) transactions across multiple servers?

Can we have line and column in a single chart

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

Video | Tom’s Smartness Journey Continues

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...